-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
38 changed files
with
2,147 additions
and
1,226 deletions.
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
#!/bin/bash | ||
|
||
# Follow these steps in order to enable SSL for solr standalone server. | ||
# From SO: https://stackoverflow.com/questions/41592427/letsencypt-solr-ssl-jvm | ||
# As i have a key for the Domain already, and Solr responds on mydomain.com:8983 all that is needed is to create a Java Key Store (jks) from the existing keys on the system | ||
|
||
# Note: Use the password "metadig" when prompted by openssl | ||
sudo openssl pkcs12 -export -in /etc/letsencrypt/live/docker-ucsb-4.dataone.org/fullchain.pem -inkey /etc/letsencrypt/live/docker-ucsb-4.dataone.org/privkey.pem -out pkcs.p12 -name metadig | ||
|
||
# specifing the location of the Lets-Encrypt Cert (on my system /etc/letsencrypt/live/mydomain.com/) | ||
# Then convert the PKCS12 key to a jks, replacing password where needed. | ||
|
||
# keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias NAME | ||
|
||
sudo keytool -importkeystore -deststorepass metadig -destkeypass metadig -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass metadig -alias metadig | ||
sudo cp keystore.jks /opt/solr/server/etc/solr-ssl-letsencrypt.keystore.jks | ||
sudo chown solr /opt/solr/server/etc/solr-ssl-letsencrypt.keystore.jks | ||
sudo chgrp solr /opt/solr/server/etc/solr-ssl-letsencrypt.keystore.jks | ||
|
||
rm -f keystore.jks | ||
|
||
# Now that the keystore has been created, Solr must be told where it is: | ||
|
||
#* on docker-ucsb-4, the ’service solr start’ (/etc/init.d/solr) reads from /etc/default/solr.in.sh | ||
# * these values are currently used | ||
# * SOLR_SSL_ENABLED=true | ||
# * # Uncomment to set SSL-related system properties | ||
# * # Be sure to update the paths to the correct keystore for your environment | ||
# * SOLR_SSL_KEY_STORE=/opt/solr/server/etc/solr-ssl-letsencrypt.keystore.jks | ||
# * SOLR_SSL_KEY_STORE_PASSWORD=metadig | ||
# * SOLR_SSL_KEY_STORE_TYPE=JKS | ||
# * SOLR_SSL_TRUST_STORE=/opt/solr/server/etc/solr-ssl-letsencrypt.keystore.jks | ||
# * SOLR_SSL_TRUST_STORE_PASSWORD=metadig | ||
# * SOLR_SSL_TRUST_STORE_TYPE=JKS | ||
# * #SOLR_SSL_NEED_CLIENT_AUTH=false | ||
# * SOLR_SSL_WANT_CLIENT_AUTH=false | ||
|
||
|
||
# Now restart Solr | ||
sudo service solr restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,14 +6,14 @@ MAINTAINER [email protected] | |
# Set the working directory | ||
WORKDIR /var/lib/metadig | ||
|
||
COPY log4j.properties . | ||
#COPY log4j.properties . | ||
# The most recently built jar file is copied from the maven build directory to this dir by maven, so that | ||
# it can be copied to the image. | ||
COPY metadig-engine.jar metadig-engine.jar | ||
|
||
#COPY metadig.properties /etc/metadig/metadig.properties | ||
#COPY taskList.csv /etc/metadig/taskList.csv | ||
COPY log4j.properties . | ||
#COPY log4j.properties . | ||
|
||
#COPY run.sh run.sh | ||
# The 'run.sh' script copies config files that should be available from persistent volume to the standard location where the software | ||
|
@@ -23,4 +23,6 @@ COPY log4j.properties . | |
#CMD java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:+UseSerialGC -cp ./metadig-engine.jar:./solr edu.ucsb.nceas.mdqengine.scheduler.JobScheduler | ||
|
||
#CMD [ "./run.sh" ] | ||
CMD java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:+UseSerialGC -cp ./metadig-engine.jar: edu.ucsb.nceas.mdqengine.scheduler.JobScheduler | ||
# Set classpath to include /opt/local/metadig/log4j.properties, if it exists, so that logging can be changed without | ||
# having to rebuild the container. Note that on k8s, this dir is mapped to the persistent volume, so will be /data/metadig/log4j.properties | ||
CMD java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:+UseSerialGC -cp /opt/local/metadig/config:./metadig-engine.jar: edu.ucsb.nceas.mdqengine.scheduler.JobScheduler |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.