|
| 1 | +#!/bin/bash |
| 2 | +# (C) Copyright IBM Corporation 2022. |
| 3 | +# |
| 4 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +# you may not use this file except in compliance with the License. |
| 6 | +# You may obtain a copy of the License at |
| 7 | +# |
| 8 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +# |
| 10 | +# Unless required by applicable law or agreed to in writing, software |
| 11 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +# See the License for the specific language governing permissions and |
| 14 | +# limitations under the License. |
| 15 | + |
| 16 | +# Determine if featureUtility ran in an earlier build step |
| 17 | +if [ -f "/opt/ibm/wlp/configure-liberty.log" ]; then |
| 18 | + FEATURES_INSTALLED=true |
| 19 | +else |
| 20 | + FEATURES_INSTALLED=false |
| 21 | + >&2 echo "WARNING: This is not an optimal build configuration. Although features in server.xml will continue to be installed correctly, the 'RUN features.sh' command should be added to the Dockerfile prior to configure.sh. See https://github.com/WASdev/ci.docker#building-an-application-image for a sample application image template." |
| 22 | +fi |
| 23 | + |
| 24 | +if [ "$VERBOSE" != "true" ]; then |
| 25 | + exec &>/dev/null |
| 26 | +fi |
| 27 | + |
| 28 | +set -Eeox pipefail |
| 29 | + |
| 30 | +function main() { |
| 31 | + if [ "$FEATURES_INSTALLED" == "false" ]; then |
| 32 | + # Resolve liberty server symlinks and creation for server name changes |
| 33 | + /opt/ibm/helpers/runtime/configure-liberty.sh |
| 34 | + if [ $? -ne 0 ]; then |
| 35 | + exit |
| 36 | + fi |
| 37 | + fi |
| 38 | + |
| 39 | + ##Define variables for XML snippets source and target paths |
| 40 | + WLP_INSTALL_DIR=/opt/ibm/wlp |
| 41 | + SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config |
| 42 | + SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources |
| 43 | + |
| 44 | + SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets |
| 45 | + SNIPPETS_TARGET=/config/configDropins/overrides |
| 46 | + SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults |
| 47 | + mkdir -p ${SNIPPETS_TARGET} |
| 48 | + mkdir -p ${SNIPPETS_TARGET_DEFAULTS} |
| 49 | + |
| 50 | + #Check for each Liberty value-add functionality |
| 51 | + |
| 52 | + # Infinispan Session Caching |
| 53 | + if [[ -n "$INFINISPAN_SERVICE_NAME" ]]; then |
| 54 | + cp ${SNIPPETS_SOURCE}/infinispan-client-sessioncache.xml ${SNIPPETS_TARGET}/infinispan-client-sessioncache.xml |
| 55 | + chmod g+rw $SNIPPETS_TARGET/infinispan-client-sessioncache.xml |
| 56 | + fi |
| 57 | + |
| 58 | + # Hazelcast Session Caching |
| 59 | + if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]; then |
| 60 | + cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml |
| 61 | + mkdir -p ${SHARED_CONFIG_DIR}/hazelcast |
| 62 | + cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml |
| 63 | + fi |
| 64 | + |
| 65 | + # Key Store |
| 66 | + keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml" |
| 67 | + if [ "$SSL" != "false" ] && [ "$TLS" != "false" ] |
| 68 | + then |
| 69 | + if [ ! -e $keystorePath ] |
| 70 | + then |
| 71 | + # Generate the keystore.xml |
| 72 | + export KEYSTOREPWD=$(openssl rand -base64 32) |
| 73 | + sed "s|REPLACE|$KEYSTOREPWD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml |
| 74 | + chmod g+w $SNIPPETS_TARGET_DEFAULTS/keystore.xml |
| 75 | + fi |
| 76 | + fi |
| 77 | + |
| 78 | + # SSO |
| 79 | + if [[ -n "$SEC_SSO_PROVIDERS" ]]; then |
| 80 | + parseProviders $SEC_SSO_PROVIDERS |
| 81 | + fi |
| 82 | + |
| 83 | + if [ "$SKIP_FEATURE_INSTALL" != "true" ]; then |
| 84 | + # Install needed features |
| 85 | + if [ "$FEATURE_REPO_URL" ]; then |
| 86 | + curl -k --fail $FEATURE_REPO_URL > /tmp/repo.zip |
| 87 | + installUtility install --acceptLicense defaultServer --from=/tmp/repo.zip || rc=$?; if [ $rc -ne 22 ]; then exit $rc; fi |
| 88 | + rm -rf /tmp/repo.zip |
| 89 | + # Otherwise, if features.sh did not run, install server features. |
| 90 | + elif [ "$FEATURES_INSTALLED" == "false" ]; then |
| 91 | + featureUtility installServerFeatures --acceptLicense defaultServer --noCache |
| 92 | + find /opt/ibm/wlp/lib /opt/ibm/wlp/bin ! -perm -g=rw -print0 | xargs -0 -r chmod g+rw |
| 93 | + fi |
| 94 | + fi |
| 95 | + |
| 96 | + # Apply interim fixes found in /opt/ibm/fixes |
| 97 | + # Fixes recommended by IBM, such as to resolve security vulnerabilities, are also included in /opt/ibm/fixes |
| 98 | + # Note: This step should be done once needed features are enabled and installed using installUtility. |
| 99 | + |
| 100 | + # Do not create a SCC |
| 101 | + if [ -n "${IBM_JAVA_OPTIONS}" ]; then |
| 102 | + IBM_JAVA_OPTIONS="${IBM_JAVA_OPTIONS} -Xshareclasses:none" |
| 103 | + fi |
| 104 | + |
| 105 | + if [ -n "${OPENJ9_JAVA_OPTIONS}" ]; then |
| 106 | + OPENJ9_JAVA_OPTIONS="${OPENJ9_JAVA_OPTIONS} -Xshareclasses:none" |
| 107 | + fi |
| 108 | + |
| 109 | + find /opt/ibm/fixes -type f -name "*.jar" -print0 | sort -z | xargs -0 -n 1 -r -I {} java -jar {} --installLocation $WLP_INSTALL_DIR |
| 110 | + #Make sure that group write permissions are set correctly after installing new features |
| 111 | + find /opt/ibm/wlp ! -perm -g=rw -print0 | xargs -r -0 chmod g+rw |
| 112 | + |
| 113 | + # Create a new SCC layer |
| 114 | + if [ "$OPENJ9_SCC" == "true" ] |
| 115 | + then |
| 116 | + populate_scc.sh -i 1 |
| 117 | + fi |
| 118 | +} |
| 119 | + |
| 120 | +## parse provider list to generate files into configDropins |
| 121 | +function parseProviders() { |
| 122 | + while [ $# -gt 0 ]; do |
| 123 | + case "$1" in |
| 124 | + oidc:*) |
| 125 | + parseCommaList oidc "${1#*:}" |
| 126 | + ;; |
| 127 | + oauth2:*) |
| 128 | + parseCommaList oauth2 "${1#*:}" |
| 129 | + ;; |
| 130 | + *) |
| 131 | + if [[ $(ls $SNIPPETS_SOURCE | grep "$1") ]]; then |
| 132 | + cp $SNIPPETS_SOURCE/sso-${1}.xml $SNIPPETS_TARGET_DEFAULTS |
| 133 | + fi |
| 134 | + ;; |
| 135 | + esac |
| 136 | + shift |
| 137 | + done |
| 138 | +} |
| 139 | + |
| 140 | +## process the comma delimitted oauth2/oidc source lists |
| 141 | +function parseCommaList() { |
| 142 | + local type="$1" |
| 143 | + local list=$(echo "$2" | tr , " ") |
| 144 | + |
| 145 | + for current in ${list}; do |
| 146 | + if [[ "${type}" = "oidc" ]]; then |
| 147 | + # replace oidc identifiers with custom name |
| 148 | + sed -e 's/=\"oidc/=\"'${current}'/g' -e 's/_OIDC_/_'${current^^}'_/g' $SNIPPETS_SOURCE/sso-oidc.xml > $SNIPPETS_TARGET_DEFAULTS/sso-${current}.xml |
| 149 | + else |
| 150 | + # replace oauth2 identifiers with custom name |
| 151 | + sed -e 's/=\"oauth2/=\"'${current}'/g' -e 's/_OAUTH2_/_'${current^^}'_/g' $SNIPPETS_SOURCE/sso-oauth2.xml > $SNIPPETS_TARGET_DEFAULTS/sso-${current}.xml |
| 152 | + fi |
| 153 | + done |
| 154 | +} |
| 155 | + |
| 156 | +main "$@" |
0 commit comments