diff options
author | ChrisC <cc697w@intl.att.com> | 2017-01-31 11:40:03 +0100 |
---|---|---|
committer | ChrisC <cc697w@intl.att.com> | 2017-01-31 12:59:33 +0100 |
commit | 025301d08b061482c1f046d562bf017c8cbcfe8d (patch) | |
tree | 68a2a549736c9bf0f7cd4e71c76e40ef7e2606f2 /packages/docker/src | |
parent | 2754ad52f833278a5c925bd788a16d1dce16a598 (diff) |
Initial OpenECOMP MSO commit
Change-Id: Ia6a7574859480717402cc2f22534d9973a78fa6d
Signed-off-by: ChrisC <cc697w@intl.att.com>
Diffstat (limited to 'packages/docker/src')
17 files changed, 1458 insertions, 0 deletions
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.jacoco b/packages/docker/src/main/docker/docker-files/Dockerfile.jacoco new file mode 100644 index 0000000000..e3c243d707 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.jacoco @@ -0,0 +1,33 @@ +### Set the base image to Fedora +FROM ubuntu:14.04 + +### File Author / Maintainer +MAINTAINER "Ecomp Opensource Team" +LABEL Description="This image is used to get jacoco result from a jboss image" Version="1.0" + +ARG http_proxy +ARG https_proxy +ARG chef_repo_branch_name +ARG chef_repo_address +ARG chef_repo_git_name +ARG chef_repo_git_username +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY +RUN echo "Acquire::http::Proxy \"$http_proxy\";" >> /etc/apt/apt.conf + +RUN apt-get update && apt-get install -y openssh-server +RUN mkdir /var/run/sshd +RUN echo 'root:screencast' | chpasswd +RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config + +# SSH login fix. Otherwise user is kicked off after login +RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd + +ENV NOTVISIBLE "in users profile" +RUN echo "export VISIBLE=now" >> /etc/profile + +VOLUME /shared + +CMD ["/usr/sbin/sshd", "-D"]
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-arquillian b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-arquillian new file mode 100644 index 0000000000..11b7cf7bb6 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-arquillian @@ -0,0 +1,99 @@ +FROM ecomp/wildfly:1.0 + + +### File Author / Maintainer +MAINTAINER "Ecomp Opensource Team" +LABEL Description="This image contains Ecomp Opensource MSO base for arquillian" Version="1.0" + +ARG chef_repo_branch_name +ARG chef_repo_address +ARG chef_repo_git_name +ARG chef_repo_git_username +ENV BRANCH_NAME=$chef_repo_branch_name +ENV REPO_USERNAME=$chef_repo_git_username +ENV REPO_ADDRESS=$chef_repo_address +ENV CHEF_REPO_NAME=$chef_repo_git_name + +### Downloading dependencies + +USER root +RUN apt-get install -y curl && curl -LO https://packages.chef.io/stable/ubuntu/12.04/chefdk_0.17.17-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && curl -LO http://search.maven.org/remotecontent?filepath=org/jacoco/jacoco/0.7.7.201606060606/jacoco-0.7.7.201606060606.zip && apt-get remove --purge -y curl && apt-get autoremove -y +RUN apt-get install -y unzip && unzip jacoco-0.7.7.201606060606.zip -d /tmp/jacoco && apt-get remove --purge -y unzip && apt-get autoremove -y +RUN chown -R jboss:jboss /tmp/jacoco +### Install Chef +RUN dpkg -i chefdk_0.17.17-1_amd64.deb + +COPY scripts/init-chef.sh /opt/mso/scripts/init-chef.sh +COPY scripts/start-jboss-server.sh /opt/mso/scripts/start-jboss-server.sh + +RUN chown jboss:jboss /opt/mso/scripts/* +RUN chmod u+rx /opt/mso/scripts/* + +RUN mkdir /etc/chef +RUN chown jboss:jboss /etc/chef +RUN chmod u+xrw /etc/chef + +RUN mkdir -p /etc/mso +RUN chown -R jboss:jboss /etc/mso +RUN chmod u+xrw /etc/mso + +# Setup shared folder +RUN mkdir /shared +RUN chown jboss:jboss /shared + +# Setup chef folders +RUN mkdir /var/berks-cookbooks +RUN chown jboss:jboss /var/berks-cookbooks +COPY chef-configs/solo.rb /tmp/git/solo.rb +RUN chown -R jboss:jboss /tmp/git/ + +COPY id_rsa /home/jboss/user +RUN chmod 600 /home/jboss/user +RUN chown -R jboss:jboss /home/jboss + +# Start Chef config +RUN mkdir -p /var/nodes +RUN chown jboss:jboss /var/nodes + +RUN mkdir -p /home/jboss/.chef/nodes +RUN mkdir /home/jboss/.ssh + + +RUN apt-get install -y git && sed -i "s@jboss:/bin/false@jboss:/bin/bash@g" /etc/passwd && su jboss -c "/opt/mso/scripts/init-chef.sh" && sed -i "s@jboss:/bin/bash@jboss:/bin/false@g" /etc/passwd && apt-get remove --purge -y git && apt-get autoremove -y +RUN rm -rf /home/jboss/.ssh +RUN rm /home/jboss/user +RUN echo "" > /shared/mso-docker.json +RUN echo "" > /shared/jacoco-it.exec +RUN ls -latr / +RUN ls -latr /shared +RUN chown jboss:jboss /shared/jacoco-it.exec +RUN mv /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker-init.json +RUN ln -s /shared/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json +RUN rm -rf /tmp/git + +## Create the log folder for MSO +RUN mkdir -p /var/log/ecomp/MSO/ +RUN chown jboss:jboss /var/log/ecomp/MSO + +### Configure Jboss WildFly +RUN mkdir -p $JBOSS_HOME/modules/mariadb/main +RUN cp mariadb-java-client-1.5.4.jar $JBOSS_HOME/modules/mariadb/main +COPY jboss-configs/modules/mariadb/main/module.xml $JBOSS_HOME/modules/mariadb/main +COPY jboss-configs/configuration/standalone-full-ha.xml $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml +COPY jboss-configs/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-users.properties +COPY jboss-configs/configuration/mgmt-groups.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties +COPY jboss-configs/configuration/application-users.properties $JBOSS_HOME/standalone/configuration/application-users.properties +COPY jboss-configs/configuration/application-roles.properties $JBOSS_HOME/standalone/configuration/application-roles.properties + +RUN echo "JAVA_OPTS=\"\$JAVA_OPTS -Xms64m -Xmx4g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=1g -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dmso.db=MARIADB -Dmso.config.path=/etc/mso/config.d/ -javaagent:/tmp/jacoco/lib/jacocoagent.jar=destfile=/shared/jacoco-it.exec,dumponexit=true,append=false,includes=com.att.*:org.openecomp.*\"" >> $JBOSS_HOME/bin/standalone.conf +RUN echo "LAUNCH_JBOSS_IN_BACKGROUND=true" >> $JBOSS_HOME/bin/standalone.conf + +### Open Ports +EXPOSE 8080 9990 + +VOLUME /shared + +### Start EAP +USER root +CMD ["/opt/mso/scripts/start-jboss-server.sh"] + diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-build b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-build new file mode 100644 index 0000000000..3a26a7f78e --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-build @@ -0,0 +1,63 @@ +FROM ubuntu:16.04 + +### File Author / Maintainer +MAINTAINER "Ecomp Opensource Team" +LABEL Description="This image builds Ecomp Opensource MSO " Version="1.0" + + +ARG http_proxy +ARG https_proxy + +ARG mso_git_repository +ARG mso_git_branch + +ARG mvn_central_user +ARG mvn_central_pwd + +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + + +ENV mso_git_repository=$mso_git_repository +ENV mso_git_branch=$mso_git_branch + + +ENV mvn_central_user=$mvn_central_user +ENV mvn_central_pwd=$mvn_central_pwd + +ENV JBOSS_HOME=/opt/jboss + +USER root + +COPY scripts/init-chef.sh /opt/mso/scripts/init-chef.sh +RUN chmod 755 /opt/mso/scripts/init-chef.sh + +COPY scripts/build-and-start.sh /opt/mso/scripts/build-and-start.sh +RUN chmod 755 /opt/mso/scripts/build-and-start.sh + +# should be copied at final destination once jboss user is created +COPY id_rsa /tmp/id_rsa +COPY settings.xml /tmp/settings.xml + +# should be copied at final destination once jboss is installed +COPY jboss-configs/module.xml /tmp/jboss-configs/module.xml +COPY jboss-configs/standalone-full-ha.xml /tmp/jboss-configs/standalone-full-ha.xml +COPY jboss-configs/modules/mariadb/main/module.xml /tmp/jboss-configs/modules/mariadb/main +COPY jboss-configs/configuration/standalone-full-ha.xml /tmp/jboss-configs/standalone/configuration/standalone-full-ha-mso.xml +COPY jboss-configs/configuration/mgmt-users.properties /tmp/jboss-configs/standalone/configuration/mgmt-users.properties +COPY jboss-configs/configuration/mgmt-groups.properties /tmp/jboss-configs/standalone/configuration/mgmt-groups.properties +COPY jboss-configs/configuration/application-users.properties /tmp/jboss-configs/standalone/configuration/application-users.properties +COPY jboss-configs/configuration/application-roles.properties /tmp/jboss-configs/standalone/configuration/application-roles.properties + + +### Open Ports +EXPOSE 8080 + +### Start EAP +VOLUME /shared + + +CMD ["/opt/mso/scripts/build-and-start.sh"] + diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final new file mode 100644 index 0000000000..b5afdcd274 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final @@ -0,0 +1,102 @@ +FROM ecomp/wildfly:1.0 + + +### File Author / Maintainer +MAINTAINER "Ecomp Opensource Team" +LABEL Description="This image contains Ecomp Opensource MSO " Version="1.0" + +ARG http_proxy +ARG https_proxy +ARG chef_repo_branch_name +ARG chef_repo_address +ARG chef_repo_git_name +ARG chef_repo_git_username +ENV BRANCH_NAME=$chef_repo_branch_name +ENV REPO_USERNAME=$chef_repo_git_username +ENV REPO_ADDRESS=$chef_repo_address +ENV CHEF_REPO_NAME=$chef_repo_git_name +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +### Downloading dependencies + +USER root +RUN apt-get install -y curl && curl -LO https://packages.chef.io/stable/ubuntu/12.04/chefdk_0.17.17-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y + +### Install Chef +RUN dpkg -i chefdk_0.17.17-1_amd64.deb + +COPY scripts/init-chef.sh /opt/mso/scripts/init-chef.sh +COPY scripts/start-jboss-server.sh /opt/mso/scripts/start-jboss-server.sh + +RUN chown jboss:jboss /opt/mso/scripts/* +RUN chmod u+rx /opt/mso/scripts/* + +RUN mkdir /etc/chef +RUN chown jboss:jboss /etc/chef +RUN chmod u+xrw /etc/chef + +RUN mkdir -p /etc/mso +RUN chown -R jboss:jboss /etc/mso +RUN chmod u+xrw /etc/mso + +# Setup shared folder +RUN mkdir /shared +RUN chown jboss:jboss /shared + +# Setup chef folders +RUN mkdir /var/berks-cookbooks +RUN chown jboss:jboss /var/berks-cookbooks +COPY chef-configs/solo.rb /tmp/git/solo.rb +RUN chown -R jboss:jboss /tmp/git/ + +COPY id_rsa /home/jboss/user +RUN chmod 600 /home/jboss/user +RUN chown -R jboss:jboss /home/jboss + +# Start Chef config +RUN mkdir -p /var/nodes +RUN chown jboss:jboss /var/nodes + +RUN mkdir -p /home/jboss/.chef/nodes +RUN mkdir /home/jboss/.ssh + + +RUN apt-get install -y git && sed -i "s@jboss:/bin/false@jboss:/bin/bash@g" /etc/passwd && su jboss -c "/opt/mso/scripts/init-chef.sh" && sed -i "s@jboss:/bin/bash@jboss:/bin/false@g" /etc/passwd && apt-get remove --purge -y git && apt-get autoremove -y +RUN rm -rf /home/jboss/.ssh +RUN rm /home/jboss/user +RUN echo "" > /shared/mso-docker.json +RUN mv /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker-init.json +RUN ln -s /shared/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json +RUN rm -rf /tmp/git + +## Create the log folder for MSO +RUN mkdir -p /var/log/ecomp/MSO/ +RUN chown jboss:jboss /var/log/ecomp/MSO + +### Configure Jboss WildFly +RUN mkdir -p $JBOSS_HOME/modules/mariadb/main +RUN cp mariadb-java-client-1.5.4.jar $JBOSS_HOME/modules/mariadb/main +COPY jboss-configs/modules/mariadb/main/module.xml $JBOSS_HOME/modules/mariadb/main +COPY jboss-configs/configuration/standalone-full-ha.xml $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml +COPY jboss-configs/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-users.properties +COPY jboss-configs/configuration/mgmt-groups.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties +COPY jboss-configs/configuration/application-users.properties $JBOSS_HOME/standalone/configuration/application-users.properties +COPY jboss-configs/configuration/application-roles.properties $JBOSS_HOME/standalone/configuration/application-roles.properties + +RUN echo "JAVA_OPTS=\"\$JAVA_OPTS -Xms64m -Xmx4g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=1g -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dmso.db=MARIADB -Dmso.config.path=/etc/mso/config.d/\"" >> $JBOSS_HOME/bin/standalone.conf +RUN echo "LAUNCH_JBOSS_IN_BACKGROUND=true" >> $JBOSS_HOME/bin/standalone.conf + +COPY ./maven/artifacts/* $JBOSS_HOME/standalone/deployments/ + +### Open Ports +EXPOSE 8080 + +VOLUME /shared + +### Start EAP +USER root +CMD ["/opt/mso/scripts/start-jboss-server.sh"] + diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.ubuntu-16.04-update b/packages/docker/src/main/docker/docker-files/Dockerfile.ubuntu-16.04-update new file mode 100644 index 0000000000..08987b407e --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.ubuntu-16.04-update @@ -0,0 +1,22 @@ +FROM ubuntu:16.04 + +### File Author / Maintainer +MAINTAINER "Ecomp Opensource Team" +LABEL Description="This image contains an updated version of ubuntu 16.04" Version="1.0" + +ARG http_proxy +ARG https_proxy +ARG chef_repo_branch_name +ARG chef_repo_address +ARG chef_repo_git_name +ARG chef_repo_git_username +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +### update first the image to fix potential security issues +RUN apt-get update +RUN apt-get -y dist-upgrade + + diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.wildfly-10 b/packages/docker/src/main/docker/docker-files/Dockerfile.wildfly-10 new file mode 100644 index 0000000000..729bf5eb59 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.wildfly-10 @@ -0,0 +1,33 @@ +FROM ecomp/ubuntu-update:1.0 + +### File Author / Maintainer +MAINTAINER "Ecomp Opensource Team" +LABEL Description="This image contains Ecomp Opensource MSO " Version="1.0" + +ARG http_proxy +ARG https_proxy +ARG chef_repo_branch_name +ARG chef_repo_address +ARG chef_repo_git_name +ARG chef_repo_git_username +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +### Install OpenJDK +RUN apt-get -y install openjdk-8-jre-headless + + + +### Install Wildfly +ENV JBOSS_HOME=/opt/jboss + +RUN WILDFLY=wildfly-10.1.0.Final.tar.gz; apt-get -y install curl; curl -LO http://download.jboss.org/wildfly/10.1.0.Final/$WILDFLY ; tar xvfz $WILDFLY -C /opt/; mv /opt/${WILDFLY%.tar.gz} $JBOSS_HOME; rm $WILDFLY; apt-get remove -y --purge curl; apt-get autoremove -y +RUN adduser --system --group jboss +RUN chown -R jboss $JBOSS_HOME +RUN $JBOSS_HOME/bin/add-user.sh admin Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U --silent + +USER jboss +CMD ["/opt/jboss/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0"] + diff --git a/packages/docker/src/main/docker/docker-files/chef-configs/solo.rb b/packages/docker/src/main/docker/docker-files/chef-configs/solo.rb new file mode 100644 index 0000000000..5e8247503a --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/chef-configs/solo.rb @@ -0,0 +1,9 @@ +current_dir = File.dirname(__FILE__) +log_level :info +log_location STDOUT +node_name "mso" +syntax_check_cache_path "#{current_dir}/syntaxcache" +cookbook_path ["/var/berks-cookbooks"] +environment_path "/var/berks-cookbooks/CHEF_REPO_NAME_TO_REPLACE/environments" +environment "mso-docker" + diff --git a/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/application-roles.properties b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/application-roles.properties new file mode 100644 index 0000000000..de9b0aac09 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/application-roles.properties @@ -0,0 +1,32 @@ +# +# Properties declaration of users roles for the realm 'ApplicationRealm' which is the default realm +# for application services on a new installation. +# +# This includes the following protocols: remote ejb, remote jndi, web, remote jms +# +# Users can be added to this properties file at any time, updates after the server has started +# will be automatically detected. +# +# The format of this file is as follows: - +# username=role1,role2,role3 +# +# A utility script is provided which can be executed from the bin folder to add the users: - +# - Linux +# bin/add-user.sh +# +# - Windows +# bin\add-user.bat +# +# The following illustrates how an admin user could be defined. +# +#admin=PowerUser,BillingAdmin, +#guest=guest +CSIClient=CSI-Client +CCDClient=CCD-Client +GUIClient=GUI-Client +BPMNClient=BPMN-Client +InfraPortalClient=InfraPortal-Client +MSOClient=MSO-Client +sitecontrol=SiteControl-Client +MSO=AAIEmul-Client +BPELClient=BPEL-Client
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/application-users.properties b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/application-users.properties new file mode 100644 index 0000000000..a04d22296d --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/application-users.properties @@ -0,0 +1,34 @@ +# +# Properties declaration of users for the realm 'ApplicationRealm' which is the default realm +# for application services on a new installation. +# +# This includes the following protocols: remote ejb, remote jndi, web, remote jms +# +# Users can be added to this properties file at any time, updates after the server has started +# will be automatically detected. +# +# The format of this realm is as follows: - +# username=HEX( MD5( username ':' realm ':' password)) +# +# A utility script is provided which can be executed from the bin folder to add the users: - +# - Linux +# bin/add-user.sh +# +# - Windows +# bin\add-user.bat +# +#$REALM_NAME=ApplicationRealm$ This line is used by the add-user utility to identify the realm name already used in this file. +# +# The following illustrates how an admin user could be defined, this +# is for illustration only and does not correspond to a usable password. +# +#admin=2a0923285184943425d1f53ddd58ec7a +CSIClient=0024f53a4ec012c22d9575a3710ed362 +CCDClient=c5e97286d4251605d8ef72f727ac1da6 +GUIClient=583075cf28c7c69c3a8b08356830b856 +BPMNClient=42b98ca2e0cc976d91a26c1495ecd529 +InfraPortalClient=e5077b432685a94babe332893337f6fc +MSOClient=72bc85031ae67afe67014c7663ae1033 +sitecontrol=9a3a360d86758f69ec9508725c017335 +MSO=a05cb60a04f41f750ce1fc60a2633534 +BPELClient=f2b4ce8ae1964050c0ad7e69bd88fd62
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/mgmt-groups.properties b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/mgmt-groups.properties new file mode 100644 index 0000000000..44742a83c4 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/mgmt-groups.properties @@ -0,0 +1,22 @@ +# +# Properties declaration of users groups for the realm 'ManagementRealm'. +# +# This is used for domain management, users groups membership information is used to assign the user +# specific management roles. +# +# Users can be added to this properties file at any time, updates after the server has started +# will be automatically detected. +# +# The format of this file is as follows: - +# username=role1,role2,role3 +# +# A utility script is provided which can be executed from the bin folder to add the users: - +# - Linux +# bin/add-user.sh +# +# - Windows +# bin\add-user.bat +# +# The following illustrates how an admin user could be defined. +# +#admin=PowerUser,BillingAdmin,
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/mgmt-users.properties b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/mgmt-users.properties new file mode 100644 index 0000000000..1576e76f4e --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/mgmt-users.properties @@ -0,0 +1,27 @@ +# +# Properties declaration of users for the realm 'ManagementRealm' which is the default realm +# for new installations. Further authentication mechanism can be configured +# as part of the <management /> in standalone.xml. +# +# Users can be added to this properties file at any time, updates after the server has started +# will be automatically detected. +# +# By default the properties realm expects the entries to be in the format: - +# username=HEX( MD5( username ':' realm ':' password)) +# +# A utility script is provided which can be executed from the bin folder to add the users: - +# - Linux +# bin/add-user.sh +# +# - Windows +# bin\add-user.bat +# On start-up the server will also automatically add a user $local - this user is specifically +# for local tools running against this AS installation. +# +# The following illustrates how an admin user could be defined, this +# is for illustration only and does not correspond to a usable password. +# +admin=281905e1b4420050a7f07eecba66ee68 +# +#$REALM_NAME=ManagementRealm$ This line is used by the add-user utility to identify the realm name already used in this file. +# diff --git a/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/standalone-full-ha.xml b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/standalone-full-ha.xml new file mode 100644 index 0000000000..cface7f46d --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/jboss-configs/configuration/standalone-full-ha.xml @@ -0,0 +1,609 @@ +<?xml version='1.0' encoding='UTF-8'?> + +<server xmlns="urn:jboss:domain:4.2"> + + <extensions> + <extension module="org.jboss.as.clustering.infinispan"/> + <extension module="org.jboss.as.clustering.jgroups"/> + <extension module="org.jboss.as.connector"/> + <extension module="org.jboss.as.deployment-scanner"/> + <extension module="org.jboss.as.ee"/> + <extension module="org.jboss.as.ejb3"/> + <extension module="org.jboss.as.jaxrs"/> + <extension module="org.jboss.as.jdr"/> + <extension module="org.jboss.as.jmx"/> + <extension module="org.jboss.as.jpa"/> + <extension module="org.jboss.as.jsf"/> + <extension module="org.jboss.as.jsr77"/> + <extension module="org.jboss.as.logging"/> + <extension module="org.jboss.as.mail"/> + <extension module="org.jboss.as.modcluster"/> + <extension module="org.jboss.as.naming"/> + <extension module="org.jboss.as.pojo"/> + <extension module="org.jboss.as.remoting"/> + <extension module="org.jboss.as.sar"/> + <extension module="org.jboss.as.security"/> + <extension module="org.jboss.as.transactions"/> + <extension module="org.jboss.as.webservices"/> + <extension module="org.jboss.as.weld"/> + <extension module="org.wildfly.extension.batch.jberet"/> + <extension module="org.wildfly.extension.bean-validation"/> + <extension module="org.wildfly.extension.clustering.singleton"/> + <extension module="org.wildfly.extension.io"/> + <extension module="org.wildfly.extension.messaging-activemq"/> + <extension module="org.wildfly.extension.request-controller"/> + <extension module="org.wildfly.extension.security.manager"/> + <extension module="org.wildfly.extension.undertow"/> + <extension module="org.wildfly.iiop-openjdk"/> + </extensions> + + + <management> + <security-realms> + <security-realm name="ManagementRealm"> + <authentication> + <local default-user="$local" skip-group-loading="true"/> + <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> + </authentication> + <authorization map-groups-to-roles="false"> + <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> + </authorization> + </security-realm> + <security-realm name="ApplicationRealm"> + <server-identities> + <ssl> + <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> + </ssl> + </server-identities> + <authentication> + <local default-user="$local" allowed-users="*" skip-group-loading="true"/> + <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> + </authentication> + <authorization> + <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> + </authorization> + </security-realm> + </security-realms> + <audit-log> + <formatters> + <json-formatter name="json-formatter"/> + </formatters> + <handlers> + <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> + </handlers> + <logger log-boot="true" log-read-only="false" enabled="false"> + <handlers> + <handler name="file"/> + </handlers> + </logger> + </audit-log> + <management-interfaces> + <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> + <socket-binding http="management-http"/> + </http-interface> + </management-interfaces> + <access-control provider="simple"> + <role-mapping> + <role name="SuperUser"> + <include> + <user name="$local"/> + </include> + </role> + </role-mapping> + </access-control> + </management> + + <profile> + <subsystem xmlns="urn:jboss:domain:logging:3.0"> + <console-handler name="CONSOLE"> + <level name="INFO"/> + <formatter> + <named-formatter name="COLOR-PATTERN"/> + </formatter> + </console-handler> + <periodic-rotating-file-handler name="FILE" autoflush="true"> + <formatter> + <named-formatter name="PATTERN"/> + </formatter> + <file relative-to="jboss.server.log.dir" path="server.log"/> + <suffix value=".yyyy-MM-dd"/> + <append value="true"/> + </periodic-rotating-file-handler> + <logger category="com.arjuna"> + <level name="WARN"/> + </logger> + <logger category="org.jboss.as.config"> + <level name="DEBUG"/> + </logger> + <logger category="sun.rmi"> + <level name="WARN"/> + </logger> + <root-logger> + <level name="INFO"/> + <handlers> + <handler name="CONSOLE"/> + <handler name="FILE"/> + </handlers> + </root-logger> + <formatter name="PATTERN"> + <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> + </formatter> + <formatter name="COLOR-PATTERN"> + <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> + </formatter> + </subsystem> + <subsystem xmlns="urn:jboss:domain:batch-jberet:1.0"> + <default-job-repository name="in-memory"/> + <default-thread-pool name="batch"/> + <job-repository name="in-memory"> + <in-memory/> + </job-repository> + <thread-pool name="batch"> + <max-threads count="10"/> + <keepalive-time time="30" unit="seconds"/> + </thread-pool> + </subsystem> + <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/> + <subsystem xmlns="urn:jboss:domain:datasources:4.0"> + <datasources> + <datasource jndi-name="java:jboss/datasources/mso-requests" pool-name="mso-requests" enabled="true" use-ccm="true"> + <connection-url>jdbc:mariadb://mariadb:3306/mso_requests?autoReconnect=true&connectTimeout=60000&socketTimeout=60000</connection-url> + <driver>mariadb</driver> + <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> + <pool> + <min-pool-size>10</min-pool-size> + <max-pool-size>100</max-pool-size> + <prefill>true</prefill> + <use-strict-min>false</use-strict-min> + <flush-strategy>FailingConnectionOnly</flush-strategy> + </pool> + <security> + <user-name>mso</user-name> + <password>mso123</password> + </security> + <validation> + <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/> + <validate-on-match>false</validate-on-match> + <background-validation>true</background-validation> + <background-validation-millis>20000</background-validation-millis> + <use-fast-fail>true</use-fast-fail> + <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/> + </validation> + <timeout> + <idle-timeout-minutes>15</idle-timeout-minutes> + <query-timeout>30</query-timeout> + <allocation-retry>1</allocation-retry> + <allocation-retry-wait-millis>3000</allocation-retry-wait-millis> + </timeout> + </datasource> + <datasource jndi-name="java:jboss/datasources/mso-catalog" pool-name="mso-catalog" enabled="true" use-ccm="true"> + <connection-url>jdbc:mariadb://mariadb:3306/mso_catalog?autoReconnect=true&connectTimeout=60000&socketTimeout=60000</connection-url> + <driver>mariadb</driver> + <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> + <pool> + <min-pool-size>10</min-pool-size> + <max-pool-size>100</max-pool-size> + <prefill>true</prefill> + <use-strict-min>false</use-strict-min> + <flush-strategy>FailingConnectionOnly</flush-strategy> + </pool> + <security> + <user-name>catalog</user-name> + <password>catalog123</password> + </security> + <validation> + <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/> + <validate-on-match>false</validate-on-match> + <background-validation>true</background-validation> + <background-validation-millis>20000</background-validation-millis> + <use-fast-fail>true</use-fast-fail> + <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/> + </validation> + <timeout> + <idle-timeout-minutes>15</idle-timeout-minutes> + <query-timeout>30</query-timeout> + <allocation-retry>1</allocation-retry> + <allocation-retry-wait-millis>3000</allocation-retry-wait-millis> + </timeout> + </datasource> + <datasource jta="true" jndi-name="java:jboss/datasources/ProcessEngine" pool-name="ProcessEngine" enabled="true" use-java-context="true" use-ccm="true"> + <connection-url>jdbc:mariadb://mariadb:3306/camundabpmn?autoReconnect=true&connectTimeout=60000&socketTimeout=60000</connection-url> + <driver>mariadb</driver> + <new-connection-sql>set autocommit=1</new-connection-sql> + <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> + <pool> + <min-pool-size>10</min-pool-size> + <max-pool-size>100</max-pool-size> + <prefill>true</prefill> + <use-strict-min>false</use-strict-min> + <flush-strategy>FailingConnectionOnly</flush-strategy> + </pool> + <security> + <user-name>camunda</user-name> + <password>camunda123</password> + </security> + <validation> + <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/> + <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/> + </validation> + <statement> + <prepared-statement-cache-size>32</prepared-statement-cache-size> + <share-prepared-statements>true</share-prepared-statements> + </statement> + </datasource> + <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> + <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url> + <driver>h2</driver> + <security> + <user-name>sa</user-name> + <password>sa</password> + </security> + </datasource> + <drivers> + <driver name="h2" module="com.h2database.h2"> + <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> + </driver> + <driver name="mariadb" module="mariadb"> + <xa-datasource-class>org.mariadb.jdbc.MySQLDataSource</xa-datasource-class> + </driver> + </drivers> + </datasources> + </subsystem> + <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"> + <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:ee:4.0"> + <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> + <concurrent> + <context-services> + <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/> + </context-services> + <managed-thread-factories> + <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/> + </managed-thread-factories> + <managed-executor-services> + <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/> + </managed-executor-services> + <managed-scheduled-executor-services> + <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/> + </managed-scheduled-executor-services> + </concurrent> + <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" jms-connection-factory="java:jboss/DefaultJMSConnectionFactory" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:ejb3:4.0"> + <session-bean> + <stateless> + <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> + </stateless> + <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/> + <singleton default-access-timeout="5000"/> + </session-bean> + <mdb> + <resource-adapter-ref resource-adapter-name="${ejb.resource-adapter-name:activemq-ra.rar}"/> + <bean-instance-pool-ref pool-name="mdb-strict-max-pool"/> + </mdb> + <pools> + <bean-instance-pools> + <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> + <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> + </bean-instance-pools> + </pools> + <caches> + <cache name="simple"/> + <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/> + </caches> + <passivation-stores> + <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/> + </passivation-stores> + <async thread-pool-name="default"/> + <timer-service thread-pool-name="default" default-data-store="default-file-store"> + <data-stores> + <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/> + </data-stores> + </timer-service> + <remote connector-ref="http-remoting-connector" thread-pool-name="default"/> + <thread-pools> + <thread-pool name="default"> + <max-threads count="10"/> + <keepalive-time time="100" unit="milliseconds"/> + </thread-pool> + </thread-pools> + <iiop enable-by-default="false" use-qualified-name="false"/> + <default-security-domain value="other"/> + <default-missing-method-permissions-deny-access value="true"/> + <log-system-exceptions value="true"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:io:1.1"> + <worker name="default"/> + <buffer-pool name="default"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:infinispan:4.0"> + <cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server"> + <transport lock-timeout="60000"/> + <replicated-cache name="default" mode="SYNC"> + <transaction mode="BATCH"/> + </replicated-cache> + </cache-container> + <cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan"> + <transport lock-timeout="60000"/> + <distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2"> + <locking isolation="REPEATABLE_READ"/> + <transaction mode="BATCH"/> + <file-store/> + </distributed-cache> + <distributed-cache name="concurrent" mode="SYNC" l1-lifespan="0" owners="2"> + <file-store/> + </distributed-cache> + </cache-container> + <cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan"> + <transport lock-timeout="60000"/> + <distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2"> + <locking isolation="REPEATABLE_READ"/> + <transaction mode="BATCH"/> + <file-store/> + </distributed-cache> + </cache-container> + <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan"> + <transport lock-timeout="60000"/> + <local-cache name="local-query"> + <eviction strategy="LRU" max-entries="10000"/> + <expiration max-idle="100000"/> + </local-cache> + <invalidation-cache name="entity" mode="SYNC"> + <transaction mode="NON_XA"/> + <eviction strategy="LRU" max-entries="10000"/> + <expiration max-idle="100000"/> + </invalidation-cache> + <replicated-cache name="timestamps" mode="ASYNC"/> + </cache-container> + </subsystem> + <subsystem xmlns="urn:jboss:domain:iiop-openjdk:1.0"> + <orb socket-binding="iiop" ssl-socket-binding="iiop-ssl"/> + <initializers security="identity" transactions="spec"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> + <subsystem xmlns="urn:jboss:domain:jca:4.0"> + <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> + <bean-validation enabled="true"/> + <default-workmanager> + <short-running-threads> + <core-threads count="50"/> + <queue-length count="50"/> + <max-threads count="50"/> + <keepalive-time time="10" unit="seconds"/> + </short-running-threads> + <long-running-threads> + <core-threads count="50"/> + <queue-length count="50"/> + <max-threads count="50"/> + <keepalive-time time="10" unit="seconds"/> + </long-running-threads> + </default-workmanager> + <cached-connection-manager/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jdr:1.0"/> + <subsystem xmlns="urn:jboss:domain:jgroups:4.0"> + <channels default="ee"> + <channel name="ee" stack="udp"/> + </channels> + <stacks> + <stack name="udp"> + <transport type="UDP" socket-binding="jgroups-udp"/> + <protocol type="PING"/> + <protocol type="MERGE3"/> + <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/> + <protocol type="FD_ALL"/> + <protocol type="VERIFY_SUSPECT"/> + <protocol type="pbcast.NAKACK2"/> + <protocol type="UNICAST3"/> + <protocol type="pbcast.STABLE"/> + <protocol type="pbcast.GMS"/> + <protocol type="UFC"/> + <protocol type="MFC"/> + <protocol type="FRAG2"/> + </stack> + <stack name="tcp"> + <transport type="TCP" socket-binding="jgroups-tcp"/> + <protocol type="MPING" socket-binding="jgroups-mping"/> + <protocol type="MERGE3"/> + <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/> + <protocol type="FD"/> + <protocol type="VERIFY_SUSPECT"/> + <protocol type="pbcast.NAKACK2"/> + <protocol type="UNICAST3"/> + <protocol type="pbcast.STABLE"/> + <protocol type="pbcast.GMS"/> + <protocol type="MFC"/> + <protocol type="FRAG2"/> + </stack> + </stacks> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jmx:1.3"> + <expose-resolved-model/> + <expose-expression-model/> + <remoting-connector/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jpa:1.1"> + <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jsf:1.0"/> + <subsystem xmlns="urn:jboss:domain:jsr77:1.0"/> + <subsystem xmlns="urn:jboss:domain:mail:2.0"> + <mail-session name="default" jndi-name="java:jboss/mail/Default"> + <smtp-server outbound-socket-binding-ref="mail-smtp"/> + </mail-session> + </subsystem> + <subsystem xmlns="urn:jboss:domain:messaging-activemq:1.0"> + <server name="default"> + <cluster password="${jboss.messaging.cluster.password:CHANGE ME!!}"/> + <security-setting name="#"> + <role name="guest" send="true" consume="true" create-non-durable-queue="true" delete-non-durable-queue="true"/> + </security-setting> + <address-setting name="#" dead-letter-address="jms.queue.DLQ" expiry-address="jms.queue.ExpiryQueue" max-size-bytes="10485760" page-size-bytes="2097152" message-counter-history-day-limit="10" redistribution-delay="1000"/> + <http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/> + <http-connector name="http-connector-throughput" socket-binding="http" endpoint="http-acceptor-throughput"> + <param name="batch-delay" value="50"/> + </http-connector> + <in-vm-connector name="in-vm" server-id="0"/> + <http-acceptor name="http-acceptor" http-listener="default"/> + <http-acceptor name="http-acceptor-throughput" http-listener="default"> + <param name="batch-delay" value="50"/> + <param name="direct-deliver" value="false"/> + </http-acceptor> + <in-vm-acceptor name="in-vm" server-id="0"/> + <broadcast-group name="bg-group1" jgroups-channel="activemq-cluster" connectors="http-connector"/> + <discovery-group name="dg-group1" jgroups-channel="activemq-cluster"/> + <cluster-connection name="my-cluster" address="jms" connector-name="http-connector" discovery-group="dg-group1"/> + <jms-queue name="ExpiryQueue" entries="java:/jms/queue/ExpiryQueue"/> + <jms-queue name="DLQ" entries="java:/jms/queue/DLQ"/> + <connection-factory name="InVmConnectionFactory" entries="java:/ConnectionFactory" connectors="in-vm"/> + <connection-factory name="RemoteConnectionFactory" entries="java:jboss/exported/jms/RemoteConnectionFactory" connectors="http-connector" ha="true" block-on-acknowledge="true" reconnect-attempts="-1"/> + <pooled-connection-factory name="activemq-ra" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory" connectors="in-vm" transaction="xa"/> + </server> + </subsystem> + <subsystem xmlns="urn:jboss:domain:modcluster:2.0"> + <mod-cluster-config advertise-socket="modcluster" connector="ajp"> + <dynamic-load-provider> + <load-metric type="cpu"/> + </dynamic-load-provider> + </mod-cluster-config> + </subsystem> + <subsystem xmlns="urn:jboss:domain:naming:2.0"> + <remote-naming/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:pojo:1.0"/> + <subsystem xmlns="urn:jboss:domain:remoting:3.0"> + <endpoint/> + <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:resource-adapters:4.0"/> + <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/> + <subsystem xmlns="urn:jboss:domain:sar:1.0"/> + <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> + <deployment-permissions> + <maximum-set> + <permission class="java.security.AllPermission"/> + </maximum-set> + </deployment-permissions> + </subsystem> + <subsystem xmlns="urn:jboss:domain:security:1.2"> + <security-domains> + <security-domain name="other" cache-type="default"> + <authentication> + <login-module code="Remoting" flag="optional"> + <module-option name="password-stacking" value="useFirstPass"/> + </login-module> + <login-module code="RealmDirect" flag="required"> + <module-option name="password-stacking" value="useFirstPass"/> + </login-module> + </authentication> + </security-domain> + <security-domain name="jboss-web-policy" cache-type="default"> + <authorization> + <policy-module code="Delegating" flag="required"/> + </authorization> + </security-domain> + <security-domain name="jboss-ejb-policy" cache-type="default"> + <authorization> + <policy-module code="Delegating" flag="required"/> + </authorization> + </security-domain> + <security-domain name="jaspitest" cache-type="default"> + <authentication-jaspi> + <login-module-stack name="dummy"> + <login-module code="Dummy" flag="optional"/> + </login-module-stack> + <auth-module code="Dummy"/> + </authentication-jaspi> + </security-domain> + </security-domains> + </subsystem> + <subsystem xmlns="urn:jboss:domain:singleton:1.0"> + <singleton-policies default="default"> + <singleton-policy name="default" cache-container="server"> + <simple-election-policy/> + </singleton-policy> + </singleton-policies> + </subsystem> + <subsystem xmlns="urn:jboss:domain:transactions:3.0"> + <core-environment> + <process-id> + <uuid/> + </process-id> + </core-environment> + <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:undertow:3.1"> + <buffer-cache name="default"/> + <server name="default-server"> + <ajp-listener name="ajp" socket-binding="ajp"/> + <http-listener name="default" socket-binding="http" enable-http2="true"/> + <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/> + <host name="default-host" alias="localhost"> + <location name="/" handler="welcome-content"/> + <filter-ref name="server-header"/> + <filter-ref name="x-powered-by-header"/> + </host> + </server> + <servlet-container name="default"> + <jsp-config/> + <websockets/> + </servlet-container> + <handlers> + <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> + </handlers> + <filters> + <response-header name="server-header" header-name="Server" header-value="WildFly/10"/> + <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/> + </filters> + </subsystem> + <subsystem xmlns="urn:jboss:domain:webservices:2.0"> + <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host> + <endpoint-config name="Standard-Endpoint-Config"/> + <endpoint-config name="Recording-Endpoint-Config"> + <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM"> + <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/> + </pre-handler-chain> + </endpoint-config> + <client-config name="Standard-Client-Config"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:weld:3.0"/> + </profile> + + <interfaces> + <interface name="management"> + <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> + </interface> + <interface name="public"> + <inet-address value="${jboss.bind.address:127.0.0.1}"/> + </interface> + <interface name="private"> + <inet-address value="${jboss.bind.address.private:127.0.0.1}"/> + </interface> + <interface name="unsecure"> + <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/> + </interface> + </interfaces> + + <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> + <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> + <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> + <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> + <socket-binding name="http" port="${jboss.http.port:8080}"/> + <socket-binding name="https" port="${jboss.https.port:8443}"/> + <socket-binding name="iiop" interface="unsecure" port="3528"/> + <socket-binding name="iiop-ssl" interface="unsecure" port="3529"/> + <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/> + <socket-binding name="jgroups-tcp" interface="private" port="7600"/> + <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/> + <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/> + <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/> + <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/> + <socket-binding name="txn-recovery-environment" port="4712"/> + <socket-binding name="txn-status-manager" port="4713"/> + <outbound-socket-binding name="mail-smtp"> + <remote-destination host="localhost" port="25"/> + </outbound-socket-binding> + </socket-binding-group> + +</server>
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/jboss-configs/modules/mariadb/main/module.xml b/packages/docker/src/main/docker/docker-files/jboss-configs/modules/mariadb/main/module.xml new file mode 100644 index 0000000000..1b127358ed --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/jboss-configs/modules/mariadb/main/module.xml @@ -0,0 +1,11 @@ +<?xmlversion="1.0"encoding="UTF-8"?> + +<module xmlns="urn:jboss:module:1.0" name="mariadb"> + <resources> + <resource-root path="mariadb-java-client-1.5.4.jar"/> + </resources> + <dependencies> + <module name="javax.api"/> + <module name="javax.transaction.api"/> + </dependencies> +</module>
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/scripts/build-and-start.sh b/packages/docker/src/main/docker/docker-files/scripts/build-and-start.sh new file mode 100644 index 0000000000..3694981628 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/build-and-start.sh @@ -0,0 +1,230 @@ +#!/bin/bash -x + +GIT_REPO=$mso_git_repository +GIT_BRANCH=$mso_git_branch +! [[ $GIT_SSH_KEY ]] && GIT_SSH_KEY=/home/jboss/user +MVN_CENTRAL_USER=$mvn_central_user +MVN_CENTRAL_PWD=$mvn_central_pwd +WILDFLY_TAR=wildfly-10.1.0.Final.tar.gz; +CHEF_DEB=chefdk_0.17.17-1_amd64.deb + +echo "Jboss Home:" +echo ${JBOSS_HOME} +echo "Repository :" +echo ${GIT_REPO} +echo "Branch :" +echo ${GIT_BRANCH} +echo "Ssh key file :" +echo ${GIT_SSH_KEY} +echo "Maven central user :" +echo ${MVN_CENTRAL_USER} + +[[ ${MVN_CENTRAL_PWD} ]] && echo "with password" || echo "without password" + +function update_terminal() { + echo "--------------------------------------------------------------------------" + echo $* + echo "--------------------------------------------------------------------------" +} + +function update_ubuntu() { + update_terminal "Updating ubuntu" + apt-get update + apt-get -y dist-upgrade +} + + +function set_ssh_key() { + [[ -f /home/jboss/user ]] && return || update_terminal "Setting ssh key" + mkdir -p /home/jboss/.ssh/ + mv /tmp/id_rsa /home/jboss/user + chown jboss:jboss -R /home/jboss/user + chmod 600 /home/jboss/user + chown jboss:jboss /home/jboss/.ssh + chmod 700 /home/jboss/.ssh + +} + +function set_maven_settings() { + [[ -f /home/jboss/.m2/settings.xml ]] && return || update_terminal "Updating maven settings" + mkdir -p /home/jboss/.m2/ + mv /tmp/settings.xml /home/jboss/.m2/settings.xml + chown -R jboss:jboss /home/jboss/.m2/ + + # set login and password for maven central + sed -i "s/#PASSWORD#/$MVN_CENTRAL_PWD/g" /home/jboss/.m2/settings.xml \ + && sed -i "s/#USERNAME#/$MVN_CENTRAL_USER/g" /home/jboss/.m2/settings.xml +} + +function install_jboss() { + [[ -f $JBOSS_HOME/bin/standalone.conf ]] && [[ $(grep "LAUNCH_JBOSS_IN_BACKGROUND=true" $JBOSS_HOME/bin/standalone.conf) ]] && return || update_terminal "Installing jboss"; + + + adduser --system --group jboss + + curl -C - -LO http://download.jboss.org/wildfly/10.1.0.Final/$WILDFLY_TAR ; + tar xvfz $WILDFLY_TAR -C /opt/; + mv /opt/${WILDFLY_TAR%.tar.gz} $JBOSS_HOME; + + chown -R jboss:jboss $JBOSS_HOME + echo "JAVA_OPTS=\"\$JAVA_OPTS -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dmso.db=MARIADB -Dmso.config.path=/etc/mso/config.d/ -Dmso.aaf.enable=false \"" >> $JBOSS_HOME/bin/standalone.conf + echo "LAUNCH_JBOSS_IN_BACKGROUND=true" >> $JBOSS_HOME/bin/standalone.conf + +} + +function create_log_folders() { + [[ -d /var/log/ecomp ]] && [[ /var/log/ecomp/MSO/ ]] && return || update_terminal "Creating log folders" + mkdir -p /var/log/ecomp/MSO/ + chown -R jboss:jboss /var/log/ecomp +} + +function install_mariadb_connector() { + [[ -f $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml ]] && return || update_terminal "Installing mariadb connector" + MARIADB_DIR=$JBOSS_HOME/modules/mariadb + curl -C - -O -L http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar + mkdir -p $MARIADB_DIR/main + mv mariadb-java-client-1.5.4.jar $MARIADB_DIR/main + cp /tmp/jboss-configs//modules/mariadb/main/module.xml $MARIADB_DIR/main + cp /tmp/jboss-configs/standalone-full-ha.xml $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml + cp /tmp/jboss-configs/configuration/application-roles.properties $JBOSS_HOME/standalone/configuration/application-roles.properties + cp /tmp/jboss-configs/configuration/application-users.properties $JBOSS_HOME/standalone/configuration/application-users.properties + cp /tmp/jboss-configs/configuration/mgmt-groups.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties + cp /tmp/jboss-configs/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-users.properties + + chown -R jboss:jboss $MARIADB_DIR +} + +function dep_install() { + update_terminal "Installing dependencies" + # install requirements + apt-get -y install openjdk-8-jre-headless curl git maven + STATUS=$? + if [[ $STATUS != 0 ]]; + then + exit 1 + fi +} + +function clone_mso() { + [[ $("ls /tmp/mso-core") ]] && return || update_terminal "Cloning mso repository" + # build git command + GIT_CMD="git clone --single-branch -b ${GIT_BRANCH-master} ${GIT_REPO} -v" + + # build ssh command + export GIT_SSH_COMMAND="ssh -i ${GIT_SSH_KEY} -o StrictHostKeyChecking=false" + + # cloning + su - jboss -s /bin/bash -c "export GIT_SSH_COMMAND=\"ssh -i ${GIT_SSH_KEY} -o StrictHostKeyChecking=false\"; cd /tmp/; ${GIT_CMD} mso-core" + STATUS=$? + if [[ $STATUS != 0 ]]; + then + exit 2 + fi +} +#export MAVEN_OPTS="$MAVEN_OPTS -Dhttp.proxyHost=one.proxy.att.com -Dhttp.proxyPort=8080 -Dhttps.proxyHost=one.proxy.att.com -Dhttps.proxyPort=8080" + +function mso_build() { + update_terminal "Building Mso core" + # building + cd /tmp/mso-core + su jboss -s /bin/bash -c "mvn clean install" + STATUS=$? + if [[ $STATUS != 0 ]]; + then + exit 4 + fi +} + +function war_to_temp() { + [[ $("ls /tmp/wars/") ]] && return || update_terminal "Copying wars to tmp directory" + function copy_wars() { + for war in `find . -iname "*.war" `; + do + cp $war /tmp/wars/ + done + } + export -f copy_wars + su - jboss -s /bin/bash -c copy_wars + #tar xzf ./packages/deliveries/target/assembly/war-packs/*.tar.gz -C /tmp/wars/ +} + +function install_chef() { + [[ -d /home/jboss/.chef/nodes ]] && return || update_terminal "Installing chef" + curl -C - -LO https://packages.chef.io/stable/ubuntu/12.04/$CHEF_DEB + dpkg -i $CHEF_DEB + for dir in "/etc/chef /etc/mso /var/berks-cookbooks /tmp/git /var/nodes /home/jboss/.chef/nodes"; + do + mkdir -p $dir + chown jboss:jboss $dir + chmod 700 $dir + done +} + +function chef_init() { + update_terminal "Initializing chef" + mkdir -p /tmp/git + cp /shared/solo.rb /tmp/git/ + chown -R jboss:jboss /tmp/git + su - jboss -s /bin/bash -c /opt/mso/scripts/init-chef.sh + mv /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker-init.json + ln -s /shared/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json +} + +function cleanup() { + # cleaning & space freeup + echo "Cleaning up" + + rm -rf /tmp/git/mso-core + rm -f /$WILDFLY_TAR; + rm -f /$CHEF_DEB + + rm -rf /home/jboss/.m2 + apt-get remove -y maven git curl + +} + +function build() { + update_ubuntu + dep_install + + install_jboss + create_log_folders + install_mariadb_connector + + set_ssh_key + + install_chef + chef_init + + + clone_mso + + set_maven_settings + mso_build + war_to_temp + cleanup +} + +function init_certif() { + # Copy the certificates + cp /shared/*.crt /usr/local/share/ca-certificates + update-ca-certificates +} + +function start() { + su - jboss -s /bin/bash -c /opt/mso/scripts/start-jboss-server.sh +} + +rm -f "$JBOSS_HOME/standalone/deployments/README.txt" +if ! [[ "$(ls -A $JBOSS_HOME/standalone/deployments/)" ]]; +then + mkdir -p /tmp/wars/ + build + cp /tmp/wars/* $JBOSS_HOME/standalone/deployments/ + rm -rf /tmp/wars/ + init_certif +fi + +cd /opt/jboss + +start diff --git a/packages/docker/src/main/docker/docker-files/scripts/init-chef.sh b/packages/docker/src/main/docker/docker-files/scripts/init-chef.sh new file mode 100644 index 0000000000..0a562e715e --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/init-chef.sh @@ -0,0 +1,25 @@ +#!/bin/sh +# Copyright 2015 AT&T Intellectual Properties +############################################################################## +# Script to initialize the chef-repo branch and.chef +# +############################################################################## + +set -x +cd /tmp/git/ +export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=false -i ~/user" +git clone -b ${BRANCH_NAME:-master} --single-branch ssh://${REPO_USERNAME}@${REPO_ADDRESS}/${CHEF_REPO_NAME}.git + + +# Will have to be removed later +#mkdir -p /var/chef/nodes +sed "s/CHEF_REPO_NAME_TO_REPLACE/${CHEF_REPO_NAME}/g" -i /tmp/git/solo.rb +mv /tmp/git/solo.rb /tmp/git/${CHEF_REPO_NAME}/ +cd /tmp/git/${CHEF_REPO_NAME} + +echo "Vendor cookbooks with Berkshelf" +berks vendor /var/berks-cookbooks -b Berksfile.mso-docker + +# Execute the ChefClient to configure the mso-config +echo "Update config with chef solo" +chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-jboss-server.sh b/packages/docker/src/main/docker/docker-files/scripts/start-jboss-server.sh new file mode 100644 index 0000000000..2e9b9da27d --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/start-jboss-server.sh @@ -0,0 +1,53 @@ +#!/bin/sh +# Copyright 2015 AT&T Intellectual Properties +############################################################################## +# Script to initialize the chef-repo branch and.chef +# +############################################################################## +# Copy the certificates +echo 'Copying the *.crt provided in /shared folder' +cp --verbose /shared/*.crt /usr/local/share/ca-certificates +update-ca-certificates + +echo 'Running in JBOSS' +su - jboss + +#Start the chef-solo +chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra] + + +JBOSS_PIDFILE=/tmp/jboss-standalone.pid +$JBOSS_HOME/bin/standalone.sh -c standalone-full-ha-mso.xml & +JBOSS_PID=$! +# Trap common signals and relay them to the jboss process +trap "kill -HUP $JBOSS_PID" HUP +trap "kill -TERM $JBOSS_PID" INT +trap "kill -QUIT $JBOSS_PID" QUIT +trap "kill -PIPE $JBOSS_PID" PIPE +trap "kill -TERM $JBOSS_PID" TERM +if [ "x$JBOSS_PIDFILE" != "x" ]; then + echo $JBOSS_PID > $JBOSS_PIDFILE +fi +# Wait until the background process exits +WAIT_STATUS=128 +while [ "$WAIT_STATUS" -ge 128 ]; do + wait $JBOSS_PID 2>/dev/null + WAIT_STATUS=$? + if [ "$WAIT_STATUS" -gt 128 ]; then + SIGNAL=`expr $WAIT_STATUS - 128` + SIGNAL_NAME=`kill -l $SIGNAL` + echo "*** JBossAS process ($JBOSS_PID) received $SIGNAL_NAME signal ***" >&2 + fi +done +if [ "$WAIT_STATUS" -lt 127 ]; then + JBOSS_STATUS=$WAIT_STATUS +else + JBOSS_STATUS=0 +fi +if [ "$JBOSS_STATUS" -ne 10 ]; then + # Wait for a complete shudown + wait $JBOSS_PID 2>/dev/null +fi +if [ "x$JBOSS_PIDFILE" != "x" ]; then + grep "$JBOSS_PID" $JBOSS_PIDFILE && rm $JBOSS_PIDFILE +fi diff --git a/packages/docker/src/main/docker/docker-files/settings.xml b/packages/docker/src/main/docker/docker-files/settings.xml new file mode 100644 index 0000000000..ff9343b6c6 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/settings.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" +xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + + <proxies> + <proxy> + <id>optional</id> + <active>true</active> + <protocol>http</protocol> + <host>one.proxy.att.com</host> + <port>8080</port> + <nonProxyHosts>localhost,127.0.0.1,*.att.com</nonProxyHosts> + </proxy> + </proxies> + + <servers> + <server> + <id>mso-releases</id> + <username>#USERNAME#</username> + <password>#PASSWORD#</password> + </server> + <server> + <id>mso-snapshots</id> + <username>#USERNAME#</username> + <password>#PASSWORD#</password> + </server> + <server> + <id>mso-3rd-party</id> + <username>#USERNAME#</username> + <password>#PASSWORD#</password> + </server> + </servers> +</settings> |