jboss-dockerfiles · slaskawi · May 10, 2017 · May 11, 2017 · May 11, 2017 · Jul 13, 2017
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.idea
+*.iml
diff --git a/ci/ci_check.sh b/ci/ci_check.sh
@@ -15,7 +15,7 @@ function build_images {
 
 function start_server {
   echo "==== Starting the server ===="
-  SERVER_CONTAINER_ID=`sudo docker run -d --name infinispan-server-ci infinispan-server -Djboss.default.jgroups.stack=tcp`
+  SERVER_CONTAINER_ID=`sudo docker run -d --name infinispan-server-ci -e "APP_USER=user" -e "APP_PASS=changeme" infinispan-server -Djboss.default.jgroups.stack=tcp`
   if [ -z "$SERVER_CONTAINER_ID" ]; then
     echo "Could not create the container"
     exit 1

diff --git a/ci/ci_openshift.sh b/ci/ci_openshift.sh
@@ -48,7 +48,10 @@ function add_building_permission {
 
 function create_application {
   echo "==== Creating Infinispan application ===="
-  ./oc new-app $OPENSHIFT_COMPONENT_NAME --docker-image="$IMAGE_INSIDE_OPENSHIFT"
+  ./oc new-app $OPENSHIFT_COMPONENT_NAME \
+      --docker-image="$IMAGE_INSIDE_OPENSHIFT" \
+      -e "APP_USER=user" \
+      -e "APP_PASS=changeme"
   wait_for_ispn
 }
 
@@ -72,6 +75,19 @@ function perform_test_via_rest {
   fi
 }
 
+function perform_negative_test_via_rest {
+  echo "==== Performing negative REST test ===="
+  ISPN_IP=`./oc describe svc/$OPENSHIFT_COMPONENT_NAME | grep IP: | awk '{print $2}'`
+  CODE_RETURNED=$(curl -s -o /dev/null -H 'Accept: text/plain' -w "%{http_code}" http://$ISPN_IP:8080/rest/default/1)
+  if [ $CODE_RETURNED == '401' ]; then
+    echo "REST test Passed"
+    TEST_RESULT=0
+  else
+    echo "REST test Failed. REST server returned $CODE_RETURNED but was expected 401"
+    TEST_RESULT=1
+  fi
+}
+
 function login_as_admin {
   echo "==== Logging in as admin ===="
   ./oc login -u system:admin
@@ -114,5 +130,6 @@ build_images
 create_application
 expose_route
 perform_test_via_rest
+perform_negative_test_via_rest
 
 exit $TEST_RESULT
diff --git a/server/Dockerfile b/server/Dockerfile
@@ -5,29 +5,19 @@ FROM jboss/base-jdk:8
 ENV INFINISPAN_SERVER_HOME /opt/jboss/infinispan-server
 
 # Set the INFINISPAN_VERSION env variable
-ENV INFINISPAN_VERSION 9.1.0.CR1
-ENV MGMT_USER admin
-
-ENV MGMT_PASS admin 
-
-ENV APP_USER user
-
-ENV APP_PASS changeme
+ENV INFINISPAN_VERSION 9.0.0-SNAPSHOT
 
 # Ensure signals are forwarded to the JVM process correctly for graceful shutdown
 ENV LAUNCH_JBOSS_IN_BACKGROUND true
 
-# Server download location
-ENV DISTRIBUTION_URL https://repository.jboss.org/nexus/content/repositories/releases/org/infinispan/server/infinispan-server-build/$INFINISPAN_VERSION/infinispan-server-build-$INFINISPAN_VERSION.zip
-
 # Labels
 LABEL name="Infinispan Server" \
       version="$INFINISPAN_VERSION" \
       release="$INFINISPAN_VERSION" \
       architecture="x86_64" \
       io.k8s.description="Provides a scalable in-memory distributed database designed for fast access to large volumes of data." \
       io.k8s.display-name="Infinispan Server" \
-      io.openshift.expose-services="8080:http,11222:hotrod" \
+      io.openshift.expose-services="8080:http,11222:hotrod,8778:jolokia" \
       io.openshift.tags="datagrid,java,jboss" \
       io.openshift.s2i.scripts-url="image:///usr/local/s2i/bin"
 
@@ -36,9 +26,9 @@ USER root
 
 ENV HOME /opt/jboss/
 
-RUN INFINISPAN_SHA=$(curl $DISTRIBUTION_URL.sha1); curl -o /tmp/server.zip $DISTRIBUTION_URL && sha1sum /tmp/server.zip | grep $INFINISPAN_SHA \
-    && unzip -q /tmp/server.zip -d $HOME && mv $HOME/infinispan-server-* $HOME/infinispan-server && rm /tmp/server.zip \ 
-    && chown -R 1000.0 /opt/jboss/infinispan-server/ \
+COPY infinispan-server /opt/jboss/infinispan-server/
+
+RUN chown -R 1000.0 /opt/jboss/infinispan-server/ \
     && chmod -R g+rw /opt/jboss/infinispan-server/ \
     && find /opt/jboss/infinispan-server/ -type d -exec chmod g+x {} +
 
@@ -54,4 +44,4 @@ COPY .s2i /usr/local/s2i
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 # Expose Infinispan server  ports 
-EXPOSE 7600 8080 8181 8888 9990 11211 11222 57600
+EXPOSE 7600 8080 8181 8888 9990 11211 11222 57600 8778
diff --git a/server/README.md b/server/README.md
@@ -1,5 +1,59 @@
 # Infinispan server Docker image
 
+## Configuring authentication
+
+To be able to connect to any of the Infinispan server Docker images, authentication is necessary.
+The easiest way to create a new user (with specified password) before starting the server is to specify `APP_USER`
+and `APP_PASS` environment variables or pass `-au` (for user name) and `-au` (for password) switches.
+
+Optionally, `APP_ROLES` environment variable (or `-ar` switch) can be passed in which provides specific security roles 
+to be associated with the user. The value of this environment variable is expected to be a comma-separated
+list of roles for the user.
+
+The management console exposed by the Infinispan server Docker images also requires authentication.
+In this case, to be able to access the console, `MGMT_USER` and `MGMT_PASS` environment variables
+(or `-mu` and `-mp` equivalents) need to be provided. Even if not accessing the console,
+these environment properties are required if creating a cluster in the domain mode.
+
+If no application and/or management user and password is specified, the image will generate a new one. A newly 
+generated user/password pair will be displayed on the console before the starts up.
+
+Here are some examples on how environment variables can be provided depending on the chosen method to start the image.
+
+Docker run example with environmental variables:
+
+    docker run ... -e "APP_USER=user" -e "APP_PASS=changeme" jboss/infinispan-server 
+
+Docker run example with switches:
+
+    docker run ... jboss/infinispan-server -au "user" -ap "changeme"
+
+Dockerfile example:
+
+    ENV APP_USER user
+    ENV APP_PASS changeme
+
+Kubernetes yaml example:
+
+    spec:
+      containers:
+      - args:
+        image: jboss/infinispan-server:...
+        ...
+        env:
+        - name: APP_USER
+          value: "user"
+        - name: APP_PASS
+          value: "changeme"
+
+OpenShift client example:
+
+    oc new-app ... -e "APP_USER=user" -e "APP_PASS=changeme" ...
+
+Finally, it's possible to add more fine grained credentials by invoking `add-user` command once the image has started up:
+
+    docker exec -it $(docker ps -l -q) /opt/jboss/infinispan-server/bin/add-user.sh
+
 ## Starting in clustered mode
 
 Run one or more:
@@ -42,14 +96,6 @@ The first param to the container is the name of the desired configuration. For e
 
     docker run -it jboss/infinispan-server cloud -Djboss.default.jgroups.stack=google -Djgroups.google.bucket=... -Djgroups.google.access_key=... 
 
-## Configuring authentication
-
-The 'default' and 'standalone' running modes don't not have credentials set. In order to define them, run after launching the container:
-
-    docker exec -it $(docker ps -l -q) /opt/jboss/infinispan-server/bin/add-user.sh
-
-and follow the instructions.
-
 ## Running domain mode
 
 Domain mode is composed of a lightweight managing process that does not hold data called domain controller plus one or more
@@ -63,7 +109,8 @@ And then each host controller can be started as:
 
 ### Acessing the Server Management Console
 
-The Server Management Console listens on the domain controller on port 9990. Credentials are admin/admin.
+The Server Management Console listens on the domain controller on port 9990.
+To be able to access the console, credentials need to be provided (see above).
 
 ## Source to image (S2I)