From 170242b283a0eddfa298d450c811354b24df7d42 Mon Sep 17 00:00:00 2001
From: Markus Krogh <markus@nordu.net>
Date: Wed, 4 Oct 2017 11:38:54 +0200
Subject: Logging done right

---
 idp/Dockerfile                   |  2 +-
 idp/shib-entrypoint.sh           | 17 ++++++++++++-----
 idp/shibboleth.db.ddl            | 11 -----------
 idp/shibboleth.properties        |  6 ------
 idp/templates/config/logback.xml |  4 ++--
 5 files changed, 15 insertions(+), 25 deletions(-)
 delete mode 100644 idp/shibboleth.db.ddl
 delete mode 100644 idp/shibboleth.properties

(limited to 'idp')

diff --git a/idp/Dockerfile b/idp/Dockerfile
index 037d50b..0b0b807 100644
--- a/idp/Dockerfile
+++ b/idp/Dockerfile
@@ -1,5 +1,5 @@
 FROM jetty:9-alpine
-MAINTAINER Jesper B. Rosenkilde <jbr@nordu.net>
+LABEL authors="Markus Krogh <markus@nordu.net>,Jesper B. Rosenkilde <jbr@nordu.net>"
 
 USER root
 ENV IDP_VERSION 3.3.1
diff --git a/idp/shib-entrypoint.sh b/idp/shib-entrypoint.sh
index 944ea09..33d534f 100755
--- a/idp/shib-entrypoint.sh
+++ b/idp/shib-entrypoint.sh
@@ -13,6 +13,13 @@ fi
 if [ -n "$IDP_SCOPE" ]; then
   sed -i -e "/idp.scope=/ s/nordu.dev/$IDP_HOSTNAME/" $IDP_PROPERTIES
 fi
+# log to /opt/data/logs
+if [ -e /opt/data ]; then
+  if ! grep -q "idp.logfiles=" $IDP_PROPERTIES; then
+    mkdir /opt/data/logs
+    echo "idp.logfiles=/opt/data/logs" >> $IDP_PROPERTIES
+  fi
+fi
 
 # FTICKS
 if [ -n "$FTICKS_FEDERATION" ]; then
@@ -37,7 +44,7 @@ fi
 # PersistentID
 
 if [ -n "$IDP_PERSISTENTID_SALT" ]; then
-  if ! grep '<ref bean="shibboleth.SAML2PersistentGenerator"  />' /opt/shibboleth-idp/conf/saml-nameid.xml ; then
+  if ! grep -q '<ref bean="shibboleth.SAML2PersistentGenerator"  />' /opt/shibboleth-idp/conf/saml-nameid.xml ; then
     sed -i -e '/<util:list id="shibboleth.SAML2NameIDGenerators">/ a <ref bean="shibboleth.SAML2PersistentGenerator"  />' /opt/shibboleth-idp/conf/saml-nameid.xml
   fi
 
@@ -47,13 +54,13 @@ if [ -n "$IDP_PERSISTENTID_SALT" ]; then
          -e '/idp.persistentId.salt/ s/^#//' \
          -e "/idp.persistentId.salt/ s/changethistosomethingrandom/$IDP_PERSISTENTID_SALT/"  /opt/shibboleth-idp/conf/saml-nameid.properties
   # add xml conf to attribute-resolver
-  if ! grep "%{idp.persistentId.sourceAttribute}" /opt/shibboleth-idp/conf/attribute-resolver.xml ; then
+  if ! grep -q "%{idp.persistentId.sourceAttribute}" /opt/shibboleth-idp/conf/attribute-resolver.xml ; then
     sed -i '/<!-- eduPersonTargetdID placeholder -->/r /opt/templates/config/edupersontargetdid.xml.add' /opt/shibboleth-idp/conf/attribute-resolver.xml
   fi
 fi
 
 if [ -n "$IDP_DEBUG" ]; then
-  if ! grep "idp.loglevel.messages=DEBUG" $IDP_PROPERTIES ; then
+  if ! grep -q "idp.loglevel.messages=DEBUG" $IDP_PROPERTIES ; then
     echo "idp.loglevel.messages=DEBUG" >> $IDP_PROPERTIES
     echo "idp.loglevel.encryption=DEBUG" >> $IDP_PROPERTIES
   fi
@@ -88,7 +95,7 @@ if [ -e ${DATADIR}/sp-metadata ]; then
     SP_NAME=${SP_XML%.*}
     ENTITY_ID=$(grep -o 'entityID=".*"' "$sp_file" | sed -e 's/entityID="//' -e 's/".*$//')
 
-    if ! grep "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then
+    if ! grep -q "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then
       sed -i '/<!-- local SPs -->/r /opt/templates/config/sp.xml.add' /opt/shibboleth-idp/conf/metadata-providers.xml
       sed -i -e "s/SP_NAME/$SP_NAME/" -e "s/SP_XML/$SP_XML/" /opt/shibboleth-idp/conf/metadata-providers.xml
 
@@ -101,7 +108,7 @@ fi
 # Styling/view properties
 IDP_MESSAGES=/opt/shibboleth-idp/messages/messages.properties
 if [ -n "$IDP_FOOTER" ]; then
-  if ! grep "idp.footer" $IDP_PROPERTIES; then
+  if ! grep -q "idp.footer" $IDP_PROPERTIES; then
     echo "idp.footer=$IDP_FOOTER" >> $IDP_PROPERTIES
   fi
 fi
diff --git a/idp/shibboleth.db.ddl b/idp/shibboleth.db.ddl
deleted file mode 100644
index 3799b91..0000000
--- a/idp/shibboleth.db.ddl
+++ /dev/null
@@ -1,11 +0,0 @@
-CREATE TABLE shibpid (
-  localEntity VARCHAR(255) NOT NULL,
-  peerEntity VARCHAR(255) NOT NULL,
-  persistentId VARCHAR(50) NOT NULL,
-  principalName VARCHAR(50) NOT NULL,
-  localId VARCHAR(50) NOT NULL,
-  peerProvidedId VARCHAR(50) NULL,
-  creationDate TIMESTAMP NOT NULL,
-  deactivationDate TIMESTAMP NULL,
-  PRIMARY KEY (localEntity, peerEntity, persistentId)
-);
diff --git a/idp/shibboleth.properties b/idp/shibboleth.properties
deleted file mode 100644
index da0a7e7..0000000
--- a/idp/shibboleth.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-idp.src.dir=/opt/shibboleth-identity-provider
-idp.target.dir=/opt/shibboleth-idp
-idp.host.name=idp.nordu.dev
-idp.scope=nordu.dev
-idp.keystore.password=lemonade
-idp.sealer.password=lemonade
diff --git a/idp/templates/config/logback.xml b/idp/templates/config/logback.xml
index 6afa4ef..26e5ef0 100644
--- a/idp/templates/config/logback.xml
+++ b/idp/templates/config/logback.xml
@@ -160,9 +160,9 @@
 
     <!-- F-TICKS syslog destination. -->
     <appender name="IDP_AUDIT_FTICKS" class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <File>${idp.home}/logs/idp-audit-fticks.log</File>
+    <File>${idp.logfiles}/idp-audit-fticks.log</File>
     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-        <fileNamePattern>${idp.home}/logs/idp-audit-fticks%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+        <fileNamePattern>${idp.logfiles}/idp-audit-fticks%d{yyyy-MM-dd}.log.gz</fileNamePattern>
         <maxHistory>180</maxHistory>
     </rollingPolicy>
     <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
-- 
cgit v1.1