From 170242b283a0eddfa298d450c811354b24df7d42 Mon Sep 17 00:00:00 2001 From: Markus Krogh Date: Wed, 4 Oct 2017 11:38:54 +0200 Subject: Logging done right --- idp/Dockerfile | 2 +- idp/shib-entrypoint.sh | 17 ++++++++++++----- idp/shibboleth.db.ddl | 11 ----------- idp/shibboleth.properties | 6 ------ idp/templates/config/logback.xml | 4 ++-- 5 files changed, 15 insertions(+), 25 deletions(-) delete mode 100644 idp/shibboleth.db.ddl delete mode 100644 idp/shibboleth.properties (limited to 'idp') diff --git a/idp/Dockerfile b/idp/Dockerfile index 037d50b..0b0b807 100644 --- a/idp/Dockerfile +++ b/idp/Dockerfile @@ -1,5 +1,5 @@ FROM jetty:9-alpine -MAINTAINER Jesper B. Rosenkilde +LABEL authors="Markus Krogh ,Jesper B. Rosenkilde " USER root ENV IDP_VERSION 3.3.1 diff --git a/idp/shib-entrypoint.sh b/idp/shib-entrypoint.sh index 944ea09..33d534f 100755 --- a/idp/shib-entrypoint.sh +++ b/idp/shib-entrypoint.sh @@ -13,6 +13,13 @@ fi if [ -n "$IDP_SCOPE" ]; then sed -i -e "/idp.scope=/ s/nordu.dev/$IDP_HOSTNAME/" $IDP_PROPERTIES fi +# log to /opt/data/logs +if [ -e /opt/data ]; then + if ! grep -q "idp.logfiles=" $IDP_PROPERTIES; then + mkdir /opt/data/logs + echo "idp.logfiles=/opt/data/logs" >> $IDP_PROPERTIES + fi +fi # FTICKS if [ -n "$FTICKS_FEDERATION" ]; then @@ -37,7 +44,7 @@ fi # PersistentID if [ -n "$IDP_PERSISTENTID_SALT" ]; then - if ! grep '' /opt/shibboleth-idp/conf/saml-nameid.xml ; then + if ! grep -q '' /opt/shibboleth-idp/conf/saml-nameid.xml ; then sed -i -e '// a ' /opt/shibboleth-idp/conf/saml-nameid.xml fi @@ -47,13 +54,13 @@ if [ -n "$IDP_PERSISTENTID_SALT" ]; then -e '/idp.persistentId.salt/ s/^#//' \ -e "/idp.persistentId.salt/ s/changethistosomethingrandom/$IDP_PERSISTENTID_SALT/" /opt/shibboleth-idp/conf/saml-nameid.properties # add xml conf to attribute-resolver - if ! grep "%{idp.persistentId.sourceAttribute}" /opt/shibboleth-idp/conf/attribute-resolver.xml ; then + if ! grep -q "%{idp.persistentId.sourceAttribute}" /opt/shibboleth-idp/conf/attribute-resolver.xml ; then sed -i '//r /opt/templates/config/edupersontargetdid.xml.add' /opt/shibboleth-idp/conf/attribute-resolver.xml fi fi if [ -n "$IDP_DEBUG" ]; then - if ! grep "idp.loglevel.messages=DEBUG" $IDP_PROPERTIES ; then + if ! grep -q "idp.loglevel.messages=DEBUG" $IDP_PROPERTIES ; then echo "idp.loglevel.messages=DEBUG" >> $IDP_PROPERTIES echo "idp.loglevel.encryption=DEBUG" >> $IDP_PROPERTIES fi @@ -88,7 +95,7 @@ if [ -e ${DATADIR}/sp-metadata ]; then SP_NAME=${SP_XML%.*} ENTITY_ID=$(grep -o 'entityID=".*"' "$sp_file" | sed -e 's/entityID="//' -e 's/".*$//') - if ! grep "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then + if ! grep -q "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then sed -i '//r /opt/templates/config/sp.xml.add' /opt/shibboleth-idp/conf/metadata-providers.xml sed -i -e "s/SP_NAME/$SP_NAME/" -e "s/SP_XML/$SP_XML/" /opt/shibboleth-idp/conf/metadata-providers.xml @@ -101,7 +108,7 @@ fi # Styling/view properties IDP_MESSAGES=/opt/shibboleth-idp/messages/messages.properties if [ -n "$IDP_FOOTER" ]; then - if ! grep "idp.footer" $IDP_PROPERTIES; then + if ! grep -q "idp.footer" $IDP_PROPERTIES; then echo "idp.footer=$IDP_FOOTER" >> $IDP_PROPERTIES fi fi diff --git a/idp/shibboleth.db.ddl b/idp/shibboleth.db.ddl deleted file mode 100644 index 3799b91..0000000 --- a/idp/shibboleth.db.ddl +++ /dev/null @@ -1,11 +0,0 @@ -CREATE TABLE shibpid ( - localEntity VARCHAR(255) NOT NULL, - peerEntity VARCHAR(255) NOT NULL, - persistentId VARCHAR(50) NOT NULL, - principalName VARCHAR(50) NOT NULL, - localId VARCHAR(50) NOT NULL, - peerProvidedId VARCHAR(50) NULL, - creationDate TIMESTAMP NOT NULL, - deactivationDate TIMESTAMP NULL, - PRIMARY KEY (localEntity, peerEntity, persistentId) -); diff --git a/idp/shibboleth.properties b/idp/shibboleth.properties deleted file mode 100644 index da0a7e7..0000000 --- a/idp/shibboleth.properties +++ /dev/null @@ -1,6 +0,0 @@ -idp.src.dir=/opt/shibboleth-identity-provider -idp.target.dir=/opt/shibboleth-idp -idp.host.name=idp.nordu.dev -idp.scope=nordu.dev -idp.keystore.password=lemonade -idp.sealer.password=lemonade diff --git a/idp/templates/config/logback.xml b/idp/templates/config/logback.xml index 6afa4ef..26e5ef0 100644 --- a/idp/templates/config/logback.xml +++ b/idp/templates/config/logback.xml @@ -160,9 +160,9 @@ - ${idp.home}/logs/idp-audit-fticks.log + ${idp.logfiles}/idp-audit-fticks.log - ${idp.home}/logs/idp-audit-fticks%d{yyyy-MM-dd}.log.gz + ${idp.logfiles}/idp-audit-fticks%d{yyyy-MM-dd}.log.gz 180 -- cgit v1.1