From e9dfddcffdd792dabcee319a2500cc572b8771ce Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Thu, 15 Aug 2019 15:09:55 -0400 Subject: [PATCH 01/10] Starting refactor of makefile for packaing as tarball, removed jenkinsfile --- .gitignore | 2 ++ Jenkinsfile | 38 ---------------------------- Makefile | 72 ++++++++++++++++++++++++++++++++++++++--------------- Version.txt | 1 + 4 files changed, 55 insertions(+), 58 deletions(-) delete mode 100644 Jenkinsfile create mode 100644 Version.txt diff --git a/.gitignore b/.gitignore index e15bae5..4b0e10c 100644 --- a/.gitignore +++ b/.gitignore @@ -26,4 +26,6 @@ Temporary Items .apdisk .tools +build +.cache .idea/ diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index b124f60..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,38 +0,0 @@ -pipeline { - agent { label 'linux-docker-small' } - options { - buildDiscarder(logRotator(numToKeepStr:'25')) - disableConcurrentBuilds() - timestamps() - } - triggers { - /* - Restrict nightly builds to master branch - Note: The BRANCH_NAME will only work with a multi-branch job using the github-branch-source - */ - cron(BRANCH_NAME == "master" ? "H H(4-6) * * *" : "") - } - environment { PATH="${tool 'docker-latest'}/bin:$PATH" } - stages { - stage('Build Images') { - steps { - sh 'make image' - } - } - stage('Deploy Images') { - when { - allOf { - expression { env.CHANGE_ID == null } - expression { env.BRANCH_NAME == "master" } - } - } - environment { - DOCKER_LOGIN = credentials('dockerhub-codicebot') - } - steps { - sh 'docker login -u $DOCKER_LOGIN_USR -p $DOCKER_LOGIN_PSW' - sh 'make push' - } - } - } -} diff --git a/Makefile b/Makefile index b9f5c43..8cba396 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,18 @@ -# Set the base name for the image -IMAGE_NAME:=codice/ddf-base - -GIT_SHA:=$(shell git rev-parse HEAD) -MASTER_SHA:=$(shell git show-ref -s refs/heads/master) -ifneq (${MASTER_SHA}, ${GIT_SHA}) - IMAGE_VERSION=${GIT_SHA} -else - IMAGE_VERSION=latest -endif -# Compute Build Tag -BUILD_TAG=$(IMAGE_NAME):$(IMAGE_VERSION) +PROJECT_NAME ?= "ddf-entrypoint" +mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) +project_home := $(patsubst %/,%,$(dir $(mkfile_path))) +version_file := $(project_home)/Version.txt +CACHE_DIR ?= $(project_home)/.cache +BINARY_CACHE := $(CACHE_DIR)/bin + +BUILD_DIR ?= $(project_home)/build +BUILD_PACKAGES_DIR := $(BUILD_DIR)/packages +BUILD_PREP_DIR := $(BUILD_DIR)/prep +VERSION := $(shell cat $(version_file)) +PACKAGE_NAME := $(PROJECT_NAME)-$(VERSION) +ARCHIVE_NAME := $(PACKAGE_NAME).tar.gz +ARCHIVE_OUTPUT := $(BUILD_PACKAGES_DIR)/$(ARCHIVE_NAME) +INSTALL_OUTPUT := $(BUILD_PREP_DIR)/$(PACKAGE_NAME) .DEFAULT_GOAL := help @@ -17,13 +20,42 @@ BUILD_TAG=$(IMAGE_NAME):$(IMAGE_VERSION) help: ## Display help. @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) -.PHONY: image -image: ## Build the docker image - @echo "Building $(BUILD_TAG)" - @docker build --pull -t $(BUILD_TAG) . +.PHONY: package +package: dependencies prepare ## Package the project output into an archive + @echo "Building..." + +.PHONY: prepare +prepare: $(BUILD_PREP_DIR)/$(PACKAGE_NAME) ## Prepares for packaging + @echo "Preparing..." + +.PHONY: dependencies +dependencies: $(BINARY_CACHE)/props $(BINARY_CACHE)/jq + @echo "Downloading Dependencies" + +$(CACHE_DIR): + @mkdir -p $@ + +$(BINARY_CACHE): $(CACHE_DIR) + @mkdir -p $@ + +$(BINARY_CACHE)/props: $(BINARY_CACHE) + @wget -N -O $@ https://github.com/oconnormi/props/releases/download/v0.2.0/props_linux_amd64 + @touch $@ + @chmod 755 $@ + +$(BINARY_CACHE)/jq: $(BINARY_CACHE) + @wget -N -O $@ https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 + @touch $@ + @chmod 755 $@ + +$(BUILD_DIR): + @mkdir -p $@ + +$(BUILD_PREP_DIR): $(BUILD_DIR) + @mkdir -p $@ -.PHONY: push -push: image ## Push the docker image - @echo "Pushing $(BUILD_TAG)" - @docker push $(BUILD_TAG) +$(BUILD_PACKAGES_DIR): $(BUILD_DIR) + @mkdir -p $@ +$(BUILD_PREP_DIR)/$(PACKAGE_NAME): $(BUILD_PREP_DIR) + @mkdir -p $@ diff --git a/Version.txt b/Version.txt new file mode 100644 index 0000000..3eefcb9 --- /dev/null +++ b/Version.txt @@ -0,0 +1 @@ +1.0.0 From 8c1a061ee2fa422bf925e703a8c89638108a8f58 Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Fri, 16 Aug 2019 11:23:34 -0400 Subject: [PATCH 02/10] Reorganized entrypoint, moved argbash template processing to makefile, makefile works up through producing an unpacked entrypoint directory --- Makefile | 85 ++++++++++- argbash-templates/build.sh | 19 --- argbash-templates/create-cdm.m4 | 141 ++++++++++++++++++ entrypoint.sh | 96 ++++++++++++ entrypoint/entrypoint.sh | 35 ----- .../00-global.env | 0 .../certs_env.sh => environment/01-certs.env | 2 - {entrypoint => library}/certs.sh | 0 {entrypoint => library}/fanout_mode.sh | 0 .../files/ca/openssl-demo.cnf | 0 ...77aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config | 0 ...dc0aef4-a993-4291-b207-74a28c2c420d.config | 0 ...y.policy.context.impl.PolicyManager.config | 0 .../files/templates/registry/csw.template | 0 .../templates/sources/csw_federated.config | 0 {entrypoint => library}/ingest_data.sh | 0 {entrypoint => library}/load_certs.sh | 0 {entrypoint => library}/local_ca_request.sh | 0 {entrypoint => library}/post_start.sh | 0 {entrypoint => library}/pre_start.sh | 0 {entrypoint => library}/registry.sh | 0 {entrypoint => library}/remote_ca_request.sh | 0 {entrypoint => library}/security_profile.sh | 0 {entrypoint => library}/seed_content.sh | 0 {entrypoint => library}/setup_cdm.sh | 0 {entrypoint => library}/sources.sh | 0 26 files changed, 314 insertions(+), 64 deletions(-) delete mode 100755 argbash-templates/build.sh create mode 100644 argbash-templates/create-cdm.m4 create mode 100755 entrypoint.sh delete mode 100755 entrypoint/entrypoint.sh rename entrypoint/global_env.sh => environment/00-global.env (100%) rename entrypoint/certs_env.sh => environment/01-certs.env (94%) rename {entrypoint => library}/certs.sh (100%) rename {entrypoint => library}/fanout_mode.sh (100%) rename {entrypoint => library}/files/ca/openssl-demo.cnf (100%) rename {entrypoint => library}/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config (100%) rename {entrypoint => library}/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config (100%) rename {entrypoint => library}/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config (100%) rename {entrypoint => library}/files/templates/registry/csw.template (100%) rename {entrypoint => library}/files/templates/sources/csw_federated.config (100%) rename {entrypoint => library}/ingest_data.sh (100%) rename {entrypoint => library}/load_certs.sh (100%) rename {entrypoint => library}/local_ca_request.sh (100%) rename {entrypoint => library}/post_start.sh (100%) rename {entrypoint => library}/pre_start.sh (100%) rename {entrypoint => library}/registry.sh (100%) rename {entrypoint => library}/remote_ca_request.sh (100%) rename {entrypoint => library}/security_profile.sh (100%) rename {entrypoint => library}/seed_content.sh (100%) rename {entrypoint => library}/setup_cdm.sh (100%) rename {entrypoint => library}/sources.sh (100%) diff --git a/Makefile b/Makefile index 8cba396..c039a83 100644 --- a/Makefile +++ b/Makefile @@ -1,37 +1,64 @@ -PROJECT_NAME ?= "ddf-entrypoint" +PROJECT_NAME ?= ddf-entrypoint mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) project_home := $(patsubst %/,%,$(dir $(mkfile_path))) -version_file := $(project_home)/Version.txt -CACHE_DIR ?= $(project_home)/.cache +version_file := Version.txt +CACHE_DIR := .cache BINARY_CACHE := $(CACHE_DIR)/bin +TOOLS_DIR := .tools -BUILD_DIR ?= $(project_home)/build +ARGBASH := $(TOOLS_DIR)/argbash/bin/argbash + +BUILD_DIR := build BUILD_PACKAGES_DIR := $(BUILD_DIR)/packages +ARGBASH_PREP_DIR := $(BUILD_DIR)/argbash-templates BUILD_PREP_DIR := $(BUILD_DIR)/prep VERSION := $(shell cat $(version_file)) PACKAGE_NAME := $(PROJECT_NAME)-$(VERSION) +ARCHIVE_PREP_DIR := $(BUILD_PREP_DIR)/$(PACKAGE_NAME) ARCHIVE_NAME := $(PACKAGE_NAME).tar.gz ARCHIVE_OUTPUT := $(BUILD_PACKAGES_DIR)/$(ARCHIVE_NAME) INSTALL_OUTPUT := $(BUILD_PREP_DIR)/$(PACKAGE_NAME) +environment_sources := $(wildcard environment/*.env) +environment_targets := $(patsubst environment/%.env, $(ARCHIVE_PREP_DIR)/environment/%.env, $(environment_sources)) +current_environment_source = $(patsubst $(ARCHIVE_PREP_DIR)/environment/%.env, environment/%.env, $@) +library_sources := $(wildcard library/*.sh) +library_targets := $(patsubst library/%.sh, $(ARCHIVE_PREP_DIR)/library/%.sh, $(library_sources)) +current_library_source = $(patsubst $(ARCHIVE_PREP_DIR)/library/%.sh, library/%.sh, $@) +argbash_sources := $(wildcard argbash-templates/*.m4) +argbash_targets := $(patsubst argbash-templates/%.m4, $(ARCHIVE_PREP_DIR)/bin/%, $(argbash_sources)) +current_argbash_source = $(patsubst $(ARCHIVE_PREP_DIR)/bin/%, argbash-templates/%.m4, $@) + + .DEFAULT_GOAL := help .PHONY: help help: ## Display help. @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) +.PHONY: clean +clean: ## Cleans up build artifacts + @rm -rf $(BUILD_DIR) + +.PHONY: clean_cache +clean_cache: ## Cleans up download cache + @rm -rf $(CACHE_DIR) + .PHONY: package package: dependencies prepare ## Package the project output into an archive @echo "Building..." -.PHONY: prepare -prepare: $(BUILD_PREP_DIR)/$(PACKAGE_NAME) ## Prepares for packaging +.PHONY: prepare +prepare: tools $(ARCHIVE_PREP_DIR) $(environment_targets) $(library_targets) $(argbash_targets) ## Prepares for packaging @echo "Preparing..." .PHONY: dependencies dependencies: $(BINARY_CACHE)/props $(BINARY_CACHE)/jq @echo "Downloading Dependencies" +.PHONY: tools +tools: $(TOOLS_DIR)/argbash ## Downloads and prepares any tools used by the build + $(CACHE_DIR): @mkdir -p $@ @@ -48,14 +75,56 @@ $(BINARY_CACHE)/jq: $(BINARY_CACHE) @touch $@ @chmod 755 $@ +$(TOOLS_DIR): + @mkdir -p $@ + +$(TOOLS_DIR)/argbash: $(CACHE_DIR)/argbash.tar.gz $(TOOLS_DIR) + @mkdir -p $@ + @tar xzf $< -C $@ --strip-components=1 + +$(CACHE_DIR)/argbash.tar.gz: $(CACHE_DIR) + @wget -N -O $@ https://github.com/matejak/argbash/archive/2.7.1.tar.gz + @touch $@ + $(BUILD_DIR): @mkdir -p $@ $(BUILD_PREP_DIR): $(BUILD_DIR) - @mkdir -p $@ + @mkdir -p $@: $(BUILD_PACKAGES_DIR): $(BUILD_DIR) @mkdir -p $@ -$(BUILD_PREP_DIR)/$(PACKAGE_NAME): $(BUILD_PREP_DIR) +$(ARCHIVE_PREP_DIR): $(BUILD_PREP_DIR) @mkdir -p $@ + +# Begin Processing sources +# Environment Files +$(ARCHIVE_PREP_DIR)/environment: $(BUILD_PREP_DIR)/$(PACKAGE_NAME) + @mkdir -p $@ + +$(environment_targets): %.env: $(ARCHIVE_PREP_DIR)/environment + @echo "Copying env file: $(current_environment_source) to: $@" + @cp $(current_environment_source) $@ + @chmod 755 $@ + +# Library Scripts +$(ARCHIVE_PREP_DIR)/library: $(ARCHIVE_PREP_DIR) + @mkdir -p $@ + +$(library_targets): %.sh: $(ARCHIVE_PREP_DIR)/library + @echo "Copying library file: $(current_library_source) to: $@" + @cp $(current_library_source) $@ + @chmod 755 $@ + +# Argbash Scripts +$(ARCHIVE_PREP_DIR)/bin: $(ARCHIVE_PREP_DIR) + @mkdir -p $@ + +$(ARGBASH_PREP_DIR): $(BUILD_DIR) + @mkdir -p $@ + +$(argbash_targets): %: $(ARCHIVE_PREP_DIR)/bin $(TOOLS_DIR)/argbash + @echo "Building Argbash Template $(current_argbash_source) as $@" + @$(ARGBASH) $(current_argbash_source) -o $@ + @touch $@ diff --git a/argbash-templates/build.sh b/argbash-templates/build.sh deleted file mode 100755 index 66ad8e1..0000000 --- a/argbash-templates/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -_cmd_output=${CMD_OUTPUT:="/out/cmd"} -_completion_output=${COMPLETION_OUTPUT:="/out/completion"} - -mkdir -p ${_cmd_output} -mkdir -p ${_completion_output} - -for f in *.m4 -do - file="${f#.}" - _cmd_file="${_cmd_output}/${file%.m4}" - _completion_file="${_completion_output}/${file%.m4}.sh" - - echo "Creating command ${_cmd_file} from ${file}" - argbash "${file}" -o "${_cmd_file}" - echo "Creating completion ${_completion_file} from ${file}" - argbash --type completion "${file}" -o "${_completion_file}" -done diff --git a/argbash-templates/create-cdm.m4 b/argbash-templates/create-cdm.m4 new file mode 100644 index 0000000..fe9723d --- /dev/null +++ b/argbash-templates/create-cdm.m4 @@ -0,0 +1,141 @@ +#!/bin/bash + +# m4_ignore( +echo "This is just a script template, not the script (yet) - pass it to 'argbash' to fix this." >&2 +exit 11 #)Created by argbash-init v2.6.1 +# ARG_OPTIONAL_SINGLE([processing-mechanism], [p], [behavior when files are processed. Choices are in_place, move, and delete], [in_place]) +# ARG_OPTIONAL_SINGLE([threads], [t], [specify the number of threads to use for processing files], [1]) +# ARG_OPTIONAL_SINGLE([ddf-directory], [d], [Directory where ddf instance is located], [$(pwd)]) +# ARG_OPTIONAL_SINGLE([readlock-interval], [r], [specify the amount of time to wait before acquiring a file lock], [500]) +# ARG_OPTIONAL_REPEATED([attribute-override], [o], [Specify attribute overrides of the form 'key=value' (Not yet supported!)]) +# ARG_POSITIONAL_SINGLE([directory], [Specify the path to the directory to be monitored]) +# ARG_DEFAULTS_POS +# ARG_HELP([Create a ContentDirectoryMonitor for a specified directory. Nothing will be done if configuration already exists]) +# ARGBASH_GO + +# [ <-- needed because of Argbash + +_ddf_etc=${KARAF_ETC:="${_arg_ddf_directory}/etc"} +_ddf_security=${_arg_ddf_directory}/security + +###### Content Directory Monitor Constants ####### +# Basic CDM properties +_cdm_pid=org.codice.ddf.catalog.content.monitor.ContentDirectoryMonitor +_cdm_config_extension=config +################################################## + +####### URL Resource Reader Constants ####### +# Basic URL Resource Reader properties +_url_resource_reader_pid=ddf.catalog.resource.impl.URLResourceReader +_url_resource_reader_config_extension=config +################################################## + +# Checks if a CDM configuration exists for a given path +function cdmConfigExists { + shopt -s extglob + local result=$(find ${_ddf_etc} -type f -name "${_cdm_pid}*" -exec grep -H "${_arg_directory}" {} \; | wc -l) + result=${result##*( )} + result=${result%%*( )} + shopt -u extglob + echo "${result}" +} + +# Creates a cdm service pid used by the managed service factory +# msf service pid contains a hexadecimal uuid of <8 chars>-<4 chars>-<4 chars>-<4 chars>-<12 chars> +# Service Pid format is . +function generateServicePid() { + echo "${_cdm_pid}.$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-f0-9' | fold -w 8 | head -n 1)\ +-$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-f0-9' | fold -w 4 | head -n 1)\ +-$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-f0-9' | fold -w 4 | head -n 1)\ +-$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-f0-9' | fold -w 4 | head -n 1)\ +-$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-f0-9' | fold -w 12 | head -n 1)" +} + +# Creates a UUID for use in the config file name +# msf config file needs 32 character uuid in name +function generateConfigUUID() { + cat /dev/urandom | LC_CTYPE=C tr -dc 'a-f0-9' | fold -w 32 | head -n 1 +} + +# Generates CDM security policy for the directory being monitored +function genCdmSecPolicy() { + local header="CDM Permissions for ${_arg_directory}" + if ! grep -q "${header}" ${_ddf_security}/configurations.policy; then + sed -i.bak "/Add required CDM permissions here/a\\ +\\ +\\ // ${header}:\\ +\\ permission java.io.FilePermission \"${_arg_directory}\", \"read\";\\ +\\ permission java.io.FilePermission \"${_arg_directory}\${\/}-\", \"read, write\"; +" ${_ddf_security}/configurations.policy + fi +} + +# Generates URL Resource Reader security policy for the directory being monitored +function genUrlSecPolicy() { + local header="URL Resource Reader Permissions for ${_arg_directory}" + if ! grep -q "${header}" ${_ddf_security}/configurations.policy; then + sed -i.bak "/Add required URL Resource Reader permissions here/a\\ +\\ +\\ // ${header}:\\ +\\ permission java.io.FilePermission \"${_arg_directory}\", \"read\";\\ +\\ permission java.io.FilePermission \"${_arg_directory}\${\/}-\", \"read\"; +" ${_ddf_security}/configurations.policy + fi +} + +# Creates URL Resource Reader config +function createUrlConfig() { + local _url_resource_reader_config_path=${_ddf_etc}/${_url_resource_reader_pid}.${_url_resource_reader_config_extension} + if [ ! -f ${_url_resource_reader_config_path} ]; then + cat > ${_url_resource_reader_config_path} << EOF +followRedirects=B"false" +rootResourceDirectories=[ \\ + "data/products", \\ + ] +service.pid="${_url_resource_reader_pid}" +EOF + fi + if ! grep -q "${_arg_directory}" ${_url_resource_reader_config_path}; then + sed -i.bak "/data\/products/a\\ +\\ \"${_arg_directory}\", \\\ +\\ +" ${_url_resource_reader_config_path} + fi +} + +# Create a configuration for with the provided cdm options +function createCdmConfig() { + local _cdm_config_path=${_ddf_etc}/${_cdm_pid}-$(generateConfigUUID).${_cdm_config_extension} + local _cdm_service_pid=$(generateServicePid) + cat > ${_cdm_config_path} << EOF +monitoredDirectoryPath="${_arg_directory}" +processingMechanism="${_arg_processing_mechanism}" +numThreads=I"${_arg_threads}" +readLockIntervalMilliseconds=I"${_arg_readlock_interval}" +service.factoryPid="${_cdm_pid}" +service.pid="${_cdm_service_pid}" +EOF +} + +# returns 0 when successful, 1 if config already exists +function main { + exists=$(cdmConfigExists) + if [ "${exists}" -ne 0 ]; then + echo "CDM already exists for directory ${_arg_directory}, skipping" + return 1 + else + echo "Creating CDM permissions and configuration for ${_arg_directory}" + if genCdmSecPolicy && createCdmConfig; then + echo "Done" + if [ "${_arg_processing_mechanism}" == "in_place" ]; then + echo "Creating URL Resource Reader permissions and configuration for ${_arg_directory}" + genUrlSecPolicy && createUrlConfig && echo "Done" && return 0 + fi + return 0 + fi + fi +} + +main + +# ] <-- needed because of Argbash diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..83314f3 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +# Initialize ENTRYPOINT_HOME +export ENTRYPOINT_HOME="" +export ENTRYPOINT_LIBRARY="" +ENTRYPOINT_ENV_LIBRARY="" +ENTRYPOINT_BIN="" + +function initScriptDir { + case "`uname`" in + Darwin*) + darwin=true + ;; + Linux*) + linux=true + ;; + *) + echo -e "\n`uname` is not currently supported, attempting to run with settings for linux\n" + linux=true + esac + + # Set ENTRYPOINT_HOME based on environment + if $linux; then + ENTRYPOINT_HOME="$(dirname "$(readlink -f "$0")")" + elif $darwin; then + #For Darwin, check for greadlink + if type -p greadlink; then + ENTRYPOINT_HOME="$(dirname "$(greadlink -f "$0")")" + else + echo -e "\n greadlink is not available in the PATH\n\ + This is provided on OSX by coreutils\n\ + coreutils can be installed through homebrew by running\n\ + 'brew install coreutils'\n\ + For more information on homebrew, see: http://brew.sh" + echo -e "\nAttempting fallback method...\n" + + ENTRYPOINT_HOME=$( cd "$( dirname "$0" )" && pwd ) + fi + fi +} + +function initEnvironment { + for env in ${ENTRYPOINT_ENV_LIBRARY}/* + do + source $env + done +} + + +function entrypoint { + if [ -e "${ENTRYPOINT_LIBRARY}/pre_start.sh" ]; then + echo "Pre-Start Configuration Script found, running now..." + if [ $UID = 0 ]; then + chmod 755 ${ENTRYPOINT_LIBRARY}/pre_start.sh + else + sudo chmod 755 ${ENTRYPOINT_LIBRARY}/pre_start.sh + fi + sleep 1 + ${ENTRYPOINT_LIBRARY}/pre_start.sh + fi + + echo "Starting ${APP_NAME}" + + if [ -n "$HTTPS_PORT" ] && [ "$HTTPS_PORT" -lt "1024" ] && [ $EUID -ne 0 ]; then + sudo -E $APP_HOME/bin/start + else + $APP_HOME/bin/start + fi + + sleep 2 + + if [ -e "${ENTRYPOINT_LIBRARY}/post_start.sh" ]; then + echo "Post-Start Configuration Script found, running now..." + if [ $UID = 0 ]; then + chmod 755 ${ENTRYPOINT_LIBRARY}/post_start.sh + else + sudo chmod 755 ${ENTRYPOINT_LIBRARY}/post_start.sh + fi + sleep 1 + ${ENTRYPOINT_LIBRARY}/post_start.sh + fi + + tail -f $APP_LOG +} + +function main { + initScriptDir $@ + ENTRYPOINT_LIBRARY=${ENTRYPOINT_HOME}/library + ENTRYPOINT_ENV_LIBRARY=${ENTRYPOINT_HOME}/environment + ENTRYPOINT_BIN=${ENTRYPOINT_HOME}/bin + PATH=${ENTRYPOINT_BIN}:${PATH} + initEnvironment $@ + entrypoint $@ +} + +main $@ diff --git a/entrypoint/entrypoint.sh b/entrypoint/entrypoint.sh deleted file mode 100755 index 6c04d2c..0000000 --- a/entrypoint/entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -if [ -e "${ENTRYPOINT_HOME}/pre_start.sh" ]; then - echo "Pre-Start Configuration Script found, running now..." - if [ $UID = 0 ]; then - chmod 755 ${ENTRYPOINT_HOME}/pre_start.sh - else - sudo chmod 755 ${ENTRYPOINT_HOME}/pre_start.sh - fi - sleep 1 - ${ENTRYPOINT_HOME}/pre_start.sh -fi - -echo "Starting ${APP_NAME}" - -if [ -n "$HTTPS_PORT" ] && [ "$HTTPS_PORT" -lt "1024" ] && [ $EUID -ne 0 ]; then - sudo -E $APP_HOME/bin/start -else - $APP_HOME/bin/start -fi - -sleep 2 - -if [ -e "${ENTRYPOINT_HOME}/post_start.sh" ]; then - echo "Post-Start Configuration Script found, running now..." - if [ $UID = 0 ]; then - chmod 755 ${ENTRYPOINT_HOME}/post_start.sh - else - sudo chmod 755 ${ENTRYPOINT_HOME}/post_start.sh - fi - sleep 1 - ${ENTRYPOINT_HOME}/post_start.sh -fi - -tail -f $APP_LOG diff --git a/entrypoint/global_env.sh b/environment/00-global.env similarity index 100% rename from entrypoint/global_env.sh rename to environment/00-global.env diff --git a/entrypoint/certs_env.sh b/environment/01-certs.env similarity index 94% rename from entrypoint/certs_env.sh rename to environment/01-certs.env index 244d3ff..7da0b09 100755 --- a/entrypoint/certs_env.sh +++ b/environment/01-certs.env @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - _remote_ca=${CA_REMOTE_URL:=""} # Set to host:port for remote CFSSL based CA _storepass=changeit _trustStoreOpts="-keystore ${_server_truststore_file} -storepass ${_storepass} -noprompt" diff --git a/entrypoint/certs.sh b/library/certs.sh similarity index 100% rename from entrypoint/certs.sh rename to library/certs.sh diff --git a/entrypoint/fanout_mode.sh b/library/fanout_mode.sh similarity index 100% rename from entrypoint/fanout_mode.sh rename to library/fanout_mode.sh diff --git a/entrypoint/files/ca/openssl-demo.cnf b/library/files/ca/openssl-demo.cnf similarity index 100% rename from entrypoint/files/ca/openssl-demo.cnf rename to library/files/ca/openssl-demo.cnf diff --git a/entrypoint/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config b/library/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config similarity index 100% rename from entrypoint/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config rename to library/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config diff --git a/entrypoint/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config b/library/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config similarity index 100% rename from entrypoint/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config rename to library/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config diff --git a/entrypoint/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config b/library/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config similarity index 100% rename from entrypoint/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config rename to library/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config diff --git a/entrypoint/files/templates/registry/csw.template b/library/files/templates/registry/csw.template similarity index 100% rename from entrypoint/files/templates/registry/csw.template rename to library/files/templates/registry/csw.template diff --git a/entrypoint/files/templates/sources/csw_federated.config b/library/files/templates/sources/csw_federated.config similarity index 100% rename from entrypoint/files/templates/sources/csw_federated.config rename to library/files/templates/sources/csw_federated.config diff --git a/entrypoint/ingest_data.sh b/library/ingest_data.sh similarity index 100% rename from entrypoint/ingest_data.sh rename to library/ingest_data.sh diff --git a/entrypoint/load_certs.sh b/library/load_certs.sh similarity index 100% rename from entrypoint/load_certs.sh rename to library/load_certs.sh diff --git a/entrypoint/local_ca_request.sh b/library/local_ca_request.sh similarity index 100% rename from entrypoint/local_ca_request.sh rename to library/local_ca_request.sh diff --git a/entrypoint/post_start.sh b/library/post_start.sh similarity index 100% rename from entrypoint/post_start.sh rename to library/post_start.sh diff --git a/entrypoint/pre_start.sh b/library/pre_start.sh similarity index 100% rename from entrypoint/pre_start.sh rename to library/pre_start.sh diff --git a/entrypoint/registry.sh b/library/registry.sh similarity index 100% rename from entrypoint/registry.sh rename to library/registry.sh diff --git a/entrypoint/remote_ca_request.sh b/library/remote_ca_request.sh similarity index 100% rename from entrypoint/remote_ca_request.sh rename to library/remote_ca_request.sh diff --git a/entrypoint/security_profile.sh b/library/security_profile.sh similarity index 100% rename from entrypoint/security_profile.sh rename to library/security_profile.sh diff --git a/entrypoint/seed_content.sh b/library/seed_content.sh similarity index 100% rename from entrypoint/seed_content.sh rename to library/seed_content.sh diff --git a/entrypoint/setup_cdm.sh b/library/setup_cdm.sh similarity index 100% rename from entrypoint/setup_cdm.sh rename to library/setup_cdm.sh diff --git a/entrypoint/sources.sh b/library/sources.sh similarity index 100% rename from entrypoint/sources.sh rename to library/sources.sh From 68802d53ed9ad01c988b4b663e7a91b956d3e387 Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Tue, 20 Aug 2019 20:44:47 -0400 Subject: [PATCH 03/10] Removed unnecessary sourcing --- library/certs.sh | 2 -- library/fanout_mode.sh | 1 - library/ingest_data.sh | 2 -- library/load_certs.sh | 2 -- library/local_ca_request.sh | 2 -- library/post_start.sh | 2 -- library/pre_start.sh | 2 -- library/registry.sh | 4 +--- library/remote_ca_request.sh | 2 -- library/security_profile.sh | 2 -- library/setup_cdm.sh | 2 -- library/sources.sh | 2 -- 12 files changed, 1 insertion(+), 24 deletions(-) diff --git a/library/certs.sh b/library/certs.sh index 3dbfaf3..d6ca076 100755 --- a/library/certs.sh +++ b/library/certs.sh @@ -1,8 +1,6 @@ #!/bin/bash # Generate certs -source $ENTRYPOINT_HOME/certs_env.sh - # Check if already complete keytool -list -alias $_keyAlias $_keytoolOpts > /dev/null 2>&1 if [ $? -ne 0 ] ; then diff --git a/library/fanout_mode.sh b/library/fanout_mode.sh index 6547a4e..092fcb9 100755 --- a/library/fanout_mode.sh +++ b/library/fanout_mode.sh @@ -1,5 +1,4 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh _catalog_framework_config=${_app_etc}/ddf.catalog.CatalogFrameworkImpl.config diff --git a/library/ingest_data.sh b/library/ingest_data.sh index 5ec00ca..270d381 100755 --- a/library/ingest_data.sh +++ b/library/ingest_data.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - # Two params # $1: Path to metadata directory # $2: Transformer diff --git a/library/load_certs.sh b/library/load_certs.sh index 69b5785..f93dac2 100755 --- a/library/load_certs.sh +++ b/library/load_certs.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/certs_env.sh - _tmp_cert_dir=/tmp/load_certs _tmp_output_dir=${_tmp_cert_dir}/out mkdir -p ${_tmp_output_dir} diff --git a/library/local_ca_request.sh b/library/local_ca_request.sh index 7f66c51..8ac3c51 100755 --- a/library/local_ca_request.sh +++ b/library/local_ca_request.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/certs_env.sh - _subject="/C=US/ST=AZ/L=Hursley/O=DDF/OU=Dev/CN=${_system_external_hostname}" _serial=$(cat /dev/urandom | tr -dc '0-9' | fold -w 16 | head -n 1) diff --git a/library/post_start.sh b/library/post_start.sh index 0f4c504..c57db5b 100755 --- a/library/post_start.sh +++ b/library/post_start.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - echo -n "Waiting for log file: ${APP_LOG} to be created..." while [ ! -f ${APP_LOG} ] do diff --git a/library/pre_start.sh b/library/pre_start.sh index 4d86391..51b95e9 100755 --- a/library/pre_start.sh +++ b/library/pre_start.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - # Prepare Certs ${ENTRYPOINT_HOME}/certs.sh diff --git a/library/registry.sh b/library/registry.sh index 6c394f5..caf56e9 100755 --- a/library/registry.sh +++ b/library/registry.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - # Format for REGISTRY should be REGISTRY=|||||||,... function registry { IFS=',' read -r -a _registry_list <<< "${REGISTRY}" @@ -65,4 +63,4 @@ function registry { } registry -exit $? \ No newline at end of file +exit $? diff --git a/library/remote_ca_request.sh b/library/remote_ca_request.sh index 8814c19..8792b16 100755 --- a/library/remote_ca_request.sh +++ b/library/remote_ca_request.sh @@ -1,8 +1,6 @@ #!/bin/bash # Requests a certificate from a remote CFSSL based CA -source ${ENTRYPOINT_HOME}/certs_env.sh - _tmp_cert_dir=/tmp/ca_remote_request _tmp_output_dir=${_tmp_cert_dir}/out mkdir -p ${_tmp_output_dir} diff --git a/library/security_profile.sh b/library/security_profile.sh index a38e144..33c720d 100755 --- a/library/security_profile.sh +++ b/library/security_profile.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - printf "Security Profile is set to ${SECURITY_PROFILE}/n" set-guest-attributes -iH ${_system_external_hostname} ${SECURITY_PROFILE} diff --git a/library/setup_cdm.sh b/library/setup_cdm.sh index 792f358..52f3865 100755 --- a/library/setup_cdm.sh +++ b/library/setup_cdm.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - # $CDM can contain multiple configs of the form # |||,|.... function main { diff --git a/library/sources.sh b/library/sources.sh index a2dc603..c8be2cd 100755 --- a/library/sources.sh +++ b/library/sources.sh @@ -1,7 +1,5 @@ #!/bin/bash -source ${ENTRYPOINT_HOME}/global_env.sh - # DDF Catalog sources, passed in the form of # ||||,|... function sources { From a8c293f312aa752b28ecedb088cefb59710eeb91 Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Tue, 20 Aug 2019 21:15:06 -0400 Subject: [PATCH 04/10] Cleaned up download urls, added step to copy binaries into distribution --- Makefile | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index c039a83..c68581d 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,13 @@ ARCHIVE_NAME := $(PACKAGE_NAME).tar.gz ARCHIVE_OUTPUT := $(BUILD_PACKAGES_DIR)/$(ARCHIVE_NAME) INSTALL_OUTPUT := $(BUILD_PREP_DIR)/$(PACKAGE_NAME) +PROPS_VERSION := 0.2.0 +JQ_VERSION := 1.5 +ARGBASH_VERSION := 2.7.1 +PROPS_DOWNLOAD_URL := https://github.com/oconnormi/props/releases/download/v$(PROPS_VERSION)/props_linux_amd64 +JQ_DOWNLOAD_URL := https://github.com/stedolan/jq/releases/download/jq-$(JQ_VERSION)/jq-linux64 +ARGBASH_DOWNLOAD_URL := https://github.com/matejak/argbash/archive/$(ARGBASH_VERSION).tar.gz + environment_sources := $(wildcard environment/*.env) environment_targets := $(patsubst environment/%.env, $(ARCHIVE_PREP_DIR)/environment/%.env, $(environment_sources)) current_environment_source = $(patsubst $(ARCHIVE_PREP_DIR)/environment/%.env, environment/%.env, $@) @@ -49,7 +56,7 @@ package: dependencies prepare ## Package the project output into an archive @echo "Building..." .PHONY: prepare -prepare: tools $(ARCHIVE_PREP_DIR) $(environment_targets) $(library_targets) $(argbash_targets) ## Prepares for packaging +prepare: tools $(ARCHIVE_PREP_DIR) $(environment_targets) $(library_targets) $(argbash_targets) $(ARCHIVE_PREP_DIR)/bin/jq $(ARCHIVE_PREP_DIR)/bin/props ## Prepares for packaging @echo "Preparing..." .PHONY: dependencies @@ -66,12 +73,12 @@ $(BINARY_CACHE): $(CACHE_DIR) @mkdir -p $@ $(BINARY_CACHE)/props: $(BINARY_CACHE) - @wget -N -O $@ https://github.com/oconnormi/props/releases/download/v0.2.0/props_linux_amd64 + @wget -N -O $@ $(PROPS_DOWNLOAD_URL) @touch $@ @chmod 755 $@ $(BINARY_CACHE)/jq: $(BINARY_CACHE) - @wget -N -O $@ https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 + @wget -N -O $@ $(JQ_DOWNLOAD_URL) @touch $@ @chmod 755 $@ @@ -83,14 +90,14 @@ $(TOOLS_DIR)/argbash: $(CACHE_DIR)/argbash.tar.gz $(TOOLS_DIR) @tar xzf $< -C $@ --strip-components=1 $(CACHE_DIR)/argbash.tar.gz: $(CACHE_DIR) - @wget -N -O $@ https://github.com/matejak/argbash/archive/2.7.1.tar.gz + @wget -N -O $@ $(ARGBASH_DOWNLOAD_URL) @touch $@ $(BUILD_DIR): @mkdir -p $@ $(BUILD_PREP_DIR): $(BUILD_DIR) - @mkdir -p $@: + @mkdir -p $@ $(BUILD_PACKAGES_DIR): $(BUILD_DIR) @mkdir -p $@ @@ -128,3 +135,15 @@ $(argbash_targets): %: $(ARCHIVE_PREP_DIR)/bin $(TOOLS_DIR)/argbash @echo "Building Argbash Template $(current_argbash_source) as $@" @$(ARGBASH) $(current_argbash_source) -o $@ @touch $@ + +$(ARCHIVE_PREP_DIR)/bin/jq: $(BINARY_CACHE)/jq $(ARCHIVE_PREP_DIR) + @echo "Copying jq from $< to $@" + @cp $< $@ + @chmod 755 $@ + @touch $@ + +$(ARCHIVE_PREP_DIR)/bin/props: $(BINARY_CACHE)/props $(ARCHIVE_PREP_DIR) + @echo "Copying props from $< to $@" + @cp $< $@ + @chmod 755 $@ + @touch $@ From 137f3977802957ecaa3f922888d517aa3e28c7bf Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Tue, 20 Aug 2019 23:32:23 -0400 Subject: [PATCH 05/10] Added static binary for envsubst, added tests to build, added files to build --- Makefile | 55 ++++++++++++++++--- argbash-templates/tests/add-registry.bats | 3 +- argbash-templates/tests/create-source.bats | 4 +- .../tests/set-guest-attributes.bats | 2 + {library/files => files}/ca/openssl-demo.cnf | 0 ...77aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config | 0 ...dc0aef4-a993-4291-b207-74a28c2c420d.config | 0 ...y.policy.context.impl.PolicyManager.config | 0 .../templates/registry/csw.template | 0 .../templates/sources/csw_federated.config | 0 tests/registry.bats | 12 ++-- tests/sources.bats | 13 +++-- 12 files changed, 70 insertions(+), 19 deletions(-) rename {library/files => files}/ca/openssl-demo.cnf (100%) rename {library/files => files}/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config (100%) rename {library/files => files}/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config (100%) rename {library/files => files}/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config (100%) rename {library/files => files}/templates/registry/csw.template (100%) rename {library/files => files}/templates/sources/csw_federated.config (100%) diff --git a/Makefile b/Makefile index c68581d..1352c54 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,13 @@ version_file := Version.txt CACHE_DIR := .cache BINARY_CACHE := $(CACHE_DIR)/bin TOOLS_DIR := .tools +ifeq (, $(shell which podman)) + CONTAINER := docker container +else + CONTAINER := podman container +endif + +BATS = $(CONTAINER) run --rm -it --entrypoint=bash -v ./$<:/opt/entrypoint.tar.gz -v ./$@:/tests --workdir /tests docker.io/bats/bats -c "apk add --no-cache bash && mkdir /opt/entrypoint && tar xzf /opt/entrypoint.tar.gz -C /opt/entrypoint && bats *.bats" ARGBASH := $(TOOLS_DIR)/argbash/bin/argbash @@ -22,9 +29,11 @@ INSTALL_OUTPUT := $(BUILD_PREP_DIR)/$(PACKAGE_NAME) PROPS_VERSION := 0.2.0 JQ_VERSION := 1.5 ARGBASH_VERSION := 2.7.1 +ENVSUBST_VERSION := 1.1.0 PROPS_DOWNLOAD_URL := https://github.com/oconnormi/props/releases/download/v$(PROPS_VERSION)/props_linux_amd64 JQ_DOWNLOAD_URL := https://github.com/stedolan/jq/releases/download/jq-$(JQ_VERSION)/jq-linux64 ARGBASH_DOWNLOAD_URL := https://github.com/matejak/argbash/archive/$(ARGBASH_VERSION).tar.gz +ENVSUBST_DOWNLOAD_URL := https://github.com/a8m/envsubst/releases/download/v$(ENVSUBST_VERSION)/envsubst-Linux-x86_64 environment_sources := $(wildcard environment/*.env) environment_targets := $(patsubst environment/%.env, $(ARCHIVE_PREP_DIR)/environment/%.env, $(environment_sources)) @@ -35,6 +44,9 @@ current_library_source = $(patsubst $(ARCHIVE_PREP_DIR)/library/%.sh, library/%. argbash_sources := $(wildcard argbash-templates/*.m4) argbash_targets := $(patsubst argbash-templates/%.m4, $(ARCHIVE_PREP_DIR)/bin/%, $(argbash_sources)) current_argbash_source = $(patsubst $(ARCHIVE_PREP_DIR)/bin/%, argbash-templates/%.m4, $@) +files_sources := $(shell find files -maxdepth 1 -mindepth 1 -type d) +files_targets := $(patsubst files/%, $(ARCHIVE_PREP_DIR)/%, $(files_sources)) +current_file_source = $(patsubst $(ARCHIVE_PREP_DIR)/%, files/%, $@) .DEFAULT_GOAL := help @@ -51,17 +63,28 @@ clean: ## Cleans up build artifacts clean_cache: ## Cleans up download cache @rm -rf $(CACHE_DIR) +.PHONY: build +build: package test ## Build and test the entrypoint + .PHONY: package -package: dependencies prepare ## Package the project output into an archive - @echo "Building..." +package: dependencies prepare $(ARCHIVE_OUTPUT) ## Package the project output into an archive + +.PHONY: test +test: argbash-templates/tests ## Run Tests + +.PHONY: argbash-templates/tests +argbash-templates/tests: $(ARCHIVE_OUTPUT) ## Test Argbash Templates + $(BATS) + +.PHONY: tests +tests: $(ARCHIVE_OUTPUT) ## Run Integration Tests + $(BATS) .PHONY: prepare -prepare: tools $(ARCHIVE_PREP_DIR) $(environment_targets) $(library_targets) $(argbash_targets) $(ARCHIVE_PREP_DIR)/bin/jq $(ARCHIVE_PREP_DIR)/bin/props ## Prepares for packaging - @echo "Preparing..." +prepare: tools $(ARCHIVE_PREP_DIR) $(environment_targets) $(library_targets) $(argbash_targets) $(ARCHIVE_PREP_DIR)/bin/jq $(ARCHIVE_PREP_DIR)/bin/props $(files_targets) ## Prepares for packaging .PHONY: dependencies dependencies: $(BINARY_CACHE)/props $(BINARY_CACHE)/jq - @echo "Downloading Dependencies" .PHONY: tools tools: $(TOOLS_DIR)/argbash ## Downloads and prepares any tools used by the build @@ -82,6 +105,11 @@ $(BINARY_CACHE)/jq: $(BINARY_CACHE) @touch $@ @chmod 755 $@ +$(BINARY_CACHE)/envsubst: $(BINARY_CACHE) + @wget -N -O $@ $(ENVSUBST_DOWNLOAD_URL) + @touch $@ + @chmod 755 $@ + $(TOOLS_DIR): @mkdir -p $@ @@ -136,14 +164,27 @@ $(argbash_targets): %: $(ARCHIVE_PREP_DIR)/bin $(TOOLS_DIR)/argbash @$(ARGBASH) $(current_argbash_source) -o $@ @touch $@ -$(ARCHIVE_PREP_DIR)/bin/jq: $(BINARY_CACHE)/jq $(ARCHIVE_PREP_DIR) +$(ARCHIVE_PREP_DIR)/bin/jq: $(BINARY_CACHE)/jq $(ARCHIVE_PREP_DIR)/bin @echo "Copying jq from $< to $@" @cp $< $@ @chmod 755 $@ @touch $@ -$(ARCHIVE_PREP_DIR)/bin/props: $(BINARY_CACHE)/props $(ARCHIVE_PREP_DIR) +$(files_targets): %: $(ARCHIVE_PREP_DIR) + @cp -R $(current_file_source) $@ + +$(ARCHIVE_PREP_DIR)/bin/props: $(BINARY_CACHE)/props $(ARCHIVE_PREP_DIR)/bin @echo "Copying props from $< to $@" @cp $< $@ @chmod 755 $@ @touch $@ + +$(ARCHIVE_PREP_DIR)/bin/envsubst: $(BINARY_CACHE)/envsubst $(ARCHIVE_PREP_DIR)/bin + @echo "Copying envsubst from $< to $@" + @cp $< $@ + @chmod 755 $@ + touch $@ + +$(ARCHIVE_OUTPUT): $(ARCHIVE_PREP_DIR) $(BUILD_PACKAGES_DIR) $(ARCHIVE_PREP_DIR)/bin/props $(ARCHIVE_PREP_DIR)/bin/jq $(ARCHIVE_PREP_DIR)/bin/envsubst $(argbash_targets) $(library_targets) $(environment_targets) $(files_targets) + @echo "Packaging Entrypoint Distribution $@ from $<" + @tar czf $@ -C $< . diff --git a/argbash-templates/tests/add-registry.bats b/argbash-templates/tests/add-registry.bats index c02312d..bfba21e 100644 --- a/argbash-templates/tests/add-registry.bats +++ b/argbash-templates/tests/add-registry.bats @@ -2,6 +2,7 @@ function setup { export ENTRYPOINT_HOME=/opt/entrypoint + export PATH=${ENTRYPOINT_HOME}/bin:${PATH} export APP_HOME=${BATS_TMPDIR} mkdir -p ${APP_HOME}/etc } @@ -32,4 +33,4 @@ function teardown() { [ "$status" -eq 0 ] [ -f "$output" ] [ "$output" == "${original_config}" ] -} \ No newline at end of file +} diff --git a/argbash-templates/tests/create-source.bats b/argbash-templates/tests/create-source.bats index 4cf7d76..85c511a 100644 --- a/argbash-templates/tests/create-source.bats +++ b/argbash-templates/tests/create-source.bats @@ -1,6 +1,8 @@ #!/usr/bin/env bats function setup { + export ENTRYPOINT_HOME=/opt/entrypoint + export PATH=${ENTRYPOINT_HOME}/bin:${PATH} export APP_HOME=${BATS_TMPDIR} mkdir -p ${APP_HOME}/etc } @@ -50,4 +52,4 @@ function setup { [ "$status" -eq 1 ] [[ "$output" = *"Not enough positional arguments"* ]] -} \ No newline at end of file +} diff --git a/argbash-templates/tests/set-guest-attributes.bats b/argbash-templates/tests/set-guest-attributes.bats index b5a28da..89ca58e 100644 --- a/argbash-templates/tests/set-guest-attributes.bats +++ b/argbash-templates/tests/set-guest-attributes.bats @@ -1,6 +1,8 @@ #!/usr/bin/env bats function setup() { + export ENTRYPOINT_HOME=/opt/entrypoint + export PATH=${ENTRYPOINT_HOME}/bin:${PATH} export TEST_JSON="test_guest_attributes.json" export TEST_ETC_DIR="test_etc" export INVALID_JSON="invalid.json" diff --git a/library/files/ca/openssl-demo.cnf b/files/ca/openssl-demo.cnf similarity index 100% rename from library/files/ca/openssl-demo.cnf rename to files/ca/openssl-demo.cnf diff --git a/library/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config b/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config similarity index 100% rename from library/files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config rename to files/config/ldap/Claims_Handler_Manager.777aa808-ac8b-4b7a-a7f5-3fb346af0ba7.config diff --git a/library/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config b/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config similarity index 100% rename from library/files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config rename to files/config/ldap/Ldap_Login_Config.adc0aef4-a993-4291-b207-74a28c2c420d.config diff --git a/library/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config b/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config similarity index 100% rename from library/files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config rename to files/config/ldap/org.codice.ddf.security.policy.context.impl.PolicyManager.config diff --git a/library/files/templates/registry/csw.template b/files/templates/registry/csw.template similarity index 100% rename from library/files/templates/registry/csw.template rename to files/templates/registry/csw.template diff --git a/library/files/templates/sources/csw_federated.config b/files/templates/sources/csw_federated.config similarity index 100% rename from library/files/templates/sources/csw_federated.config rename to files/templates/sources/csw_federated.config diff --git a/tests/registry.bats b/tests/registry.bats index 3681f20..9857adb 100644 --- a/tests/registry.bats +++ b/tests/registry.bats @@ -2,6 +2,8 @@ function setup { export ENTRYPOINT_HOME=/opt/entrypoint + export LIBRARY_HOME=${ENTRYPOINT_HOME}/library + export PATH=${ENTRYPOINT_HOME}/bin:${PATH} export APP_HOME=${BATS_TMPDIR} mkdir -p ${APP_HOME}/etc } @@ -14,7 +16,7 @@ function teardown() { @test "Invalid registry type file" { export REGISTRY="https://foo.bar/baz|foo|fooType" - run $ENTRYPOINT_HOME/registry.sh + run $LIBRARY_HOME/registry.sh [ "$status" -eq 1 ] } @@ -22,7 +24,7 @@ function teardown() { @test "Single registry no optionals" { export REGISTRY="https://foo.bar/baz" - run $ENTRYPOINT_HOME/registry.sh + run $LIBRARY_HOME/registry.sh file_count=$(ls -1 ${APP_HOME}/etc | wc -l) @@ -33,7 +35,7 @@ function teardown() { @test "Single registry all optionals" { export REGISTRY="https://foo.bar/baz|foo|csw|false|false|false|admin|password" - run $ENTRYPOINT_HOME/registry.sh + run $LIBRARY_HOME/registry.sh file_count=$(ls -1 ${APP_HOME}/etc | wc -l) @@ -45,7 +47,7 @@ function teardown() { export REGISTRY="https://foo.bar/baz,https://fake.registry/csw" - run $ENTRYPOINT_HOME/registry.sh + run $LIBRARY_HOME/registry.sh file_count=$(ls -1 ${APP_HOME}/etc | wc -l) echo "file count: ${file_count}" >&3 @@ -58,7 +60,7 @@ function teardown() { @test "multiple registries all optionals" { export REGISTRY="https://foo.bar/baz|foo|csw|false|false|false|admin|password,https://fake.registyr/csw|fake|csw|false|true|false|foo|bar" - run $ENTRYPOINT_HOME/registry.sh + run $LIBRARY_HOME/registry.sh file_count=$(ls -1 ${APP_HOME}/etc | wc -l) diff --git a/tests/sources.bats b/tests/sources.bats index 9eb37a6..1497693 100644 --- a/tests/sources.bats +++ b/tests/sources.bats @@ -1,6 +1,9 @@ #!/usr/bin/env bats function setup { + export ENTRYPOINT_HOME=/opt/entrypoint + export LIBRARY_HOME=${ENTRYPOINT_HOME}/library + export PATH=${ENTRYPOINT_HOME}/bin:${PATH} export APP_HOME=${BATS_TMPDIR} mkdir -p ${APP_HOME}/etc } @@ -11,7 +14,7 @@ function teardown() { @test "Test template file is invalid" { export SOURCES="templateName|testName1|testUrl" - run $ENTRYPOINT_HOME/sources.sh + run $LIBRARY_HOME/sources.sh [ "$status" -eq 1 ] [[ "$output" = *"Template file templateName.config could not be found in path"* ]] @@ -19,7 +22,7 @@ function teardown() { @test "Test file is generated" { export SOURCES="csw_federated|testName2|testUrl" - run $ENTRYPOINT_HOME/sources.sh + run $LIBRARY_HOME/sources.sh files="$(ls -1 ${APP_HOME}/etc | wc -l)" [ "${lines[0]}" == "Creating DDF Catalog source configuration with arguments: --config-directory /tmp/etc --template-directory /opt/entrypoint/templates/sources --url testUrl csw_federated testName2" ] @@ -30,7 +33,7 @@ function teardown() { regex="\w*-\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/i" export SOURCES="csw_federated|testName3|testUrl" - run $ENTRYPOINT_HOME/sources.sh + run $LIBRARY_HOME/sources.sh list="$(ls ${APP_HOME}/etc)" [ "$status" -eq 0 ] @@ -39,9 +42,9 @@ function teardown() { @test "Test multiple files are created" { export SOURCES="csw_federated|testName4|1.com,csw_federated|testName4.1|https://2.com,csw_federated|testName4.2|3.net" - run $ENTRYPOINT_HOME/sources.sh + run $LIBRARY_HOME/sources.sh files="$(ls -1 ${APP_HOME}/etc | wc -l)" [ "$status" -eq 0 ] [[ "$output" = *"Total number of files created: 3"* ]] -} \ No newline at end of file +} From 267842cce4b06294e03f2af6c73ffaa0ea18e3e7 Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Tue, 20 Aug 2019 23:37:15 -0400 Subject: [PATCH 06/10] Added in main entrypoint script --- Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1352c54..45e11eb 100644 --- a/Makefile +++ b/Makefile @@ -185,6 +185,11 @@ $(ARCHIVE_PREP_DIR)/bin/envsubst: $(BINARY_CACHE)/envsubst $(ARCHIVE_PREP_DIR)/b @chmod 755 $@ touch $@ -$(ARCHIVE_OUTPUT): $(ARCHIVE_PREP_DIR) $(BUILD_PACKAGES_DIR) $(ARCHIVE_PREP_DIR)/bin/props $(ARCHIVE_PREP_DIR)/bin/jq $(ARCHIVE_PREP_DIR)/bin/envsubst $(argbash_targets) $(library_targets) $(environment_targets) $(files_targets) +$(ARCHIVE_PREP_DIR)/entrypoint.sh: $(ARCHIVE_PREP_DIR) + @cp entrypoint.sh $@ + @touch $@ + @chmod 755 $@ + +$(ARCHIVE_OUTPUT): $(ARCHIVE_PREP_DIR) $(BUILD_PACKAGES_DIR) $(ARCHIVE_PREP_DIR)/bin/props $(ARCHIVE_PREP_DIR)/bin/jq $(ARCHIVE_PREP_DIR)/bin/envsubst $(ARCHIVE_PREP_DIR)/entrypoint.sh $(argbash_targets) $(library_targets) $(environment_targets) $(files_targets) @echo "Packaging Entrypoint Distribution $@ from $<" @tar czf $@ -C $< . From dc9566e95cc384e0c60686a8c8e4befe17615b0e Mon Sep 17 00:00:00 2001 From: Michael O'Connor Date: Wed, 21 Aug 2019 22:09:14 -0400 Subject: [PATCH 07/10] Updating readme --- README.md => README.adoc | 242 ++++++++++++++++++++++++++++----------- 1 file changed, 173 insertions(+), 69 deletions(-) rename README.md => README.adoc (64%) diff --git a/README.md b/README.adoc similarity index 64% rename from README.md rename to README.adoc index 758e243..a9f8175 100644 --- a/README.md +++ b/README.adoc @@ -1,12 +1,32 @@ -# DDF Base +ifdef::env-github[] +:tip-caption: :bulb: +:note-caption: :information_source: +:important-caption: :heavy_exclamation_mark: +:caution-caption: :fire: +:warning-caption: :warning: +endif::[] -Base level docker image containing all dependencies for DDF as well as a common set of steps for running a DDF based distribution +:toc: +:toc-placement!: -## Notice on Versions +toc::[] + += DDF Base + +Entrypoint scripts for booting and configuring ddf based distributions. Intended to be packaged in container and vm images. + +[IMPORTANT] +==== +This repository no longer produces a docker image. +A versioned tarball is produced instead, and should be pulled into any image that needs to make use of the entrypoint functionality. +To this end the entrypoint has been refactored to make it more portable. +==== + +== Notice on Versions This repo has been re-organized to have a single version of the entrypoint scripts going forward. the previous state of the repository can be found on the `legacy` branch. -## Usage Requirements +== Usage Requirements This image is meant to be the basis for any ddf based image. It packages the dependencies and an entrypoint script for use with any ddf based application @@ -26,29 +46,31 @@ ENV APP_LOG= ... # Install application ``` -## Features +== Features * Oracle JDK8 - * [jq](https://stedolan.github.io/jq/) for processing json + * https://stedolan.github.io/jq/[jq] for processing json * curl - * [props](https://github.com/oconnormi/props) tool for modifying properties files + * https://github.com/oconnormi/props[props] tool for modifying properties files * Common entry point for DDF based distributions * Automated certificate generation * Automated initial setup and configuration * Can request certs from a remote cfssl based CA via `CA_REMOTE_URL=https://:` -## Extending +== Extending All the steps performed by the scripts in this image are broken down into two categories, `pre-start` and `post-start`. Pre-start steps are all performed prior to the ddf instance being started, while post-start steps are all performed after the ddf instance is started. Both of these sets of steps can be extended easily using the following methods. -### Customizing Readiness Check +=== Customizing Readiness Check There are a few protections in place in this image to help get timings right when performing installations. The default approach checks if all bundles are started before considering the system "ready" By default there are a few bundles that are excluded from this check. These defaults can be overriden via the `READINESS_EXCLUSIONS` environment variable -The default exclusions are: `Apache Karaf :: Features :: Extension, Hosts|DDF :: Platform :: OSGi :: Conditions, Hosts|Apache Karaf :: Shell :: Console, Hosts|DDF :: Platform :: PaxWeb :: Jetty Config, Hosts` +The default exclusions are: +`Apache Karaf :: Features :: Extension, Hosts|DDF :: Platform :: OSGi :: Conditions, Hosts|Apache Karaf :: Shell :: Console, Hosts|DDF :: Platform :: PaxWeb :: Jetty Config, Hosts` + Exclusions must be a string that is separated by `|` characters for each entry Downstream images that need a custom set of exclusions should override via their `Dockerfile`: @@ -59,78 +81,94 @@ ENV READINESS_EXCLUSIONS="some bundle name|another bundle name|yet another bundl ``` Additionally for distributions that make use of the fabric8 health/readiness endpoint the experimental health checks can be used instead of the older approach by setting `EXPERIMENTAL_READINESS_CHECKS_ENABLED=true` -*Note:* This requires that the `fabric8-karaf-checks` feature is installed as part of the distribution's boot features -### Pre-Start Extensions +[NOTE] +==== +This requires that the `fabric8-karaf-checks` feature is installed as part of the distribution's boot features +==== + +=== Pre-Start Extensions For simple extension, add a script: `$ENTRYPOINT_HOME/pre_start_custom.sh` For more complex extension, any number of executable files can be added to `$ENTRYPOINT_HOME/pre/` -### Post-Start Extensions +=== Post-Start Extensions For simple extension, add a script: `$ENTRYPOINT_HOME/post_start_custom.sh` For more complex extension, any number of executable files can be added to `$ENTRYPOINT_HOME/post/` -### Basic Configuration +=== Basic Configuration -#### System Hostname +==== System Hostname To set the external hostname used by DDF based systems, provide a value to `EXTERNAL_HOSTNAME=`. This will be the hostname that all external requests to the system should use. To set the internal hostname used by DDF based systems, provide a value to `INTERNAL_HOSTNAME=` -#### Internal System Ports +==== Internal System Ports -*Note:* Setting these options changes the ports that are actually bound by the server. In most cases this should not be necessary. +[NOTE] +==== +Setting these options changes the ports that are actually bound by the server. In most cases this should not be necessary. +==== To set the internal HTTPS Port provide a value for `INTERNAL_HTTPS_PORT=` To set the internal HTTP Port provide a value for `INTERNAL_HTTP_PORT=` -#### External System Ports +==== External System Ports -*Note:* Setting these options affect the url that the server expects external requests to use. +[NOTE] +==== +Setting these options affect the url that the server expects external requests to use. +==== To set the external HTTPS Port provide a value for `EXTERNAL_HTTPS_PORT=` To set the external HTTP Port provide a value for `EXTERNAL_HTTP_PORT=` -#### Internal Service Context +==== Internal Service Context Change the root context for all services Set `INTERNAL_CONTEXT=` -#### External Service Context +==== External Service Context Change the context for services when running behind a proxy/load balancer Set `EXTERNAL_CONTEXT=` -#### Site Name +==== Site Name To set the site name for the system provide a value to `SITE_NAME=`. This defaults to the external hostname of the system when omitted. -#### External Solr +==== External Solr To configure a solr backend, provide a value to `SOLR_URL=`. By default this will use the internal solr server To configure a solr cloud backend, provide a value to `SOLR_ZK_HOSTS=,,,...` -#### External LDAP -To configure the ldap client, provide a value to `LDAP_HOST=`. *NOTE:* Currently this is for testing purposes only, as it does not provide a means for configuring the protocol, port, username, or password used by the ldap client. +==== External LDAP + +To configure the ldap client, provide a value to `LDAP_HOST=`. + +[NOTE] +==== +Currently this is for testing purposes only, as it does not provide a means for configuring the protocol, port, username, or password used by the ldap client. +==== -#### Java Memory +==== Java Memory To set the amount of memory allocated to the system set `JAVA_MAX_MEM` -#### Advanced Configuration +==== Advanced Configuration Copy (or mount) any necessary configuration files into `APP_HOME/etc/` Additionally any files mounted or copied to `$ENTRYPOINT_HOME/pre_config` will be copied under `APP_HOME` before the system is started -### Managing Apps and Features +=== Managing Apps and Features There are several methods for installing and uninstalling apps and features at startup. @@ -143,18 +181,18 @@ To uninstall features, provide a list of features to `UNINSTALL_FEATURES=;;...` -### Configuring HTTPS +=== Configuring HTTPS Custom keystores can easily be mounted to `APP_HOME/etc/keystores/serverKeystore.jks` and `APP_HOME/etc/keystores/serverTruststore.jks` -#### Auto-generated demo certs +==== Auto-generated demo certs If custom keystores are not used the startup process will generate certificates on the fly. By default the local ddf demo CA (bundled within the ddf distribution) will be used to generate a certificate for the value of `INTERNAL_HOSTNAME`, or if not provided the value of `hostname -f` will be used. Additionally Subject Alternative Names will be added to the certificate for `DNS:$INTERNAL_HOSTNAME(if unset will use `hostname -f`),$EXTERNAL_HOSTNAME,DNS:localhost,IP:127.0.0.1`. To add additional SAN values use the `CSR_SAN=:,...` environment variable. -#### Import Existing Certificates +==== Import Existing Certificates Certificates can be imported at runtime by passing the certificate chain in the `SSL_CERT` environment variable. The chain must be in the format: @@ -170,43 +208,81 @@ Certificates can be imported at runtime by passing the certificate chain in the -----END CERTIFICATE----- ``` -*Warning:* This should not be used in a production environment as it is insecure. Anyone with access to the docker daemon will be able to retrieve this from the environment. +[WARNING] +==== +This should not be used in a production environment as it is insecure. Anyone with access to the docker daemon will be able to retrieve this from the environment. +==== -#### Remote CA Support +==== Remote CA Support -Certificates can also be requested from a remote [cffsl](https://github.com/cloudflare/cfssl) based CA at startup by using the `REMOTE_CA_URL=https://:`. By default this will request a certificate from the remote CA that looks identical to the ones generated from the local CA. The remote CA mode provides additional configuration options for customizing the values used in the certificate. +Certificates can also be requested from a remote https://github.com/cloudflare/cfssl[cfssl] based CA at startup by using the `REMOTE_CA_URL=https://:`. By default this will request a certificate from the remote CA that looks identical to the ones generated from the local CA. The remote CA mode provides additional configuration options for customizing the values used in the certificate. -##### CSR Customization +===== CSR Customization Only applicable when using `CA_REMOTE_URL` -| Variable | Description | Default | -|:-------------------------:|:----------------------------------------------------------------:|:------------------------------:| -| `CSR_KEY_ALGORITHM` | Sets the key algorithm for the generated Certificate | `rsa` | -| `CSR_KEY_SIZE` | Sets the key size for the generated Certificate | `2048` | -| `CSR_SAN` | Sets the SAN value for the generated Certificate | `DNS:,DNS:localhost` | -| `CSR_COUNTRY` | Sets the Country value for the generated Certificate | `US` | -| `CSR_LOCALITY` | Sets the Locality value for the generated Certificate | `Hursley` | -| `CSR_ORGANIZATION` | Sets the Organization value for the generated Certificate | `DDF` | -| `CSR_ORGANIZATIONAL_UNIT` | Sets the Organizational Unit value for the generated Certificate | `Dev` | -| `CSR_STATE` | Sets the State value for the generated Certificate | `AZ` | -| `CSR_PROFILE` | Sets the type of certificate requested from the CA | `server` | +[cols=3*^,options="header"] +|=== + +|Variable +|Description +|Default + +a|`CSR_KEY_ALGORITHM` +|Sets the key algorithm for the generated Certificate +a|`rsa` + +a|`CSR_KEY_SIZE` +|Sets the key size for the generated Certificate +a|`2048` + +a|`CSR_SAN` +|Sets the SAN value for the generated Certificate +a|`DNS:,DNS:localhost` + +a|`CSR_COUNTRY` +|Sets the Country value for the generated Certificate +a|`US` + +a|`CSR_LOCALITY` +|Sets the Locality value for the generated Certificate +a|`Hursley` + +a|`CSR_ORGANIZATION` +|Sets the Organization value for the generated Certificate +a|`DDF` + +a|`CSR_ORGANIZATIONAL_UNIT` +|Sets the Organizational Unit value for the generated Certificate +a|`Dev` -### Seeding Data +a|`CSR_STATE` +|Sets the State value for the generated Certificate +a|`AZ` + +a|`CSR_PROFILE` +|Sets the type of certificate requested from the CA +a|`server` + +|=== + +=== Seeding Data It is possible to automatically seed the system with data using multiple methods. Both catalog metadata and content can be preloaded from local and remote sources. This is mostly useful for testing and demonstration purposes. -#### Seeding Catalog Metadata +==== Seeding Catalog Metadata To ingest data automatically after the system is running, the `INGEST_DATA` environment variable can be used. It can take a comma separated list of locations to retrieve archives of metadata from: `https://foo.bar/baz.zip,http://fake.com/foo.tar.gz` Supported archive types are: + - `zip` - `tar` - `tar.gz` - `tgz` Supported protocols are: + - `http://` - `https://` - `file://` @@ -216,18 +292,20 @@ Optionally a transformer for each set of data can be specified by adding `|||[||]` (`[]` denote optional parameters) -#### Source Types +==== Source Types -By default the only source type that is supported is `csw_federated`. Additional template files can be added similar to (csw_federated.config)[https://github.com/oconnormi/docker-ddf-base/blob/master/2.14/linux/entrypoint/files/templates/sources/csw_federated.config] and placed in `${ENTRYPOINT_HOME}/templates/sources` +By default the only source type that is supported is `csw_federated`. Additional template files can be added similar to https://github.com/oconnormi/docker-ddf-base/blob/master/2.14/linux/entrypoint/files/templates/sources/csw_federated.config[csw_federated.config] and placed in `${ENTRYPOINT_HOME}/templates/sources` -### Catalog Fanout Mode +=== Catalog Fanout Mode To switch the behavior of the catalog to use fanout mode provide `CATALOG_FANOUT_MODE=true` as an environment variable -#### Extending +==== Extending By default the base image only supports `CSW` type registries. To support other registry types add a template to `$ENTRYPOINT_HOME/templates/registry/`. Templates should be named: `.template` -### Troubleshooting +=== Troubleshooting Sometimes during the startup process the system can take a while to fully initialize. This can be due to memory/cpu constraints. On underpowered systems it might be necessary to instruct the entrypoint script to wait longer and attempt more retries to connect to the system during the boot process. This can be accomplished by setting the `KARAF_CLIENT_DELAY=