forked from steffow/openam-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
executable file
·106 lines (79 loc) · 4.02 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# AM Dockerfile
#
# Copyright (c) 2016-2017 ForgeRock AS.
#
FROM tomcat:8.5.24-jre8-alpine
# Example
#
# docker run --name am-eval -p 8080:8080 -v $PWD/openam-configuration:/home/forgerock/openam am-eval
#
ENV FORGEROCK_HOME /home/forgerock
# The OPENAM_CONFIG directory is the mount point for the OpenShift persistent volume.
ENV OPENAM_CONFIG_DIR "$FORGEROCK_HOME"/openam
#ENV CATALINA_OPTS -server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap
# Option for setting the AM home directory:
# -Dcom.sun.identity.configuration.directory=/home/forgerock/openam
# Options for using cgroups for memory size:
# -server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap
# Option for sending debug output to stderr
#-Dcom.sun.identity.util.debug.provider=com.sun.identity.shared.debug.impl.StdOutDebugProvider -Dcom.sun.identity.shared.debug.file.format="%PREFIX% %MSG%\n%STACKTRACE%"
ENV CATALINA_OPTS -server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap \
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true \
-Dcom.sun.identity.util.debug.provider=com.sun.identity.shared.debug.impl.StdOutDebugProvider \
-Dcom.sun.identity.shared.debug.file.format=\"%PREFIX% %MSG%\\n%STACKTRACE%\" \
-Duser.home=$FORGEROCK_HOME \
-Dcom.sun.identity.configuration.directory=$OPENAM_CONFIG_DIR
# Make sure that log files can be accessed
ENV UMASK="0002"
# -Dcom.iplanet.services.debug.level=error
COPY openam.war /tmp/openam.war
RUN apk add --no-cache su-exec unzip curl bash \
&& rm -fr /usr/local/tomcat/webapps/* \
&& unzip -q /tmp/openam.war -d "$CATALINA_HOME"/webapps/openam \
# Let's use bootstrap.properties rather than default location
&& echo "configuration.dir="$OPENAM_CONFIG_DIR"" >> "$CATALINA_HOME"/webapps/openam/WEB-INF/classes/bootstrap.properties \
&& rm /tmp/openam.war \
# Add 'forgerock' to primary group 'root'. OpenShift's dynamic user also has 'root' as primary group.
# By this the dynamic user has almost the same privs a 'forgerock'
&& adduser -s /bin/bash -h "$FORGEROCK_HOME" -u 11111 -G root -D forgerock \
&& mkdir -p "$OPENAM_CONFIG_DIR" \
&& chown -R forgerock:root "$CATALINA_HOME" \
&& chown -R forgerock:root "$FORGEROCK_HOME" \
&& chown -R forgerock:root "$OPENAM_CONFIG_DIR" \
&& chown -R forgerock:root /usr/local \
&& chmod -R g=u "$CATALINA_HOME" \
&& chmod -R g=u "$FORGEROCK_HOME"
COPY Amster.zip /tmp/Amster.zip
RUN mkdir -p "$FORGEROCK_HOME"/amster
RUN unzip -q /tmp/Amster.zip -d "$FORGEROCK_HOME"/amster
# If you want to create an image that is ready to be bootstrapped to a
# configuration store, you can add a custom boot.json file.
# This can also be added at runtime by a ConfigMap or an init container.
#COPY boot.json /root/openam
# Generate a default keystore for SSL - only needed if you want SSL inside the cluster.
# You can mount your own keystore on the ssl/ directory to override this.
# Because of the complexity of configuring ssl, we should look at using istio.io to handle intercomponent ssl
#RUN mkdir -p /usr/local/tomcat/ssl && \
# keytool -genkey -noprompt \
# -keyalg RSA \
# -alias tomcat \
# -dname "CN=forgerock.com, OU=ID, O=FORGEROCK, L=Calgary, S=AB, C=CA" \
# -keystore /usr/local/tomcat/ssl/keystore \
# -storepass password \
# -keypass password
# Custom server.xml: use this if AM is behind SSL termination.
# See the server.xml file for details.
COPY server.xml "$CATALINA_HOME"/conf/server.xml
# For debugging AM in a container, uncomment this.
# Use something like kubectl port-forward POD 5005:5005
# ENV CATALINA_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005"
# Settings for Tomcat cache.
COPY context.xml "$CATALINA_HOME"/conf/context.xml
# Path to optional script to customize the AM web app. Use this script hook to copy in images, web.xml, etc.
# ENV CUSTOMIZE_AM /home/forgerock/customize-am.sh
# USER forgerock
# Best practice is to use uid here
USER 11111
COPY *.sh $FORGEROCK_HOME/
ENTRYPOINT ["/home/forgerock/docker-entrypoint.sh"]
CMD ["run"]