|
1 | 1 | # Dockerfile for the PDC's Auth service |
2 | 2 | # |
3 | | -# Base image |
| 3 | +# |
| 4 | +# DACS-based authentication module used by the PDC's Visualizer. |
| 5 | +# |
| 6 | +# Example: |
| 7 | +# sudo docker pull pdcbc/auth |
| 8 | +# sudo docker run -d --name=auth -h auth --restart=always \ |
| 9 | +# -v /pdc/data/config/dacs/:/etc/dacs/:rw \ |
| 10 | +# pdcbc/auth |
| 11 | +# |
| 12 | +# Folder paths |
| 13 | +# - DACS config: -v </path/>:/etc/dacs/:rw |
| 14 | +# |
| 15 | +# Modify default settings |
| 16 | +# - DACS federation: -e DACS_FEDERATION=<string> |
| 17 | +# - jurisdiction: -e DACS_JURISDICTION=<string> |
| 18 | +# - Node secret: -e NODE_SECRET=<string> |
| 19 | +# |
| 20 | +# Releases |
| 21 | +# - https://github.com/PDCbc/auth/releases |
| 22 | +# |
4 | 23 | # |
5 | 24 | FROM phusion/passenger-nodejs |
| 25 | +MAINTAINER derek.roberts@gmail.com |
| 26 | +ENV RELEASE 0.1.3 |
6 | 27 |
|
7 | 28 |
|
8 | | -# Update system, install DACS |
| 29 | +# Packages |
9 | 30 | # |
10 | | -ENV DEBIAN_FRONTEND noninteractive |
11 | | -RUN echo 'Dpkg::Options{ "--force-confdef"; "--force-confold" }' \ |
12 | | - >> /etc/apt/apt.conf.d/local |
13 | 31 | RUN apt-get update; \ |
14 | 32 | apt-get upgrade -y; \ |
15 | | - apt-get install -y dacs |
| 33 | + apt-get install -y \ |
| 34 | + dacs \ |
| 35 | + git; \ |
| 36 | + apt-get clean; \ |
| 37 | + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* |
| 38 | + |
| 39 | + |
| 40 | +# Prepare /app/ and /etc/dacs/ folders |
| 41 | +# |
| 42 | +WORKDIR /app/ |
| 43 | +RUN git clone https://github.com/pdcbc/auth.git -b ${RELEASE} .; \ |
| 44 | + npm install; \ |
| 45 | + mkdir -p /etc/dacs/; \ |
| 46 | + chown -R app:app /app/ /etc/dacs/ |
16 | 47 |
|
17 | 48 |
|
18 | 49 | # Create startup script and make it executable |
19 | 50 | # |
20 | | -RUN mkdir -p /etc/service/app/ |
21 | | -RUN ( \ |
| 51 | +RUN mkdir -p /etc/service/app/; \ |
| 52 | + ( \ |
22 | 53 | echo "#!/bin/bash"; \ |
23 | 54 | echo "#"; \ |
24 | 55 | echo "set -e -o nounset"; \ |
25 | 56 | echo ""; \ |
26 | 57 | echo ""; \ |
| 58 | + echo "# Set variables, exports for npm"; \ |
| 59 | + echo "#"; \ |
| 60 | + echo "export MAINPORT=\${PORT_AUTH_M:-3005}"; \ |
| 61 | + echo "export CONTROLPORT=\${PORT_AUTH_C:-3006}"; \ |
| 62 | + echo "export JURISDICTION=\${DACS_JURISDICTION:-TEST}"; \ |
| 63 | + echo "export FEDERATION=\${DACS_FEDERATION:-pdc.dev}"; \ |
| 64 | + echo "#"; \ |
| 65 | + echo "export DACS=/etc/dacs"; \ |
| 66 | + echo "export ROLEFILE=\${DACS}/federations/\${FEDERATION}/roles"; \ |
| 67 | + echo "export KEYFILE=\${DACS}/federations/\${FEDERATION}/federation_keyfile"; \ |
| 68 | + echo "export SECRET=\${NODE_SECRET:-notVerySecret}"; \ |
| 69 | + echo ""; \ |
| 70 | + echo ""; \ |
27 | 71 | echo "# Prepare DACS"; \ |
28 | 72 | echo "#"; \ |
29 | | - echo "if [ ! -d \${DACS_STOREDIR}/federations/\${DACS_FEDERATION}/\${DACS_JURISDICTION}/ ]"; \ |
| 73 | + echo "if [ ! -d \${DACS}/federations/\${FEDERATION}/\${JURISDICTION}/ ]"; \ |
30 | 74 | echo "then"; \ |
31 | 75 | echo " ("; \ |
32 | | - echo " mkdir -p \${DACS_STOREDIR}/federations/\${DACS_FEDERATION}/\${DACS_JURISDICTION}/"; \ |
33 | | - echo " cp /app/federations/dacs.conf \${DACS_STOREDIR}/federations/"; \ |
34 | | - echo " cp /app/federations/site.conf \${DACS_STOREDIR}/federations/"; \ |
35 | | - echo " touch \${DACS_STOREDIR}/federations/\${DACS_FEDERATION}/roles"; \ |
36 | | - echo " touch \${DACS_STOREDIR}/federations/\${DACS_FEDERATION}/federation_keyfile"; \ |
| 76 | + echo " mkdir -p \${DACS}/federations/\${FEDERATION}/\${JURISDICTION}/"; \ |
| 77 | + echo " cp /app/federations/dacs.conf \${DACS}/federations/"; \ |
| 78 | + echo " cp /app/federations/site.conf \${DACS}/federations/"; \ |
| 79 | + echo " touch \${ROLEFILE}"; \ |
| 80 | + echo " touch \${KEYFILE}"; \ |
37 | 81 | echo " )||("; \ |
38 | 82 | echo " ERROR: DACS initialization unsuccessful >&2"; \ |
39 | 83 | echo " )"; \ |
40 | 84 | echo "fi"; \ |
41 | | - echo "chown -R app:app \${DACS_STOREDIR}/"; \ |
42 | | - echo "/sbin/setuser app dacskey -uj \${DACS_JURISDICTION} -v \${DACS_STOREDIR}/federations/\${DACS_FEDERATION}/federation_keyfile"; \ |
| 85 | + echo "chown -R app:app \${DACS}/"; \ |
| 86 | + echo "/sbin/setuser app dacskey -uj \${JURISDICTION} -v \${KEYFILE}"; \ |
43 | 87 | echo ""; \ |
44 | 88 | echo ""; \ |
45 | 89 | echo "# Start service"; \ |
46 | 90 | echo "#"; \ |
47 | | - echo "export CONTROLPORT=\${PORT_AUTH_C}"; \ |
48 | | - echo "export MAINPORT=\${PORT_AUTH_M}"; \ |
49 | | - echo "export DACS=\${DACS_STOREDIR}"; \ |
50 | | - echo "export FEDERATION=\${DACS_FEDERATION}"; \ |
51 | | - echo "export JURISDICTION=\${DACS_JURISDICTION}"; \ |
52 | | - echo "export ROLEFILE=\${DACS_ROLEFILE}"; \ |
53 | | - echo "export KEYFILE=\${DACS_KEYFILE}"; \ |
54 | | - echo "export SECRET=\${NODE_SECRET}"; \ |
55 | | - echo "#"; \ |
56 | 91 | echo "cd /app/"; \ |
57 | 92 | echo "/sbin/setuser app npm start"; \ |
58 | 93 | ) \ |
59 | | - >> /etc/service/app/run |
60 | | -RUN chmod +x /etc/service/app/run |
61 | | - |
62 | | - |
63 | | -# Prepare /app/ and /etc/dacs/ folders |
64 | | -# |
65 | | -WORKDIR /app/ |
66 | | -COPY . . |
67 | | -RUN npm install |
68 | | -RUN mkdir -p /etc/dacs/ |
69 | | -RUN chown -R app:app /app/ /etc/dacs/ |
| 94 | + >> /etc/service/app/run; \ |
| 95 | + chmod +x /etc/service/app/run |
70 | 96 |
|
71 | 97 |
|
72 | 98 | # Run Command |
|
0 commit comments