def main(): manager = get_manager() manager.secret.to_file( "passport_rp_jks_base64", manager.config.get("passport_rp_client_jks_fn"), decode=True, binary_mode=True, ) manager.secret.to_file( "passport_rs_jks_base64", manager.config.get("passport_rs_client_jks_fn"), decode=True, binary_mode=True, ) manager.secret.to_file( "passport_rp_client_cert_base64", manager.config.get("passport_rp_client_cert_fn"), decode=True, ) manager.secret.to_file("idp3SigningCertificateText", "/etc/certs/idp-signing.crt") manager.secret.to_file("passport_sp_cert_base64", "/etc/certs/passport-sp.crt", decode=True) manager.secret.to_file("passport_sp_key_base64", "/etc/certs/passport-sp.key", decode=True) render_passport_config(manager) render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")
def main(): persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default") if persistence_type not in PERSISTENCE_TYPES: logger.error("Unsupported GLUU_PERSISTENCE_TYPE value; " "please choose one of {}".format( ", ".join(PERSISTENCE_TYPES))) sys.exit(1) if persistence_type == "hybrid" and ldap_mapping not in PERSISTENCE_LDAP_MAPPINGS: logger.error("Unsupported GLUU_PERSISTENCE_LDAP_MAPPING value; " "please choose one of {}".format( ", ".join(PERSISTENCE_LDAP_MAPPINGS))) sys.exit(1) manager = get_manager() deps = ["config", "secret"] if persistence_type == "hybrid": deps += ["ldap_conn", "couchbase_conn"] else: deps.append("{}_conn".format(persistence_type)) wait_for(manager, deps)
def main(): persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") validate_persistence_type(persistence_type) ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default") validate_persistence_ldap_mapping(persistence_type, ldap_mapping) manager = get_manager() deps = ["config", "secret"] if persistence_type == "hybrid": deps += ["ldap", "couchbase"] else: deps.append(persistence_type) wait_for(manager, deps)
def main(): manager = get_manager() backend_classes = { "ldap": LDAPBackend, "couchbase": CouchbaseBackend, "hybrid": HybridBackend, } # initialize the backend backend_cls = backend_classes.get(GLUU_PERSISTENCE_TYPE) if not backend_cls: raise ValueError("unsupported backend") backend = backend_cls(manager) backend.initialize()
def main(): manager = get_manager() persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt") render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties") render_radius_properties( manager, "/app/templates/gluu-radius.properties.tmpl", "/etc/gluu/conf/radius/gluu-radius.properties") if persistence_type in ("ldap", "hybrid"): render_ldap_properties( manager, "/app/templates/gluu-ldap.properties.tmpl", "/etc/gluu/conf/gluu-ldap.properties", ) sync_ldap_truststore(manager) if persistence_type in ("couchbase", "hybrid"): render_couchbase_properties( manager, "/app/templates/gluu-couchbase.properties.tmpl", "/etc/gluu/conf/gluu-couchbase.properties", ) sync_couchbase_truststore(manager) if persistence_type == "hybrid": render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties") if not os.path.isfile("/etc/certs/gluu_https.crt"): if as_boolean(os.environ.get("GLUU_SSL_CERT_FROM_SECRETS", False)): manager.secret.to_file("ssl_cert", "/etc/certs/gluu_https.crt") else: get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt") cert_to_truststore( "gluu_https", "/etc/certs/gluu_https.crt", "/usr/lib/jvm/default-jvm/jre/lib/security/cacerts", "changeit", ) manager.secret.to_file("radius_jks_base64", "/etc/certs/gluu-radius.jks", decode=True, binary_mode=True)
def main(): persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") validate_persistence_type(persistence_type) ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default") validate_persistence_ldap_mapping(persistence_type, ldap_mapping) meta = os.environ.get("GLUU_CONTAINER_METADATA") if meta not in CONTAINER_META_OPTS: logger.error( "Invalid value for GLUU_CONTAINER_METADATA environment variable; " "please choose one of {}".format(", ".join(CONTAINER_META_OPTS))) sys.exit(1) manager = get_manager() deps = ["config", "secret"] if persistence_type == "hybrid": deps += ["ldap", "couchbase"] else: deps.append(persistence_type) wait_for(manager, deps)
def main(): GLUU_CONTAINER_METADATA = os.environ.get("GLUU_CONTAINER_METADATA", "docker") # check interval (by default per 5 mins) GLUU_CR_ROTATION_CHECK = os.environ.get("GLUU_CR_ROTATION_CHECK", 60 * 5) try: check_interval = int(GLUU_CR_ROTATION_CHECK) except ValueError: check_interval = 60 * 5 manager = get_manager() persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default") rotator = CacheRefreshRotator(manager, persistence_type, ldap_mapping) if GLUU_CONTAINER_METADATA == "kubernetes": client = KubernetesMeta() else: client = DockerMeta() try: while True: oxtrust_containers = client.get_containers("APP_NAME=oxtrust") oxtrust_ip_pool = [ client.get_container_ip(container) for container in oxtrust_containers ] signalon = False config = rotator.backend.get_configuration() current_ip_in_ldap = config.get( "oxTrustCacheRefreshServerIpAddress", DEFAULT_IP) is_cr_enabled = config["gluuVdsCacheRefreshEnabled"] in ("enabled", True) # is_cr_enabled = True if current_ip_in_ldap in oxtrust_ip_pool and is_cr_enabled: write_master_ip(current_ip_in_ldap) if check_master_ip(current_ip_in_ldap) and oxtrust_containers: signalon = True if current_ip_in_ldap == SIGNAL_IP: logger.info( "Signal received. Setting new oxtrust container at this node to CacheRefresh " ) signalon = True if not oxtrust_containers and is_cr_enabled: rotator.send_signal() # If no oxtrust was found the previous would set ip to default. If later oxtrust was found if current_ip_in_ldap == DEFAULT_IP and is_cr_enabled and oxtrust_containers: logger.info( "Oxtrust containers found after resetting to defaults.") signalon = True for container in oxtrust_containers: ip = client.get_container_ip(container) # The user has disabled the CR or CR is not active if not is_cr_enabled: logger.warning('Cache refresh is found to be disabled.') config = rotator.backend.get_configuration() current_ip_in_ldap = config.get( "oxTrustCacheRefreshServerIpAddress", DEFAULT_IP) is_cr_enabled = config["gluuVdsCacheRefreshEnabled"] in ( "enabled", True) # is_cr_enabled = True # Check the container has not been setup previously, the CR is enabled if ip != current_ip_in_ldap and is_cr_enabled and current_ip_in_ldap not in oxtrust_ip_pool \ and signalon: logger.info( "Current oxTrustCacheRefreshServerIpAddress: {}". format(current_ip_in_ldap)) # Clean cache folder at oxtrust container logger.info( "Cleaning cache folders for {} with IP {}".format( client.get_container_name(container), client.get_container_ip(container))) clean_snapshot(client, container) logger.info( "Updating oxTrustCacheRefreshServerIpAddress to IP address {}" .format(ip)) req = rotator.backend.update_configuration( config["id"], ip) if req["success"]: logger.info("CacheRefresh config has been updated") else: logger.warning( "Unable to update CacheRefresh config; reason={}". format(req["message"])) # delay time.sleep(check_interval) except KeyboardInterrupt: logger.warning("Canceled by user; exiting ...")
import os import re from pygluu.containerlib import get_manager from pygluu.containerlib.persistence import render_couchbase_properties from pygluu.containerlib.persistence import render_gluu_properties from pygluu.containerlib.persistence import render_hybrid_properties from pygluu.containerlib.persistence import render_ldap_properties from pygluu.containerlib.persistence import render_salt from pygluu.containerlib.persistence import sync_couchbase_truststore from pygluu.containerlib.persistence import sync_ldap_truststore from pygluu.containerlib.utils import cert_to_truststore from pygluu.containerlib.utils import get_server_certificate from pygluu.containerlib.utils import as_boolean manager = get_manager() def modify_jetty_xml(): fn = "/opt/jetty/etc/jetty.xml" with open(fn) as f: txt = f.read() # disable contexts updates = re.sub( r'<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>', r'<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler">\n\t\t\t\t <Set name="showContexts">false</Set>\n\t\t\t </New>', txt, flags=re.DOTALL | re.M, )
def main(): manager = get_manager() deps = ["config", "secret"] wait_for(manager, deps)