Skip to content

Commit

Permalink
Updated to fuse 6.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@valdar
valdar committed Jul 31, 2018
1 parent 43e1bfb commit 4faa8aa
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 34 deletions.
14 changes: 9 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
This is a simple script that run for you 3 docker images:
- OpenLdap with preloaded users/groups data: valdar/ldapfuseusers:1.0.0
- address: `localhost:389` admin dn: `cn=admin,dc=example,dc=org` admin password: `admin`
- PhpLdapAdmin (just to have a convenient way to visualize/modifiy ldap contents): osixia/phpldapadmin:0.5.0
- PhpLdapAdmin (just to have a convenient way to visualize/modifiy ldap contents): osixia/phpldapadmin:0.6.9
- address: `https://localhost` admin dn: `cn=admin,dc=example,dc=org` admin password: `admin`
- Jbosse fuse (**you need to build this image yourself**): https://github.com/paoloantinori/dockerfiles/tree/master/centos/fuse

Expand All @@ -17,14 +17,14 @@ When the script finish you should be able to check fuse container's local ports
```
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9e996ab8e080 fuse6.2.1:latest "/bin/sh -c 'service About an hour ago Up About an hour 0.0.0.0:49153->44444/tcp, 0.0.0.0:49154->61616/tcp, 0.0.0.0:49155->8101/tcp, 0.0.0.0:49156->8181/tcp, 0.0.0.0:49157->1099/tcp, 0.0.0.0:49158->22/tcp root
9e996ab8e080 fuse6.3:latest "/bin/sh -c 'service About an hour ago Up About an hour 0.0.0.0:49153->44444/tcp, 0.0.0.0:49154->61616/tcp, 0.0.0.0:49155->8101/tcp, 0.0.0.0:49156->8181/tcp, 0.0.0.0:49157->1099/tcp, 0.0.0.0:49158->22/tcp root
398aa9b12fc8 osixia/phpldapadmin:0.5.0 "/sbin/my_init" About an hour ago Up About an hour 80/tcp, 0.0.0.0:443->443/tcp phpldapadmin
38b8e0885dbf valdar/ldapfuseusers:1.0.0 "/sbin/my_init" About an hour ago Up About an hour 0.0.0.0:389->389/tcp openldap
```
in this example the hawtio console would be at `http://localhost:49156`, activeMQ at `localhost:49154`, karaf console at `localhost:49155` and ssh into the container at `localhost:49158`.

## NOTE Before launching the script:
Before launching the script you need to build fuse6.2.1 image yourself by download JBoss Fuse distribution from
Before launching the script you need to build fuse6.3 image yourself by download JBoss Fuse distribution from

http://www.jboss.org/products/fuse

Expand All @@ -37,5 +37,9 @@ The build process will extract in the Docker image all the zip files it will fin
# check if base image has been updated
docker pull pantinor/fuse

# build your docker fuse image. you are expected to have either a copy of jboss-fuse-full-6.2.1.0.redhat-084.zip or a link to that file in the current folder.
docker build --rm -t fuse6.2.1 .
# build your docker fuse image. you are expected to have either a copy of jboss-fuse-karaf-6.3.x.redhat-y.zip or a link to that file in the current folder.
docker build --rm -t fuse6.3 .

# Instructions for Fuse 6.2.1

Instructions and code for this same lab targeting Fuse 6.2.1 has been moved to his own branch: https://github.com/valdar/fuseLdapAuthentcation/tree/fuse-6.2.1
10 changes: 3 additions & 7 deletions fuseLdap.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ docker run -t -i -p 389:389 -e SERVER_NAME=ldap.my-compagny.com --name openldap
# assign ip addresses to env variable, despite they should be constant on the same machine across sessions
IP_LDAP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' openldap)
docker run -t -i -p 6443:443 -e PHPLDAPADMIN_LDAP_HOSTS=$IP_LDAP --name phpldapadmin -d osixia/phpldapadmin:0.6.9
docker run -d -t -i $EXPOSE_PORTS --name root fuse6.2.1
docker run -d -t -i $EXPOSE_PORTS --name root fuse6.3

# assign ip addresses to env variable, despite they should be constant on the same machine across sessions
IP_ROOT=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' root)
Expand All @@ -94,10 +94,6 @@ echo "waiting 10 sec to ssh into the root container"
sleep 10

# start fuse on root node
# workaround for https://issues.jboss.org/browse/ENTESB-4894
ssh2host "mv /opt/rh/jboss-fuse-6.2.1.redhat-084/fabric/import/fabric/profiles/mq/amq.profile/org.apache.karaf.command.acl.ssh.properties /opt/rh/org.apache.karaf.command.acl.ssh.properties1"
ssh2host "mv /opt/rh/jboss-fuse-6.2.1.redhat-084/fabric/import/fabric/profiles/jboss/fuse/full.profile/org.apache.karaf.command.acl.ssh.properties /opt/rh/org.apache.karaf.command.acl.shell.properties2"

ssh2host "/opt/rh/jboss-*/bin/start"
echo "waiting the Fuse startup for 30 sec"
sleep 30
Expand Down Expand Up @@ -127,8 +123,8 @@ git checkout 1.1
#add xml ldap configuration to versio 1.1. of default profile
cp ../ldap-module.xml fabric/profiles/default.profile/
#add configuration of ldaphost
touch fabric/profiles/default.profile/ldap.server.properties
echo "ldaphostserver=$IP_LDAP" >> fabric/profiles/default.profile/ldap.server.properties
echo "" >> fabric/profiles/default.profile/io.fabric8.jaas.properties
echo "ldaphostserver=$IP_LDAP" >> fabric/profiles/default.profile/io.fabric8.jaas.properties
#add a config line to io.fabric8.agent.properties in versio 1.1. of default profile
printf "\nbundle.ldap-realm=blueprint:profile:ldap-module.xml" >> fabric/profiles/default.profile/io.fabric8.agent.properties

Expand Down
80 changes: 58 additions & 22 deletions ldap-module.xml
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0" xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.1.0.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">

<type-converters>
<bean class="org.apache.karaf.jaas.modules.properties.PropertiesConverter"/>
</type-converters>

<cm:property-placeholder persistent-id="ldap.server" update-strategy="none" >
<!-- Allow usage of System properties, especially the karaf.base property -->
<ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>

<!-- AdminConfig property place holder for the org.apache.karaf.jaas -->
<cm:property-placeholder persistent-id="io.fabric8.jaas" update-strategy="reload">
<cm:default-properties>
<cm:property name="encryption.name" value="basic"/>
<cm:property name="encryption.enabled" value="true"/>
<cm:property name="encryption.prefix" value="{CRYPT}"/>
<cm:property name="encryption.suffix" value="{CRYPT}"/>
<cm:property name="encryption.algorithm" value="MD5"/>
<cm:property name="encryption.encoding" value="hexadecimal"/>
<cm:property name="detailed.login.exception" value="false"/>
<cm:property name="audit.file.enabled" value="true"/>
<cm:property name="audit.file.file" value="$[karaf.data]/security/audit.log"/>
<cm:property name="audit.eventadmin.enabled" value="true"/>
<cm:property name="audit.eventadmin.topic" value="org/apache/karaf/login"/>
<cm:property name="ldaphostserver" value="localhost"/>
</cm:default-properties>
</cm:property-placeholder>
<jaas:config name="karaf" rank="100">
<jaas:module className="io.fabric8.jaas.ZookeeperLoginModule" flags="sufficient"/>

<jaas:config name="karaf" rank="200">
<jaas:module className="io.fabric8.jaas.ZookeeperLoginModule" flags="sufficient">
enabled = ${audit.file.enabled}
file = ${audit.file.file}
encryption.name = ${encryption.name}
encryption.enabled = ${encryption.enabled}
encryption.prefix = ${encryption.prefix}
encryption.suffix = ${encryption.suffix}
encryption.algorithm = ${encryption.algorithm}
encryption.encoding = ${encryption.encoding}
path = /fabric/authentication/users
</jaas:module>
<jaas:module className="org.apache.karaf.jaas.modules.audit.FileAuditLoginModule" flags="optional">
enabled = ${audit.file.enabled}
file = ${audit.file.file}
</jaas:module>
<jaas:module className="org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule" flags="optional">
enabled = ${audit.eventadmin.enabled}
topic = ${audit.eventadmin.topic}
</jaas:module>
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="sufficient">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=cn=admin,dc=example,dc=org
connection.password=admin
connection.protocol=
connection.url=ldap://${ldaphostserver}:389
user.base.dn=ou=People,dc=example,dc=org
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=Groups,dc=example,dc=org
role.name.attribute=cn
role.filter=(memberuid=%u)
role.search.subtree=true
authentication=simple
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=cn=admin,dc=example,dc=org
connection.password=admin
connection.protocol=
connection.url=ldap://${ldaphostserver}:389
user.base.dn=ou=People,dc=example,dc=org
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=Groups,dc=example,dc=org
role.name.attribute=cn
role.filter=(memberuid=%u)
role.search.subtree=true
authentication=simple
</jaas:module>
</jaas:config>
</blueprint>

0 comments on commit 4faa8aa

Please sign in to comment.