feat(docker-jans-monolith): add docker jans monolith (#2323)

* feat: add monolith image for test and dev

* feat: finish Dockerfile and docker compose

* docs: add table of info

* ci: add quick run

* fix: volumes

* fix: scim env name

* docs: add quick start command

* fix: add clean up command to the quick start

* fix: clean up

* fix: conform to hadolint rules

* fix: update linux installer

* feat: add installation check

* fix: add gitignore rules for volumes

* fix(monolith): remove deployment flag volume

Co-authored-by: iromli <isman.firmansyah@gmail.com>
Former-commit-id: c31c393

.github/workflows/docker_build_image.yml

@@ -28,9 +28,9 @@ on:
   workflow_dispatch:
     inputs:
       services:
-        description: 'One or set of the docker images. Format as following: "docker-jans-auth-server docker-jans-certmanager docker-jans-client-api docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim"'
+        description: 'One or set of the docker images. Format as following: "docker-jans-auth-server docker-jans-certmanager docker-jans-client-api docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith"'
         required: true
-        default: 'docker-jans-auth-server docker-jans-certmanager docker-jans-client-api docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim'
+        default: 'docker-jans-auth-server docker-jans-certmanager docker-jans-client-api docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith'
       cn_version:
         description: 'The war version to build the image off'
         required: false
@@ -63,7 +63,7 @@ jobs:
           DEFAULT_ALL=${{ github.event.inputs.services }}
           if [ -z "$DEFAULT_ALL" ]
           then
-            DEFAULT_ALL="docker-jans-auth-server docker-jans-certmanager docker-jans-client-api docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim"
+            DEFAULT_ALL="docker-jans-auth-server docker-jans-certmanager docker-jans-client-api docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith"
           else
             echo "$DEFAULT_ALL"
           fi

.github/workflows/docker_imagescan.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        docker-images: ["auth-server", "certmanager", "config-api", "client-api", "configurator", "fido2", "persistence-loader", "scim"]
+        docker-images: ["auth-server", "certmanager", "config-api", "client-api", "configurator", "fido2", "persistence-loader", "scim", "monolith"]
     steps:
     - uses: actions/checkout@v3
     - name: Build the Container image

.github/workflows/release.yaml

@@ -120,7 +120,7 @@ jobs:
       #max-parallel: 1
       fail-fast: false
       matrix:
-        simple: [ "docker-jans-auth-server", "docker-jans-certmanager", "docker-jans-config-api", "docker-jans-client-api", "docker-jans-configurator", "docker-jans-fido2", "docker-jans-persistence-loader", "docker-jans-scim" ]
+        simple: [ "docker-jans-auth-server", "docker-jans-certmanager", "docker-jans-config-api", "docker-jans-client-api", "docker-jans-configurator", "docker-jans-fido2", "docker-jans-persistence-loader", "docker-jans-scim", "docker-jans-monolith" ]
     steps:
     - name: Checkout
       uses: actions/checkout@v3

automation/startjanssenmonolithdemo.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+set -eo pipefail
+
+JANS_FQDN=$1
+JANS_PERSISTENCE=$2
+
+if [[ ! "$JANS_FQDN" ]]; then
+  read -rp "Enter Hostname [demoexample.jans.io]:                           " JANS_FQDN
+fi
+if [[ ! "$JANS_PERSISTENCE" ]]; then
+  read -rp "Enter persistence type [LDAP(NOT SUPPORTED YET)|MYSQL]:                            " JANS_PERSISTENCE
+fi
+
+if [[ -z $EXT_IP ]]; then
+  EXT_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
+fi
+
+sudo apt-get update
+# Install Docker and Docker compose plugin
+sudo apt-get remove docker docker-engine docker.io containerd runc -y || echo "Docker doesn't exist..installing.."
+sudo apt-get update
+sudo apt-get install \
+  ca-certificates \
+  curl \
+  gnupg \
+  lsb-release -y
+sudo mkdir -p /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt-get update
+sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
+WORKING_DIRECTORY=$PWD
+# note that as we're pulling from a monorepo (with multiple project in it)
+# we are using partial-clone and sparse-checkout to get the docker-jans-monolith code
+rm -rf /tmp/jans || echo "/tmp/jans doesn't exist"
+git clone --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \
+    && cd /tmp/jans \
+    && git sparse-checkout init --cone \
+    && git checkout main \
+    && git sparse-checkout set docker-jans-monolith \
+    && cd "$WORKING_DIRECTORY"
+
+if [[ $JANS_PERSISTENCE == "MYSQL" ]]; then
+  docker compose -f /tmp/jans/docker-jans-monolith/mysql-docker-compose.yml up -d
+fi
+echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null
+echo "Waiting for the Janssen server to come up. Depending on the  resources it may take 3-5 mins for the services to be up."
+sleep 180
+cat << EOF > testendpoints.sh
+echo -e "Testing openid-configuration endpoint.. \n"
+curl -k https://$JANS_FQDN/.well-known/openid-configuration
+echo -e "Testing scim-configuration endpoint.. \n"
+curl -k https://$JANS_FQDN/.well-known/scim-configuration
+echo -e "Testing fido2-configuration endpoint.. \n"
+curl -k https://$JANS_FQDN/.well-known/fido2-configuration
+EOF
+sudo bash testendpoints.sh
+echo -e "You may re-execute bash testendpoints.sh to do a quick test to check the configuration endpoints."
+echo -e "Add the following record to your local computers' hosts file to engage with the services $EXT_IP $JANS_FQDN"
+echo -e "To clean up run:"
+echo -e "docker compose -f /tmp/jans/docker-jans-monolith/mysql-docker-compose.yml down && rm -rf /tmp/jans"

charts/janssen/Chart.yaml

@@ -20,6 +20,8 @@ annotations:
       image: janssenproject/persistence-loader:1.0.3_dev
     - name: scim
       image: janssenproject/scim:1.0.3_dev
+    - name: monolith
+      image: janssenproject/monolith:1.0.3_dev
   artifacthub.io/license: Apache-2.0
   artifacthub.io/prerelease: 'true'
   catalog.cattle.io/certified: partner

docker-jans-monolith/.gitignore

@@ -0,0 +1,2 @@
+*-custom
+jans-deployed

docker-jans-monolith/.hadolint.yaml

@@ -0,0 +1,5 @@
+ignored:
+  - SC1083
+  - DL3008  # Pin versions in apt-get
+  - DL3013  # Pin versions in pip
+  - DL3015  # Specify --no-install-recommends

docker-jans-monolith/Dockerfile

@@ -0,0 +1,96 @@
+FROM ubuntu:20.04
+
+# Don't start any optional services except for the few we need.
+RUN find /etc/systemd/system \
+    /lib/systemd/system \
+    -path '*.wants/*' \
+    -not -name '*journald*' \
+    -not -name '*systemd-tmpfiles*' \
+    -not -name '*systemd-user-sessions*' \
+    -exec rm \{} \;
+
+# Disable list of suggested/ recommended dependencies
+RUN echo 'APT::Install-Suggests "0";' >> /etc/apt/apt.conf.d/00-docker \
+    && echo 'APT::Install-Recommends "0";' >> /etc/apt/apt.conf.d/00-docker
+
+# Prevent prompt errors during package installation
+RUN DEBIAN_FRONTEND=noninteractive \
+    apt-get update \
+    && apt-get install -y python3 tini curl ca-certificates dbus systemd iproute2 gpg python3-pip \
+    && apt-get clean \
+    # Cleaning up package lists
+    && rm -rf /var/lib/apt/lists/*
+
+
+RUN systemctl set-default multi-user.target \
+    && systemctl mask dev-hugepages.mount sys-fs-fuse-connections.mount
+
+# Workaround agetty high CPU. https://bugzilla.redhat.com/show_bug.cgi?id=1046469
+RUN rm -f /lib/systemd/system/systemd*udev* \
+    && rm -f /lib/systemd/system/getty.target
+
+HEALTHCHECK --interval=35s --timeout=4s CMD /opt/dist/scripts/jans-auth check | grep "Jetty running pid" || exit 1
+
+# Ports required by jetty
+EXPOSE 443 8080 1636
+
+# =====================
+# jans-linux-setup
+# =====================
+
+ENV JANS_SOURCE_VERSION=732ce6afb18fb1f352dfbf4ce971039b8824bc36
+
+# cleanup
+RUN rm -rf /tmp/jans
+
+# ======
+# Python
+# ======
+COPY requirements.txt /app/requirements.txt
+RUN pip3 install --no-cache-dir -U pip wheel \
+    && pip3 install --no-cache-dir -r /app/requirements.txt \
+    && pip3 uninstall -y pip wheel
+
+# =======
+# License
+# =======
+
+COPY LICENSE /licenses/LICENSE
+
+# ==========
+# SETUP ENVS
+# ==========
+
+ENV CN_HOSTNAME="demoexample.jans.io" \
+    CN_ADMIN_PASS="" \
+    CN_ORG_NAME="Janssen" \
+    CN_EMAIL="support.jans.io" \
+    CN_CITY="Austin" \
+    CN_STATE="TX" \
+    CN_COUNTRY="US" \
+    # Install with local mysql by default
+    INSTALL_LDAP="false" \
+    CN_INSTALL_CONFIG_API="true" \
+    CN_INSTALL_SCIM="true" \
+    CN_INSTALL_FIDO2="true" \
+    CN_INSTALL_CLIENT_API="true" \
+    MYSQL_DATABASE="jans" \
+    MYSQL_USER="jans" \
+    MYSQL_PASSWORD=""
+
+# ==========
+# misc stuff
+# ==========
+
+LABEL name="janssenproject/monolith" \
+    maintainer="Janssen Project <support@jans.io>" \
+    vendor="Janssen Project" \
+    version="1.0.3" \
+    release="dev" \
+    summary="Janssen Monolith Image" \
+    description="Janssen Authorization server"
+
+COPY scripts /app/scripts
+RUN chmod +x /app/scripts/entrypoint.sh
+
+CMD ["/bin/bash", "-c", "exec /app/scripts/entrypoint.sh --log-target=journal 3>&1"]