Alpinize + Dockerize Sigmah

This commit is contained in:
Disassembler 2018-01-26 21:25:03 +01:00
parent 29b7e6a7a8
commit f3ed426201
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
9 changed files with 116 additions and 58 deletions

View File

@ -1,36 +1,23 @@
#!/bin/bash #!/bin/sh
SOURCE_DIR=$(realpath $(dirname "${0}"))/sigmah SOURCE_DIR=$(realpath $(dirname "${0}"))/sigmah
# Check prerequisites # Check prerequisites
docker image ls | grep -q postgres || $(realpath $(dirname "${0}"))/postgres.sh docker image ls | grep -q postgres || $(realpath $(dirname "${0}"))/postgres.sh
# Install dependencies # Build Docker container
apt-get -y --no-install-recommends install python-bcrypt docker build -t sigmah ${SOURCE_DIR}
# Download Sigmah
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-2.0.2.war -O /tmp/sigmah.war
unzip /tmp/sigmah.war -d /srv/sigmah
rm -f /tmp/sigmah.war
# Update Postgres JDBC driver
rm -f /srv/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar
wget https://jdbc.postgresql.org/download/postgresql-42.1.4.jar -O /srv/sigmah/WEB-INF/lib/postgresql-42.1.4.jar
# Create database # Create database
export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64) export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64)
envsubst <${SOURCE_DIR}/tmp/sigmah-createdb.sql >/tmp/sigmah-createdb.sql envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql
sudo -u postgres psql -f /tmp/sigmah-createdb.sql
rm -f /tmp/sigmah-createdb.sql
# Configure Sigmah # Configure Sigmah
mkdir -p /srv/sigmah/{files,archives} mkdir -p /srv/sigmah/conf /srv/sigmah/data/files /srv/sigmah/data/archives
chown -R tomcat8:tomcat8 /srv/sigmah chown -R 8015:8015 /srv/sigmah/data
ln -s /srv/sigmah /var/lib/tomcat8/webapps/sigmah envsubst <${SOURCE_DIR}/srv/sigmah/conf/persistence.xml >/srv/sigmah/conf/persistence.xml
envsubst <${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/META-INF/persistence.xml >/srv/sigmah/WEB-INF/classes/META-INF/persistence.xml cp ${SOURCE_DIR}/srv/sigmah/conf/sigmah.properties /srv/sigmah/conf/sigmah.properties
cp ${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/logback.xml /srv/sigmah/WEB-INF/classes/logback.xml docker run --rm -v /srv/sigmah/data:/srv/sigmah/data sigmah cp /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/data/files/logo.png
cp ${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/sigmah.properties /srv/sigmah/WEB-INF/classes/sigmah.properties
cp /srv/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/files/logo.png
# Populate database # Populate database
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /tmp/sigmah-MinimumDataKit.sql wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /tmp/sigmah-MinimumDataKit.sql
@ -38,7 +25,9 @@ wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-newOrg
export SIGMAH_ADMIN_USER=Admin export SIGMAH_ADMIN_USER=Admin
export SIGMAH_ADMIN_EMAIL=admin@example.com export SIGMAH_ADMIN_EMAIL=admin@example.com
export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64) export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
export SIGMAH_ADMIN_HASH=$(python -c "import bcrypt; print bcrypt.hashpw('${SIGMAH_ADMIN_PWD}', bcrypt.gensalt(10, prefix=b'2a'))") apk --no-cache add apache2-utils
export SIGMAH_ADMIN_HASH=$(htpasswd -bnBC 10 "" ${SIGMAH_ADMIN_PWD} | tr -d ':\n' | tr '$2y' '$2a')
apk del apache2-utils
sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql
sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql
sed -i "s|§HeadquartersCountryCode§|CZ|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|§HeadquartersCountryCode§|CZ|g" /tmp/sigmah-newOrganizationLaunchScript.sql
@ -47,20 +36,18 @@ sed -i "s|§UserName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunch
sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql
sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql
sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql
export PGPASSWORD=${SIGMAH_PWD} cat /tmp/sigmah-MinimumDataKit.sql | docker exec -i -e PGPASSWORD=${SIGMAH_PWD} postgres psql -U sigmah sigmah
psql -f /tmp/sigmah-MinimumDataKit.sql -U sigmah sigmah cat /tmp/sigmah-newOrganizationLaunchScript.sql | docker exec -i -e PGPASSWORD=${SIGMAH_PWD} postgres psql -U sigmah sigmah
psql -f /tmp/sigmah-newOrganizationLaunchScript.sql -U sigmah sigmah rm -f /tmp/sigmah-MinimumDataKit.sql /tmp/sigmah-newOrganizationLaunchScript.sql
unset PGPASSWORD
rm -f /tmp/sigmah-MinimumDataKit.sql # Create Sigmah service
rm -f /tmp/sigmah-newOrganizationLaunchScript.sql cp ${SOURCE_DIR}/etc/init.d/sigmah /etc/init.d/sigmah
rc-update add sigmah boot
service sigmah start
# Create nginx app definition # Create nginx app definition
cp ${SOURCE_DIR}/etc/nginx/apps-available/sigmah /etc/nginx/apps-available/sigmah cp ${SOURCE_DIR}/etc/nginx/conf.d/sigmah.conf /etc/nginx/conf.d/sigmah.conf
ln -s /etc/nginx/apps-available/sigmah /etc/nginx/apps-enabled/sigmah service nginx reload
# Restart services
systemctl restart tomcat8
systemctl restart nginx
# Add portal application definition # Add portal application definition
portal-app-manager sigmah "/sigmah/" "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}" portal-app-manager sigmah "https://{host}:8415/sigmah/" "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}"

48
sigmah/Dockerfile Normal file
View File

@ -0,0 +1,48 @@
FROM alpine:3.7
MAINTAINER Disassembler <disassembler@dasm.cz>
RUN \
# Install Java 1.8 JRE
apk --no-cache add openjdk8-jre-base paxctl \
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/java \
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/java \
# Cleanup
&& apk del paxctl
RUN \
# Install Tomcat 8
wget http://mirror.dkm.cz/apache/tomcat/tomcat-8/v8.0.49/bin/apache-tomcat-8.0.49.tar.gz -O /tmp/apache-tomcat-8.tgz \
&& tar xf /tmp/apache-tomcat-8.tgz -C /srv \
&& mv /srv/apache-tomcat-8.0.49 /srv/tomcat \
# Make catalina.sh available globally
&& ln -s /srv/tomcat/bin/catalina.sh /usr/bin/catalina.sh \
# Cleanup
&& rm -rf /srv/tomcat/webapps/ROOT /srv/tomcat/webapps/docs /srv/tomcat/webapps/examples /srv/tomcat/webapps/host-manager /srv/tomcat/webapps/manager \
&& rm -f /tmp/apache-tomcat-8.tgz
RUN \
# Download Sigmah
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-2.0.2.war -O /tmp/sigmah.war \
&& mkdir /srv/tomcat/webapps/sigmah \
&& unzip /tmp/sigmah.war -d /srv/tomcat/webapps/sigmah \
# Update Postgres JDBC driver
&& rm /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar \
&& wget https://jdbc.postgresql.org/download/postgresql-42.2.0.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.0.jar \
# Remove logging config
&& rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml \
# Configure Tomcat port
&& sed -i 's/port="8080"/port="8015"/g' /srv/tomcat/conf/server.xml \
# Create OS user
&& addgroup -S -g 8015 sigmah \
&& adduser -S -u 8015 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah \
&& chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work \
# Cleanup
&& rm /tmp/sigmah.war
VOLUME ["/srv/sigmah/data"]
EXPOSE 8015
USER sigmah
WORKDIR /srv/tomcat
CMD ["catalina.sh", "run"]

25
sigmah/etc/init.d/sigmah Executable file
View File

@ -0,0 +1,25 @@
#!/sbin/openrc-run
description="Sigmah docker container"
depend() {
need docker net
use dns logger netmount
after activemq postgres
}
start() {
/usr/bin/docker run -d --rm \
--name sigmah \
-h sigmah \
--link postgres \
-p 127.0.0.1:9015:8015 \
-v /srv/sigmah/data:/srv/sigmah/data \
-v /srv/sigmah/conf/persistence.xml:/srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml \
-v /srv/sigmah/conf/sigmah.properties:/srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties \
sigmah
}
stop() {
/usr/bin/docker stop sigmah
}

View File

@ -1,11 +0,0 @@
location /sigmah {
alias /srv/sigmah;
try_files $uri @sigmah;
}
location @sigmah {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:9080;
}

View File

@ -0,0 +1,14 @@
server {
listen [::]:8015 ipv6only=off;
listen [::]:8415 ssl http2 ipv6only=off;
access_log /var/log/nginx/sigmah.access.log;
error_log /var/log/nginx/sigmah.error.log;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9015;
}
}

View File

@ -1,5 +0,0 @@
<?xml version="1.0" encoding="UTF-8" ?>
<configuration scan="true" scanPeriod="60 seconds">
<logger name="org.sigmah" level="ERROR" />
</configuration>

View File

@ -13,7 +13,7 @@
<property name="hibernate.connection.driver_class" value="org.postgresql.Driver" /> <property name="hibernate.connection.driver_class" value="org.postgresql.Driver" />
<property name="hibernate.connection.username" value="sigmah" /> <property name="hibernate.connection.username" value="sigmah" />
<property name="hibernate.connection.password" value="${SIGMAH_PWD}" /> <property name="hibernate.connection.password" value="${SIGMAH_PWD}" />
<property name="hibernate.connection.url" value="jdbc:postgresql://localhost:5432/sigmah" /> <property name="hibernate.connection.url" value="jdbc:postgresql://postgres:5432/sigmah" />
<property name="hibernate.show_sql" value="false" /> <property name="hibernate.show_sql" value="false" />
<property name="hibernate.format_sql" value="false" /> <property name="hibernate.format_sql" value="false" />
@ -36,4 +36,4 @@
</properties> </properties>
</persistence-unit> </persistence-unit>
</persistence> </persistence>

View File

@ -10,10 +10,10 @@
# -- # --
# Root directory name where files are stored. # Root directory name where files are stored.
files.repository.name=/srv/sigmah/files files.repository.name=/srv/sigmah/data/files
# Root directory name where backup archives are stored. # Root directory name where backup archives are stored.
archives.repository.name=/srv/sigmah/archives/ archives.repository.name=/srv/sigmah/data/archives/
#Maximum size of the uploaded files (bytes) #Maximum size of the uploaded files (bytes)
files.upload.maxSize=20971520 files.upload.maxSize=20971520
@ -22,8 +22,8 @@ files.upload.maxSize=20971520
# MAILS # MAILS
# -- # --
mail.hostname=localhost mail.hostname=postfix
mail.port=25 mail.port=587
mail.from.address=sigmah@spotter.ngo mail.from.address=sigmah@spotter.ngo
mail.from.name=Sigmah mail.from.name=Sigmah
# Authentication (leave empty if no authentication is required). # Authentication (leave empty if no authentication is required).