Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
europdx
k8s
cbio-on-demand
Kubernetes-Docker
Commits
61ccb7d4
Commit
61ccb7d4
authored
Jul 30, 2019
by
Ľuboslav Pivarč
Browse files
moved SAML-K8S
parent
cc13eafe
Changes
15
Hide whitespace changes
Inline
Side-by-side
builds/SAML-K8S/Dockerfile
deleted
100644 → 0
View file @
cc13eafe
FROM
ubuntu:18.04
LABEL
maintainer="456130@mail.muni.cz"
# apache2 and mellon module installation
RUN
apt-get update
&&
\
apt-get
install
-y
apache2
&&
\
apt-get
install
-y
libapache2-mod-auth-mellon
&&
\
apt-get clean
RUN
ln
-sf
/proc/self/fd/1 /var/log/apache2/access.log
&&
\
ln
-sf
/proc/self/fd/2 /var/log/apache2/error.log
COPY
./proxy.conf /etc/apache2/sites-available/proxy.conf
COPY
./http_cbiood.edirex.ics.muni.cz_mellon.key \
./http_cbiood.edirex.ics.muni.cz_mellon.cert \
/etc/apache2/mellon/
COPY
mellon.conf mellon.conf
COPY
start.sh start.sh
COPY
idp-metadata.xml idp-metadata.xml
COPY
http_cbiood.edirex.ics.muni.cz_mellon.xml /sp-metadata.xml
RUN
rm
-rf
/etc/apache2/sites-enabled/
*
RUN
a2enmod proxy
&&
\
a2enmod proxy_http
&&
\
a2enmod rewrite
&&
\
a2enmod ssl
&&
\
a2enmod headers
&&
\
a2ensite proxy.conf
&&
\
mkdir
/etc/apache2/ssl
&&
\
mkdir
/etc/apache2/sites-enabled/routes
ENV
TZ=Europe/Prague
RUN
chmod
+x start.sh
EXPOSE
80
#Flask
RUN
apt-get
install
-y
python3
&&
\
apt-get
install
-y
python3-pip
&&
\
pip3
install
Flask
ENV
LC_ALL=C.UTF-8 \
LANG=C.UTF-8 \
FLASK_APP=/secure-routing/app/app.py
COPY
./secure-routing /secure-routing
COPY
supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN
mkdir
-p
/var/log/supervisor
#supervisor
RUN
apt-get update
&&
\
apt-get
install
-y
supervisor
&&
\
apt-get clean
EXPOSE
5000
CMD
[ "/start.sh" ]
builds/SAML-K8S/README.md
deleted
100644 → 0
View file @
cc13eafe
# APACHE SAML Configuration
# Build
command:
docker build -t
<repo>
/
<image-name>
:
<tag>
example:
docker build -t lpivo/k8s-saml:t1 .
docker build --build-arg SOURCE=/mylocation/secure-routing
\
-t lpivo/k8s-saml:t1 .
args:
SOURCE -> location of python app source code
-> default=./secure-routing
builds/SAML-K8S/before_build.sh
deleted
100755 → 0
View file @
cc13eafe
#!/bin/sh
#Run if you dont have sp metadata which are registered on idp
#create metadata
./helper.sh
"http://cbiood.edirex.ics.muni.cz/mellon"
"http://cbiood.edirex.ics.muni.cz/mellon"
builds/SAML-K8S/helper.sh
deleted
100755 → 0
View file @
cc13eafe
#!/usr/bin/env bash
set
-e
PROG
=
"
$(
basename
"
$0
"
)
"
printUsage
()
{
echo
"Usage:
$PROG
ENTITY-ID ENDPOINT-URL"
echo
""
echo
"Example:"
echo
"
$PROG
urn:someservice https://sp.example.org/mellon"
echo
""
}
if
[
"$#"
-lt
2
]
;
then
printUsage
exit
1
fi
ENTITYID
=
"
$1
"
if
[
-z
"
$ENTITYID
"
]
;
then
echo
"
$PROG
: An entity ID is required."
>
&2
exit
1
fi
BASEURL
=
"
$2
"
if
[
-z
"
$BASEURL
"
]
;
then
echo
"
$PROG
: The URL to the MellonEndpointPath is required."
>
&2
exit
1
fi
if
!
echo
"
$BASEURL
"
|
grep
-q
'^https\?://'
;
then
echo
"
$PROG
: The URL must start with
\"
http://
\"
or
\"
https://
\"
."
>
&2
exit
1
fi
HOST
=
"
$(
echo
"
$BASEURL
"
|
sed
's#^[a-z]*://\([^:/]*\).*#\1#'
)
"
BASEURL
=
"
$(
echo
"
$BASEURL
"
|
sed
's#/$##'
)
"
OUTFILE
=
"
$(
echo
"
$ENTITYID
"
|
sed
's/[^0-9A-Za-z.]/_/g'
|
sed
's/__*/_/g'
)
"
echo
"Output files:"
echo
"Private key:
$OUTFILE
.key"
echo
"Certificate:
$OUTFILE
.cert"
echo
"Metadata:
$OUTFILE
.xml"
echo
"Host:
$HOST
"
echo
echo
"Endpoints:"
echo
"SingleLogoutService:
$BASEURL
/logout"
echo
"AssertionConsumerService:
$BASEURL
/postResponse"
echo
# No files should not be readable by the rest of the world.
umask
0077
TEMPLATEFILE
=
"
$(
mktemp
-t
mellon_create_sp.XXXXXXXXXX
)
"
cat
>
"
$TEMPLATEFILE
"
<<
EOF
RANDFILE = /dev/urandom
[req]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
[req_distinguished_name]
commonName =
$HOST
EOF
openssl req
-utf8
-batch
-config
"
$TEMPLATEFILE
"
-new
-x509
-days
3652
-nodes
-out
"
$OUTFILE
.cert"
-keyout
"
$OUTFILE
.key"
2>/dev/null
rm
-f
"
$TEMPLATEFILE
"
CERT
=
"
$(
grep
-v
'^-----'
"
$OUTFILE
.cert"
)
"
cat
>
"
$OUTFILE
.xml"
<<
EOF
<EntityDescriptor entityID="
$ENTITYID
" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
$CERT
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
$BASEURL
/logout"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
$BASEURL
/postResponse" index="0"/>
</SPSSODescriptor>
</EntityDescriptor>
EOF
umask
0777
chmod
go+r
"
$OUTFILE
.xml"
chmod
go+r
"
$OUTFILE
.cert"
builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert
deleted
100644 → 0
View file @
cc13eafe
-----BEGIN CERTIFICATE-----
MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
pcO5
-----END CERTIFICATE-----
builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key
deleted
100644 → 0
View file @
cc13eafe
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc1CCTviVfJfDB
0fn+YXqFA9tU2a4iQAjxzglWxlxfOnM5uEv7z3LZdE614u/GpVKYJcfvH2F3CFov
MoJZCJRM0hdq6KZAd9G3JQY+KzFw3Nh/+xXd5wH8n3+6DnC2d+oB/xRYcHtB5MEY
GBKBSVNntLivkIHixF4Uq0m6KIrUX05SkN7ZEidtky4SJOCqRfWjonQAFkDzGhbZ
czEyjEjqZwjyxeUjYolrfnV5Z9L1wn6bxFkQVPkMsXWSp5yRqHW2x1jEAPxIHUHb
JXbnptomOmBAR9dgNyEtOHj0cPawSibmErC5NaIHbrAZMZOyvxrvmOi6zsyfP/CD
caXMN38BAgMBAAECggEAW8kv4Tjff7TdZTJJnpoVusPnnlT8M/A5x4fECfVY35wD
2LHpoziOnCPjs2YoE4ET23mYqKN6d2dZVNTBqRAP0/5fDWi18YXb/Su+dIivfCHP
OyK57AngoYgKJuNppe4hrcLASiI2mSTjvYgD6Qj5SdmsCg0eb4r/L8giVOYVDj/o
4jm4x7GNTyRN20P4h+tfum3kYHjvmDrL6RWunaChR6+Y33JGO7pW/q6uhonZCUxX
vUqkZ/UKuMRa43lFWWo2QHt2f0ELRjtZwFA9LSqBnf6rZ/p7dubN7g5+l57PScAT
4vWYsC5JLT8OM989w4urvVae4jrN3DafOg13qnV6IQKBgQD8lf4psasvIfE6isAL
uh3nRLV7cpU1YFfZM17j2lleXlHmqu+9oXK5oCtAXoXLvh4N33F5BskXOByKwAMP
+0XDdM7rhVqQdyOe/WYObcCQqCMeuj+XxGyhwRoXjTX3yzwZN9oGAlIhRvGsaLnc
3dANzsVKVVMDuzR+BfLNEW/UIwKBgQDf0D8mhHUh8Mu01HCZlOwQHuRCxje9mNN+
fuTJ977X0tJw2z3t74yLN5x2Y/U0OQUxHXBBhqNjsWeMF9kFAZn1mMqTCVlo0NZz
UNXC3wZAY//cVtY4E8M8Fl4q6bLF+byAYdIoSrWNkznElTM0425EwSvE9SS4qQ8G
Ebad3JBwiwKBgQDu3YYLtfp2SzoOq9JsBKls4RxjTvvuC1toi10sS3yCct4vLu4j
vf95rg/ZAsqy3+saIXn1A0a+T5EmYelDftP9wIRCVM1Nm22zWF3gPUiDRI5Z67Zh
9x7oZW4gYals2eTO0HO9hQpYb/fynONQDPBJboZDAqfL+ojsuQFhjyDbUwKBgFqO
sw6Np6ss9+9ZyZmKtR0ssqUF+MXBEUnsY/wIPvKqfbVmMB+WvmISBT+t4CfaLmya
AbKxnGiY/lGj0I6DAF1sDgMCVGfhn/OWsHchsDDbhUoM5K5Z6LPmRQHN/yS1kHzN
l6/v0pfPCx+sUsTChPpSwrf1jH8fAFIvVpl3BgZTAoGATZbsq6cX3lbq0EFnLY/G
nhTXoyrywxrnhMUfhhxuSBY7ENFrjf/p5lXum3UuY730ss2nKHkfzZHne0+r9D1/
Y1wPE/4HYyJ5p3Z45fOwoEz0Ik9hNrzs0mVRaCni7ZyVso+iavJIAu4jTYaxjYfp
2l5/pzZ5owWLz0OZk1BAYUA=
-----END PRIVATE KEY-----
builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml
deleted
100644 → 0
View file @
cc13eafe
<EntityDescriptor
entityID=
"http://cbiood.edirex.ics.muni.cz/mellon"
xmlns=
"urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#"
>
<SPSSODescriptor
protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protocol"
>
<KeyDescriptor
use=
"signing"
>
<ds:KeyInfo
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#"
>
<ds:X509Data>
<ds:X509Certificate>
MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
pcO5
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location=
"http://cbiood.edirex.ics.muni.cz/mellon/logout"
/>
<AssertionConsumerService
Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location=
"http://cbiood.edirex.ics.muni.cz/mellon/postResponse"
index=
"0"
/>
</SPSSODescriptor>
</EntityDescriptor>
builds/SAML-K8S/idp-metadata.xml
deleted
100644 → 0
View file @
cc13eafe
<md:EntityDescriptor
xmlns:md=
"urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:shibmd=
"urn:mace:shibboleth:metadata:1.0"
xmlns:mdui=
"urn:oasis:names:tc:SAML:metadata:ui"
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#"
entityID=
"https://login.europdx.eu/idp/"
>
<md:IDPSSODescriptor
protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protocol"
>
<md:Extensions>
<shibmd:Scope
regexp=
"false"
>
europdx.eu
</shibmd:Scope>
<mdui:UIInfo><mdui:DisplayName
xml:lang=
"en"
>
EuroPDX research infrastructure AAI
</mdui:DisplayName>
<mdui:Description
xml:lang=
"en"
>
This service is identity provider for EuroPDX community.
</mdui:Description>
<mdui:InformationURL
xml:lang=
"en"
>
https://europdx.eu
</mdui:InformationURL>
<mdui:PrivacyStatementURL
xml:lang=
"en"
>
https://TBA
</mdui:PrivacyStatementURL>
<mdui:Keywords
xml:lang=
"en"
>
EuroPDX proxy biology life sciences
</mdui:Keywords>
<mdui:Logo
width=
"96"
height=
"96"
>
https://login.elixir-czech.org/media/elixir-96x96.jpg
</mdui:Logo>
</mdui:UIInfo>
</md:Extensions>
<md:KeyDescriptor
use=
"signing"
>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor
use=
"encryption"
>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService
Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location=
"https://login.europdx.eu/proxy/saml2/idp/SingleLogoutService.php"
/>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:SingleSignOnService
Binding=
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location=
"https://login.europdx.eu/proxy/saml2/idp/SSOService.php"
/>
</md:IDPSSODescriptor>
<md:Organization>
<md:OrganizationName
xml:lang=
"en"
>
EuroPDX
</md:OrganizationName>
<md:OrganizationDisplayName
xml:lang=
"en"
>
EuroPDX
</md:OrganizationDisplayName>
<md:OrganizationURL
xml:lang=
"en"
>
https://europdx.eu
</md:OrganizationURL>
</md:Organization>
<md:ContactPerson
contactType=
"technical"
>
<md:GivenName>
EuroPDX
</md:GivenName>
<md:SurName>
AAI
</md:SurName>
<md:EmailAddress>
vyskocilpavel@muni.cz
</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
builds/SAML-K8S/mellon.conf
deleted
100644 → 0
View file @
cc13eafe
AuthType
Mellon
MellonEnable
auth
Require
valid
-
user
builds/SAML-K8S/proxy.conf
deleted
100644 → 0
View file @
cc13eafe
include
/
etc
/
apache2
/
fqdn
.
conf
<
VirtualHost
*:
80
>
ServerName
${
SERVERNAME
}
ServerAdmin
${
EMAILADMIN
}
ErrorLog
"/var/log/apache2/error.log"
CustomLog
"/var/log/apache2/access.log"
common
TransferLog
"/var/log/apache2/access.log"
ProxyPreserveHost
On
<
Location
/ >
MellonSPPrivateKeyFile
/
etc
/
apache2
/
mellon
/
sp_key
.
pem
MellonSPCertFile
/
etc
/
apache2
/
mellon
/
sp_cert
.
pem
MellonSPMetadataFile
/
etc
/
apache2
/
mellon
/
sp
-
metadata
.
xml
MellonIdPMetadataFile
/
etc
/
apache2
/
mellon
/
idp
-
metadata
.
xml
# Mapping of attribute names to something readable
MellonSetEnv
"name"
"urn:oid:2.16.840.1.113730.3.1.241"
MellonSetEnv
"mail"
"urn:oid:0.9.2342.19200300.100.1.3"
MellonSetEnv
"eppn"
"urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
MellonSetEnv
"entitlement"
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
MellonSetEnv
"eduPersonUniqueId"
"urn:oid:1.3.6.1.4.1.5923.1.1.1.13"
</
Location
>
IncludeOptional
/
etc
/
apache2
/
sites
-
enabled
/
routes
/*.
conf
</
Virtualhost
>
builds/SAML-K8S/start.sh
deleted
100644 → 0
View file @
cc13eafe
#!/bin/sh
mellon
=
/etc/apache2/mellon
mellonconf
=
/etc/apache2/sites-enabled/mellon/
cd
/
$mellon
# move mellon metadata
mv
/sp-metadata.xml /
${
mellon
}
/sp-metadata.xml
mv
/idp-metadata.xml
$mellon
mv
${
mellon
}
/
*
.cert
${
mellon
}
/sp_cert.pem
mv
${
mellon
}
/
*
.key
${
mellon
}
/sp_key.pem
# mellon conf
mkdir
$mellonconf
mv
/mellon.conf
${
mellonconf
}
# create fqdn.conf
echo
"Define FQDN
${
HOST
}
"
>
/etc/apache2/fqdn.conf
echo
"Define EMAILADMIN
${
ADMIN_USER
}
"
>>
/etc/apache2/fqdn.conf
# run Apache
#/usr/sbin/apache2ctl -D FOREGROUND
#run supervisor
/usr/bin/supervisord
-c
/etc/supervisor/conf.d/supervisord.conf
builds/SAML-K8S/supervisord.conf
deleted
100644 → 0
View file @
cc13eafe
[
supervisorctl
]
[
supervisord
]
nodaemon
=
true
[
program
:
flaskAPI
]
stdout_logfile
=/
dev
/
stdout
stdout_maxbytes
=
0
stdout_logfile_maxbytes
=
0
command
=
flask
run
--
host
=
0
.
0
.
0
.
0
[
program
:
apache2
]
stderr_logfile
=/
dev
/
stderr
stderr_logfile_maxbytes
=
0
stdout_maxbytes
=
0
stderr_maxbytes
=
0
stdout_logfile_maxbytes
=
0
stdout_logfile
=/
dev
/
stdout
user
=
root
killasgroup
=
true
stopasgroup
=
true
command
=/
usr
/
sbin
/
apache2ctl
-
D
FOREGROUND
yaml/cbio-on-demand-namespace.yml
deleted
100644 → 0
View file @
cc13eafe
apiVersion
:
v1
kind
:
Namespace
metadata
:
name
:
cbio-on-demand
yaml/complete/cbio-setup.yml
deleted
100644 → 0
View file @
cc13eafe
apiVersion
:
v1
kind
:
Namespace
metadata
:
name
:
cbio-on-demand
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
cbio-on-demand
name
:
cbio-api
annotations
:
maintainer
:
Luboslav Pivarc <456130@muni.cz>
spec
:
selector
:
matchLabels
:
app
:
cbio-api
type
:
ondemand
strategy
:
rollingUpdate
:
maxSurge
:
1
maxUnavailable
:
0
type
:
RollingUpdate
template
:
metadata
:
labels
:
app
:
cbio-api
type
:
ondemand
spec
:
serviceAccountName
:
cbio-api
containers
:
-
name
:
cbio-api
image
:
lpivo/api:tr7
ports
:
-
name
:
http
containerPort
:
8080
livenessProbe
:
httpGet
:
path
:
/actuator/health
port
:
http
initialDelaySeconds
:
10
periodSeconds
:
10
timeoutSeconds
:
1
successThreshold
:
1
failureThreshold
:
2
readinessProbe
:
httpGet
:
path
:
/actuator/health
port
:
http
initialDelaySeconds
:
1
periodSeconds
:
10
timeoutSeconds
:
1
successThreshold
:
1
failureThreshold
:
2
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
cbio-api
namespace
:
cbio-on-demand
labels
:
app
:
cbio-api
type
:
ondemand
annotations
:
maintainer
:
Luboslav Pivarc <456130@muni.cz>
spec
:
selector
:
app
:
cbio-api
type
:
ondemand
ports
:
-
port
:
80
targetPort
:
http
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
identifiers.example.com
annotations
:
maintainer
:
Luboslav Pivarc <456130@muni.cz>
spec
:
scope
:
Namespaced
group
:
example.com
version
:
v1beta1
names
:
kind
:
identifier
singular
:
identifier
plural
:
identifiers
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
mysql-cbio-db
namespace
:
cbio-on-demand
data
:
mysql.conf
:
"
#
Copyright
(c)
2014,
2016,
Oracle
and/or
its
affiliates.
All
rights
reserved.
\n
#
\n
#
This
program
is
free
software;
you
can
redistribute
it
and/or
modify
\n
#
it
under
the
terms
of
the
GNU
General
Public
License
as
published
by
\n
#
the
Free
Software
Foundation;
version
2
of
the
License.
\n
#
\n
#
This
program
is
distributed
in
the
hope
that
it
will
be
useful,
\n
#
but
WITHOUT
ANY
WARRANTY;
without
even
the
implied
warranty
of
\n
#
MERCHANTABILITY
or
FITNESS
FOR
A
PARTICULAR
PURPOSE.
See
the
\n
#
GNU
General
Public
License
for
more
details.
\n
#
\n
#
You
should
have
received
a
copy
of
the
GNU
General
Public
License
\n
#
along
with
this
program;
if
not,
write
to
the
Free
Software
\n
#
Foundation,
Inc.,
51
Franklin
St,
Fifth
Floor,
Boston,
MA
02110-1301
USA
\n\n
#
\n
#
The
MySQL
Server
configuration
file.
\n
#
\n
#
For
explanations
see
\n
#
http://dev.mysql.com/doc/mysql/en/server-system-variables.html
\n\n
[mysqld]
\n
pid-file
\t
=
/var/run/mysqld/mysqld.pid
\n
socket
\t\t
=
/var/run/mysqld/mysqld.sock
\n
datadir
\t\t
=
/var/lib/mysql
\n
#log-error
\t
=
/var/log/mysql/error.log
\n
#
By
default
we
only
accept
connections
from
localhost
\n
#bind-address
\t
=
127.0.0.1
\n
#
Disabling
symbolic-links
is
recommended
to
prevent
assorted
security
risks
\n
symbolic-links=0
\n\n
#
\n
#
*
Fine
Tuning
\n
#
\n\n
key_buffer_size
=
4G
\n
max_heap_table_size
=
512M
\n
tmp_table_size
=
512M
\n
max_allowed_packet
=
256M
\n
thread_stack
\
=
256K
\n
thread_cache_size
=
20
\n
#
This
replaces
the
startup
script
and
checks
MyISAM
tables
if
needed
\n
#
the
first
time
they
are
touched
\n
myisam-recover-options
\
=
BACKUP
\n
max_connections
=
214
\n
#table_cache
=
64
\n
#thread_concurrency
\
=
10
\n
#
\n
#
*
Query
Cache
Configuration
\n
#
\n
query_cache_limit
=
1M
\n
query_cache_size
\
=
0
\n
query_cache_type
=
0
\n\n\n
join_buffer_size
=
16M
\n
table_open_cache
=
400
\n
"
---
apiVersion
:
v1
kind
:
Secret
metadata
:
name
:
mysql-env
namespace
:
cbio-on-demand
data
:
.env
:
TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo=
type
:
Opaque
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
cbio-on-demand
name
:
cbio-proxy
annotations
:
maintainer
:
Luboslav Pivarc <456130@muni.cz>
spec
:
selector
:
matchLabels
:
app
:
cbio-proxy
type
:
ondemand
strategy
:
rollingUpdate
:
maxSurge
:
1
maxUnavailable
:
0
type
:
RollingUpdate
template
:
metadata
:
labels
:
app
:
cbio-proxy
type
:
ondemand
spec
:
containers
:
-
name
:
cbio-proxy
image
:
lpivo/k8s-saml:t6
ports
:
-
name
:
http
containerPort
:
80
-
name
:
api
containerPort
:
5000
livenessProbe
:
httpGet
:
path
:
/
port
:
http
initialDelaySeconds
:
10
periodSeconds
:
10
timeoutSeconds
:
1
successThreshold
:
1
failureThreshold
:
3
readinessProbe
:
httpGet
:
path
:
/
port
:
http
initialDelaySeconds
:
1
periodSeconds
:
10
timeoutSeconds
:
1
successThreshold
:
1
failureThreshold
:
2
env
:
-
name
:
SERVERNAME
value
:
cbiood.edirex.ics.muni.cz
-
name
:
EMAILADMIN
value
:
456130@mail.muni.cz
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
cbio-proxy-api
namespace
:
cbio-on-demand
labels
:
app
:
cbio-proxy
type
:
ondemand
annotations
:
maintainer
:
Luboslav Pivarc <456130@muni.cz>
spec
: