From c201b4a16ca5354d8e90116d826d271724a0caba Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Mon, 12 Nov 2018 15:33:00 -0700 Subject: [PATCH 1/6] server.xml updates for 6.5.2 (since like 5.7 actually) --- dc-os/Docker/HA/server.xml | 12 ++++++++---- dc-os/Docker/PRO/server.xml | 13 ++++++++++--- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/dc-os/Docker/HA/server.xml b/dc-os/Docker/HA/server.xml index 5051aac..989eb75 100644 --- a/dc-os/Docker/HA/server.xml +++ b/dc-os/Docker/HA/server.xml @@ -4,14 +4,18 @@ + + + - + - + - \ No newline at end of file + diff --git a/dc-os/Docker/PRO/server.xml b/dc-os/Docker/PRO/server.xml index 4f065a4..989eb75 100644 --- a/dc-os/Docker/PRO/server.xml +++ b/dc-os/Docker/PRO/server.xml @@ -4,11 +4,18 @@ + + + + + + - + - \ No newline at end of file + From f126e835f6ccdc6029fe93ec4d1697ce33274a1a Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Tue, 13 Nov 2018 13:11:40 -0700 Subject: [PATCH 2/6] Sed was eating more than it should have --- dc-os/Docker/HA/run.sh | 2 +- dc-os/Docker/PRO/run.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dc-os/Docker/HA/run.sh b/dc-os/Docker/HA/run.sh index acde476..a8c8717 100755 --- a/dc-os/Docker/HA/run.sh +++ b/dc-os/Docker/HA/run.sh @@ -32,7 +32,7 @@ setPorts() { export HA_MEMBERSHIP_PORT=$PORT1 fi # Change the port - sed -i -e 's,Connector port="\(.*\)",Connector port="'"$INSTANCE_PORT"'",g' /opt/jfrog/artifactory/tomcat/conf/server.xml + sed -i -e 's,Connector port="8081",Connector port="'"$INSTANCE_PORT"'",' /opt/jfrog/artifactory/tomcat/conf/server.xml } #Set initial configuration diff --git a/dc-os/Docker/PRO/run.sh b/dc-os/Docker/PRO/run.sh index 118d94b..f3b51a8 100755 --- a/dc-os/Docker/PRO/run.sh +++ b/dc-os/Docker/PRO/run.sh @@ -32,7 +32,7 @@ setPorts() { export HA_MEMBERSHIP_PORT=$PORT1 fi # Change the port - sed -i -e 's,Connector port="\(.*\)",Connector port="'"$INSTANCE_PORT"'",g' /opt/jfrog/artifactory/tomcat/conf/server.xml + sed -i -e 's,Connector port="8081",Connector port="'"$INSTANCE_PORT"'",g' /opt/jfrog/artifactory/tomcat/conf/server.xml } #Set initial configuration From 6f6f3d9981de1e86a2337006b4cdd3f6f458cb87 Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Wed, 14 Nov 2018 10:19:37 -0700 Subject: [PATCH 3/6] More changes to get it to work with 6.5.2 --- dc-os/Docker/HA/Dockerfile | 24 +++++++++++++----------- dc-os/Docker/HA/run.sh | 5 +++-- dc-os/Docker/PRO/Dockerfile | 10 +++++----- dc-os/Docker/PRO/run.sh | 6 +++--- 4 files changed, 24 insertions(+), 21 deletions(-) diff --git a/dc-os/Docker/HA/Dockerfile b/dc-os/Docker/HA/Dockerfile index e6b094e..e38c7dc 100644 --- a/dc-os/Docker/HA/Dockerfile +++ b/dc-os/Docker/HA/Dockerfile @@ -1,24 +1,26 @@ FROM docker.bintray.io/jfrog/artifactory-pro:6.5.8 -MAINTAINER jainishs@jfrog.com +LABEL MAINTAINER jainishs@jfrog.com # We download all the usual JDBC drivers available so we can configure them at runtime RUN curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar -RUN apt-get update && apt-get install -y dnsutils +#RUN apt-get update && apt-get install -y dnsutils COPY run.sh /runArtifactory.sh # Dynamic configurations -COPY files/plugins/inactiveServerCleaner.groovy /tmp/inactiveServerCleaner.groovy -COPY server.xml /opt/jfrog/artifactory/tomcat/conf/server.xml -COPY binarystore.xml /tmp/binarystore.xml -COPY artifactory.config.xml /tmp/artifactory.config.xml +COPY --chown=artifactory:artifactory files/plugins/inactiveServerCleaner.groovy /tmp/inactiveServerCleaner.groovy +COPY --chown=artifactory:artifactory server.xml /opt/jfrog/artifactory/tomcat/conf/server.xml +COPY --chown=artifactory:artifactory binarystore.xml /tmp/binarystore.xml +COPY --chown=artifactory:artifactory artifactory.config.xml /tmp/artifactory.config.xml # Pre-Populated keys -RUN mkdir -p /var/opt/jfrog/artifactory/access/etc/keys/ -RUN mkdir -p /var/opt/jfrog/artifactory/etc/security/ -ADD files/access/etc/keys/private.key /var/opt/jfrog/artifactory/access/etc/keys/private.key -ADD files/access/etc/keys/root.crt /var/opt/jfrog/artifactory/access/etc/keys/root.crt -ADD files/security/communication.key /var/opt/jfrog/artifactory/communication.key +RUN mkdir -p /var/opt/jfrog/artifactory/access/etc/keys/ /var/opt/jfrog/artifactory/etc/security/ +COPY --chown=artifactory:artifactory files/access/etc/keys/private.key /var/opt/jfrog/artifactory/access/etc/keys/private.key +COPY --chown=artifactory:artifactory files/access/etc/keys/root.crt /var/opt/jfrog/artifactory/access/etc/keys/root.crt +COPY --chown=artifactory:artifactory files/security/communication.key /var/opt/jfrog/artifactory/communication.key + +# Expose HA Port +EXPOSE 8081 10042 ENTRYPOINT /runArtifactory.sh diff --git a/dc-os/Docker/HA/run.sh b/dc-os/Docker/HA/run.sh index a8c8717..62ce5dd 100755 --- a/dc-os/Docker/HA/run.sh +++ b/dc-os/Docker/HA/run.sh @@ -51,6 +51,7 @@ function setInitialConfiguration { # This configuration doesn't exist on the first run if [ ! -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml ]; then sed -i -e "s,\[SERVERNAME\],$ART_SERVER_NAME,g" /tmp/artifactory.config.xml + sed -i -e "s,\[ARTSERVICE\],${MARATHON_APP_ID:1},g" /tmp/artifactory.config.xml sed -i -e "s,\[RPMETHOD\],$ART_REVERSE_PROXY_METHOD,g" /tmp/artifactory.config.xml sed -i -e "s,\[PORT\],$INSTANCE_PORT,g" /tmp/artifactory.config.xml mv /tmp/artifactory.config.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml @@ -70,8 +71,8 @@ function setInitialConfiguration { #Set license function setLicense { logger "Setting up license." + [ ! -d /var/opt/jfrog/artifactory/etc ] && mkdir -p /var/opt/jfrog/artifactory/etc echo -n "$ART_LICENSES" | cut -d, -f1 > /var/opt/jfrog/artifactory/etc/artifactory.lic - chmod 777 /var/opt/jfrog/artifactory/etc/artifactory.lic echo "Added license" } @@ -112,4 +113,4 @@ setInstanceIp setNodeId setInitialConfiguration -/entrypoint-artifactory.sh \ No newline at end of file +/entrypoint-artifactory.sh diff --git a/dc-os/Docker/PRO/Dockerfile b/dc-os/Docker/PRO/Dockerfile index 01b1c95..977c920 100644 --- a/dc-os/Docker/PRO/Dockerfile +++ b/dc-os/Docker/PRO/Dockerfile @@ -1,10 +1,10 @@ # Dockerfile for a primary node FROM docker.bintray.io/jfrog/artifactory-pro:6.5.8 -MAINTAINER jainishs@jfrog.com +LABEL MAINTAINER jainishs@jfrog.com # Will be filtered and copied in etc when first running -ADD artifactory.config.xml /tmp/artifactory.config.xml +COPY --chown=artifactory:artifactory artifactory.config.xml /tmp/artifactory.config.xml # We download all the usual JDBC drivers available so we can # configure them at runtime @@ -14,10 +14,10 @@ RUN curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar # Copy the run script COPY run.sh /runArtifactory.sh -# Still needed ? -COPY server.xml /opt/jfrog/artifactory/tomcat/conf/server.xml +# Customized server.xml +COPY --chown=artifactory:artifactory server.xml /opt/jfrog/artifactory/tomcat/conf/server.xml -# This should be mapped to a shared NFS mounted on the host +# Expose HA Port EXPOSE 8081 10042 ENTRYPOINT /runArtifactory.sh diff --git a/dc-os/Docker/PRO/run.sh b/dc-os/Docker/PRO/run.sh index f3b51a8..f6fb64f 100755 --- a/dc-os/Docker/PRO/run.sh +++ b/dc-os/Docker/PRO/run.sh @@ -57,7 +57,7 @@ function setInitialConfiguration { cp -f /var/opt/jfrog/artifactory/etc/artifactory.config.latest.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml else # If not we take the bootstrap one, and import it - cp -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml + cp -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml fi # Changing the instance port sed -i -e "s,\(.*\),$INSTANCE_PORT,g" /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml @@ -67,8 +67,8 @@ function setInitialConfiguration { #Set license function setLicense { logger "Setting up license." + [ ! -d /var/opt/jfrog/artifactory/etc ] && mkdir -p /var/opt/jfrog/artifactory/etc echo -n "$ART_LICENSES" | cut -d, -f1 > /var/opt/jfrog/artifactory/etc/artifactory.lic - chmod 777 /var/opt/jfrog/artifactory/etc/artifactory.lic echo "Added license" } @@ -94,4 +94,4 @@ setPorts setInstanceIp setInitialConfiguration -/entrypoint-artifactory.sh \ No newline at end of file +/entrypoint-artifactory.sh From dbda9731597b9c1366c036488147acf729ee5128 Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Thu, 15 Nov 2018 09:58:51 -0700 Subject: [PATCH 4/6] add --rm --- dc-os/Docker/PRO/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dc-os/Docker/PRO/build.sh b/dc-os/Docker/PRO/build.sh index f587d98..42acfc0 100755 --- a/dc-os/Docker/PRO/build.sh +++ b/dc-os/Docker/PRO/build.sh @@ -8,4 +8,4 @@ mkdir files echo "adding configuration file" cp -Rf $SCRIPT_DIR/../../../files/* files/ -docker build -t $1 . \ No newline at end of file +docker build --rm -t $1 . From c58f11fec37a3213e2215b20c725a61912390b6e Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Thu, 15 Nov 2018 10:10:27 -0700 Subject: [PATCH 5/6] Fix license doesn't install on first run --- dc-os/Docker/HA/run.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dc-os/Docker/HA/run.sh b/dc-os/Docker/HA/run.sh index 62ce5dd..a8c8717 100755 --- a/dc-os/Docker/HA/run.sh +++ b/dc-os/Docker/HA/run.sh @@ -51,7 +51,6 @@ function setInitialConfiguration { # This configuration doesn't exist on the first run if [ ! -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml ]; then sed -i -e "s,\[SERVERNAME\],$ART_SERVER_NAME,g" /tmp/artifactory.config.xml - sed -i -e "s,\[ARTSERVICE\],${MARATHON_APP_ID:1},g" /tmp/artifactory.config.xml sed -i -e "s,\[RPMETHOD\],$ART_REVERSE_PROXY_METHOD,g" /tmp/artifactory.config.xml sed -i -e "s,\[PORT\],$INSTANCE_PORT,g" /tmp/artifactory.config.xml mv /tmp/artifactory.config.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml @@ -71,8 +70,8 @@ function setInitialConfiguration { #Set license function setLicense { logger "Setting up license." - [ ! -d /var/opt/jfrog/artifactory/etc ] && mkdir -p /var/opt/jfrog/artifactory/etc echo -n "$ART_LICENSES" | cut -d, -f1 > /var/opt/jfrog/artifactory/etc/artifactory.lic + chmod 777 /var/opt/jfrog/artifactory/etc/artifactory.lic echo "Added license" } @@ -113,4 +112,4 @@ setInstanceIp setNodeId setInitialConfiguration -/entrypoint-artifactory.sh +/entrypoint-artifactory.sh \ No newline at end of file From ff581057f01dead312ff1f69b5b7fe66825db11c Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Thu, 29 Nov 2018 08:08:15 -0700 Subject: [PATCH 6/6] Remove insecure default keys --- dc-os/Docker/HA/Dockerfile | 6 ------ files/access/etc/keys/private.key | 27 --------------------------- files/access/etc/keys/root.crt | 18 ------------------ files/security/communication.key | 2 -- 4 files changed, 53 deletions(-) delete mode 100644 files/access/etc/keys/private.key delete mode 100644 files/access/etc/keys/root.crt delete mode 100644 files/security/communication.key diff --git a/dc-os/Docker/HA/Dockerfile b/dc-os/Docker/HA/Dockerfile index e38c7dc..72b1aae 100644 --- a/dc-os/Docker/HA/Dockerfile +++ b/dc-os/Docker/HA/Dockerfile @@ -14,12 +14,6 @@ COPY --chown=artifactory:artifactory server.xml /opt/jfrog/artifactory/tomcat/co COPY --chown=artifactory:artifactory binarystore.xml /tmp/binarystore.xml COPY --chown=artifactory:artifactory artifactory.config.xml /tmp/artifactory.config.xml -# Pre-Populated keys -RUN mkdir -p /var/opt/jfrog/artifactory/access/etc/keys/ /var/opt/jfrog/artifactory/etc/security/ -COPY --chown=artifactory:artifactory files/access/etc/keys/private.key /var/opt/jfrog/artifactory/access/etc/keys/private.key -COPY --chown=artifactory:artifactory files/access/etc/keys/root.crt /var/opt/jfrog/artifactory/access/etc/keys/root.crt -COPY --chown=artifactory:artifactory files/security/communication.key /var/opt/jfrog/artifactory/communication.key - # Expose HA Port EXPOSE 8081 10042 diff --git a/files/access/etc/keys/private.key b/files/access/etc/keys/private.key deleted file mode 100644 index 43abea0..0000000 --- a/files/access/etc/keys/private.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAw4LGKn8fJi08vA53PPkP1Jw8LuG4Bf1trBXe4Reo1FavZCcl -ZaeEGF4qG/meEQRujilaVb27SrCPaLKxI/kzATz2NRn9SQj66N70nbVCsD2RPvjM -K4UlCu/IuyLmOf2Jv1NuFSwdnYK2wj5Mf91tiOzVn+QC1tT/2X0kuDiwb4p8ybv0 -DE9EooLUSs1iWWamSfRbEMyVXfGVIO2ULYOJxqf03vg96JvoCL3qkDUYo/85Fd2u -hWwDXE3Dv1q5DM9TCAkVZOuOh+OmgEiln6ybp7Y4cV6mqiWuBu3DvtiBNla10qNA -Z9g+hqkeuqJPIvbXZSOqXW5KqUH0S3KwhJa93QIDAQABAoIBABK3eEUlOlQrTH8s -W1no9g0Cj/hk/3sDUfaBeX7PBwic69mIrdnXeZvjl+Bpuyoh5HuTleRTb5Ss5m29 -fZvWBX3+2gsnW8ocI/kbLwvSCHpayobexpz7+Bnd7reLlcLDdOZuFEHOoV8s3lYm -JKixCAVttt3BtEvgxEWL53IDa1CiJEszv7exW+udB+xy/YygrvNhYT9kPrgPZYHT -ZRyO3x40iICI8mLBOaNAdQM0lEVDpjKLpKXcpFHZn+ApBskxvWNbFAJYOA5VGv3V -YveS8mUV/xT+GZ7WJxWm9Ar1cBDNcCbiO0z1MI4yEL+NOsCizxD3mtzpb0n0+TTY -hXklz/kCgYEA+eLQ3qubcHyaTg6xEri56eJjaso3CKpcStDAuu/Ni3JMzEc1zljH -hRotKhd872b55Go+8DeNWqbDz19R2/1F2pW1I+2X7baL4FJHZDv0F4Wwo7/5sr8g -pPawcoFDk52sIka5TDMI4IK75x5CZcax0PpP/nQBAGj5nayRFSuQWHMCgYEAyEtf -0zexJsaicXJClallrH0YybnVXIqHwuC+zfszwzPPLKEqsQXEYCNHijeIR4VT27iv -BBkZaIvXFYQmSO+GlyrnMAAXD0pmU+RhWvmN1k83Rb0t1+OFZ+X3Os1k0ewBxl/U -pab1K8VPG08YFddukzKncppWg3tvydtIApf5DG8CgYAr/kSrjybUjPtVlrySATep -95NtL6C0w9lvyoTD5IgZbswagsb0RykJQ+yDppL2Svjfv9zIyd73ALkkfzGYO2Ta -8NRtON0wmpzRp2quOOfmZEEO8zNwxrlmkY/K+Pr+uBmgBzeENM/xRtLyA5/I70xK -8Ga4849hlRmtKr54La1CBQKBgBjSjoukqUW+9D7PBEV7+ufHkRze9PxFBtI1/C+W -5DFa6GAFkT7jEhVACgutGiyS73OZjccaPTXhrsQx3nTHioyNep1ORY1VkRzwfshB -iTx4EMeJzHam8c+QhnU5IzeI4idtlPL6oAPOriEaSkfarQ99BZeEXRhqYc5IaMI5 -h1ntAoGAF0u8cQZqiZgwDHDk7zS7bpgkBSf49sx2Aa53+kZd5+s0muo+8HOxARC+ -+M4x7WYIKFonah7yYKbR36w5o87G9wN7bP52FMYrsccR6AQy02kEG52M38xXJ3Fb -LgngQmLBNaOE/75tFkqhzj9MnTMbUvaA8K9Q54WGswzvGjkOlqM= ------END RSA PRIVATE KEY----- diff --git a/files/access/etc/keys/root.crt b/files/access/etc/keys/root.crt deleted file mode 100644 index 539e565..0000000 --- a/files/access/etc/keys/root.crt +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC7TCCAdWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA5MTcwNQYDVQQDDC5qZi1h -Y2Nlc3NAMjYxMTIxMDEtMTJhYy00ZTdhLWI5YjEtNGRjODQ3OTI3ZDg5MCAXDTE2 -MTIxMjE0MTMzM1oYDzcwMDAwMTAxMDAwMDMyWjA5MTcwNQYDVQQDDC5qZi1hY2Nl -c3NAMjYxMTIxMDEtMTJhYy00ZTdhLWI5YjEtNGRjODQ3OTI3ZDg5MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4LGKn8fJi08vA53PPkP1Jw8LuG4Bf1t -rBXe4Reo1FavZCclZaeEGF4qG/meEQRujilaVb27SrCPaLKxI/kzATz2NRn9SQj6 -6N70nbVCsD2RPvjMK4UlCu/IuyLmOf2Jv1NuFSwdnYK2wj5Mf91tiOzVn+QC1tT/ -2X0kuDiwb4p8ybv0DE9EooLUSs1iWWamSfRbEMyVXfGVIO2ULYOJxqf03vg96Jvo -CL3qkDUYo/85Fd2uhWwDXE3Dv1q5DM9TCAkVZOuOh+OmgEiln6ybp7Y4cV6mqiWu -Bu3DvtiBNla10qNAZ9g+hqkeuqJPIvbXZSOqXW5KqUH0S3KwhJa93QIDAQABMA0G -CSqGSIb3DQEBCwUAA4IBAQBElKIpJBg52lZv9cCgRr1jzx2q2BUUADb/kBw8HiYD -AcfQqzT1ByqPBe36PkucIUxHEfoqadIfTzzAjHpaXMr3EvXxCt293tXxFyPyzWx5 -rOW5zyymWukF6DqNAAK5B2pbd1oyx7lTMWZdgegzMKxONfQ9nsuAEtvE3eOly49s -XxUA7uJXf7GZhdR0OX9jQMzTflw+kjtF1mayc17/zTGhValHkIhOYDo0YxNRPqXv -GGf/H4xYWQmigxHsPmiG1U2JvBWyrSq3MNH69E6HgfcNS5M7+m4b7LhTeC7lyqSH -iR5dbZEmaL9IrPmxclUyBJT0Htlu61NrDaKIxzj9s3zr ------END CERTIFICATE----- diff --git a/files/security/communication.key b/files/security/communication.key deleted file mode 100644 index 8fb0af0..0000000 --- a/files/security/communication.key +++ /dev/null @@ -1,2 +0,0 @@ -JR7r2vwkhxwYuNPspf7MEeqcwECLnPvBBB5YaruK2opLo4M9BLj81bn5p2PBrC662RZvKqKGFBkGX5R5x6aKtiRtCvWuTeH5Qm8RyTrUQHezqY3dSxKt4oAHoodzMj3DYBJncDoAmxu9RLX7c7RuZfn5n6kFX8zGhv7cjxqeyPNKkL8DLLvE8oVne1VRq5mEBMJUEKGZVdqzjmx9bD2DJ144Z5YBD8LxjY7wAqxkit4zy69R5L8CZmzWgx3JKT2Pd5M4MzrBhHnNhN98T8Aet19gwbspM39kzxgWswSijUp8jjRGE17waM7bxsor4Mk3mN7zxR4xHdutQoQfBA1Ei7eTiVoJ7MgUqEyrVfinC1ooDgc5kQshx7CUjw94KfRPtVPV6NHJ4EoR12c6Kmi6xxAfry2wPRLwXpA8ByViEPrTvKfjuVx4qtYkHPfkCQVq78RHxPHsgghrPehVzpAsiV2dqN47 -JUHfDLxBPMe4YZbWLKdbams2ZTPq3rmG1zxgbG9D5K8dmt4PhN2x6isBCtD1JVb15rkMX9DScvPAviTYFW72ivFnBiy4mATGjCAL54PdyPXhwmW7VhjqTBQQcJcCQoHuRKaBC