Grouper Users - Open Discussion List

["Black, Carey M." <>]

REF: 
https://spaces.at.internet2.edu/display/Grouper/Grouper+container+documentation+for+v2.5
"
-e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true  
(v2.5.28+)

Will run the tomee process as the only process in the container, not 
supervisor.  Note, this is advanced, and should be run as the tomcat user.
See this wiki
"

Try on a later image. I think v2.5.28+ will do what you want.

-- 
Carey Matthew 

-----Original Message-----
From:  
<> On Behalf Of Oliver Trieu
Sent: Friday, May 29, 2020 9:54 AM
To: 
Subject: [grouper-users] Grouper 2.5 on Openshift

Dear List,

We are currently running Grouper 2.4 on the Openshift Platform and we 
gave the new 2.5 release a try.
The 2.5 Grouper released is aimed towards Docker and that is what 
Openshift is using at its core.

Even with the provided instructions to run grouper as non-root will not 
work in openshift
as the supervisord ist still assuming that it will be startet as 
root-process and will then fail to drop these privileges.

My first try was to create my own docker file based on your file:
FROM i2incommon/grouper:2.5.22

ARG CONFIG_DIR=dev/

COPY $CONFIG_DIR/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
COPY $CONFIG_DIR/tomcat/setenv.sh /opt/tomee/bin/
COPY ojdbc8.jar /opt/grouper/grouperWebapp/WEB-INF/lib/
COPY script.sh /opt

RUN cp /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/* 
/opt/grouper/grouperWebapp/WEB-INF/lib/ && \
     chgrp -R 0 /opt && \
     chmod -R g=u /opt && \
     chmod +x /opt/tomee/bin/setenv.sh && \
     chmod +x /opt/script.sh

USER tomcat

EXPOSE 8009
EXPOSE 8080
ENTRYPOINT [ "/opt/script.sh" ]

As you can see i am pretty much just copying my config files and 
overwriting the original entrypoint since that will not work.
The key part here is using the USER directive to switch to another user 
at the end of the Dockerfile so everything in the image will run under 
this user.
If you are interrested in detail here is the documentation on creating 
dockerfiles for openshift: 
https://urldefense.com/v3/__https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html__;!!KGKeukY!ltfb2qrqPOpWTGK78_tBs1t79Zm5mHt_5nv9og6euflpEDTTJ5oEltsn0Xh6ollqGWA$
 

This will run in Openshift and start the processes without errors.
The daemon seems to be working normal ( i did not have time for many 
tests so far) but the UI is not working.
The following Error is happening:
java.lang.NullPointerException
edu.internet2.middleware.grouper.grouperUi.beans.ui.GrouperRequestContainer.retrieveFromRequestOrCreate(GrouperRequestContainer.java:365)
     org.apache.jsp.index_jsp._jspService(index_jsp.java:127)
     .....


Sadly i have no idea how to remedy this problem.
So i created my own Dockerfile running the grouper-installer myself.
I pretty much copied your aproach where applicable and tried to mimic 
your directory structure.
So after running the installer i copy my config files as before.

Not very surprisingly the result is also exactly the same.
The Daemon is starting without any problems.
The UI also up complaining about some TagLib loading problems (this also 
happens with the original image):
ERROR OpenEJB.startup - Unable to load tag library tag class: 
org.apache.taglibs.request.LogTag
....

But any page-access will throw the NullPointerException mentioned above 
in exactly the same way.


So my conclusion is that the current image could be used on Openshift in 
its current form.
However the UI is currently now working.
Does anybody have a hint where the problem could be?


Kind Regards


Oliver