RHEL & Hostname/Port Override Update

Author: IBMRob

README.md

@@ -24,7 +24,9 @@ Get [ACE for Developers edition](https://www.ibm.com/marketing/iwm/iwm/web/pick.
 
 ### Using MQ production image
 
-When building an image with both ACE and MQ, the docker file uses the [MQ Advanced for Developers image in docker registry](https://hub.docker.com/r/ibmcom/mq/) as base image by default.
+When building an image with both ACE and MQ, the docker file uses the [MQ Advanced for Developers image in docker registry](https://hub.docker.com/r/ibmcom/mq/) as base image by default on Ubuntu.
+On RedHat Enterprise Linux the image can be built using the [MQ instructions](https://github.com/ibm-messaging/mq-container/blob/master/docs/building.md#prerequisites-for-building-a-red-hat-enterprise-linux-image) or downloaded from [IBM Passport Advantage] (https://www.ibm.com/software/passportadvantage/).
+
 When building a production image with MQ, follow the [MQ instructions](https://github.com/ibm-messaging/mq-container/blob/master/docs/building.md#building-a-production-image) to build your own production MQ image. Then, when building the ACE with MQ image use `build-arg` to set the `BASE_IMAGE` to your production MQ image. More details below.
 
 ## Build an image with App Connect Enterprise and MQ
@@ -35,8 +37,11 @@ The `deps` folder must contain a copy of ACE, **version 11.0.0.2 or greater**. I
 Then set the build argument `ACE_INSTALL` to the name of the ACE file placed in `deps`.
 
 1. ACE production with MQ Advanced production:
-`docker build -t ace-mq --build-arg BASE_IMAGE={MQ-image} --build-arg ACE_INSTALL={ACE-file-in-deps-folder} --file ubuntu/Dockerfile.acemq .`
-1. ACE for Developers with MQ Advanced for Developers: `docker build -t ace-dev-mq-dev --build-arg ACE_INSTALL={ACE-dev-file-in-deps-folder} --file ubuntu/Dockerfile.acemq .`
+   * Ubuntu: `docker build -t ace-mq --build-arg BASE_IMAGE={MQ-image} --build-arg ACE_INSTALL={ACE-file-in-deps-folder} --file ubuntu/Dockerfile.acemq .`
+   * RedHat Enterprise Linux: `./build.sh ace-mq {ACE-file-in-deps-folder} {mq-base-image-name}`
+2. ACE for Developers with MQ Advanced for Developers:
+   * Ubuntu: `docker build -t ace-dev-mq-dev --build-arg ACE_INSTALL={ACE-dev-file-in-deps-folder} --file ubuntu/Dockerfile.acemq .`
+   * RedHat Enterprise Linux: `./build.sh ace-mq {ACE-file-in-deps-folder} {mq-base-image-name}`
 
 **Note:** As mentioned before, the docker file will download the **[Development version of IBM MQ](https://hub.docker.com/r/ibmcom/mq/)** by default unless `BASE_IMAGE` is changed.
 
@@ -45,8 +50,12 @@ Then set the build argument `ACE_INSTALL` to the name of the ACE file placed in
 The `deps` folder must contain a copy of ACE, **version 11.0.0.2 or greater**. If using ACE for Developers, download it from [here](https://www.ibm.com/marketing/iwm/iwm/web/pick.do?source=swg-wmbfd).
 Then set the build argument `ACE_INSTALL` to the name of the ACE file placed in `deps`.
 
-1. ACE for Developers only: `docker build -t ace-dev-only --build-arg ACE_INSTALL={ACE-dev-file-in-deps-folder} --file ubuntu/Dockerfile.aceonly .`
-1. ACE production only: `docker build -t ace-only --build-arg ACE_INSTALL={ACE-file-in-deps-folder} --file ubuntu/Dockerfile.aceonly .`
+1. ACE for Developers only:
+   * Ubuntu: `docker build -t ace-dev-only --build-arg ACE_INSTALL={ACE-dev-file-in-deps-folder} --file ubuntu/Dockerfile.aceonly .`
+   * RedHat Enterprise Linux: `./build.sh ace-dev-only {ACE-file-in-deps-folder}`
+2. ACE production only: 
+   * Ubuntu: `docker build -t ace-only --build-arg ACE_INSTALL={ACE-file-in-deps-folder} --file ubuntu/Dockerfile.aceonly .`
+   * RedHat Enterprise Linux: `./build.sh ace-only {ACE-file-in-deps-folder}`
 
 # Usage
 

ace_discover_port_overrides.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+if ! [[ -z "${KUBERNETES_PORT}" ]] && ! [[ -z "${SERVICE_NAME}" ]] ; then
+  echo "export MQSI_OVERRIDE_HTTP_PORT=$(kubectl get svc ${SERVICE_NAME} -o jsonpath=\"{.spec.ports[1].nodePort}\")" >> /home/aceuser/portOverrides
+  echo "export MQSI_OVERRIDE_HTTPS_PORT=$(kubectl get svc ${SERVICE_NAME} -o jsonpath=\"{.spec.ports[2].nodePort}\")" >> /home/aceuser/portOverrides
+fi

ace_integration_server.sh

@@ -15,4 +15,8 @@ if [ -f /home/aceuser/ace-server/odbc.ini ]; then
   export ODBCINI=/home/aceuser/ace-server/odbc.ini
 fi
 
+if ! [[ -z "${KUBERNETES_PORT}" ]] && ! [[ -z "${SERVICE_NAME}" ]] ; then
+  . /home/aceuser/portOverrides
+fi
+
 exec IntegrationServer $*

build.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+echo "Building ACE build container"
+buildType=$1
+
+if [ -z "$2" ]
+then
+      echo "Building with default ACE install parameters"
+      docker build --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \
+        -t ace/builder:11.0.0.2 . -f ./rhel/Dockerfile.build
+else
+      echo "Building with ACE install $1"
+      docker build --build-arg ACE_INSTALL=$2 --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \
+        -t ace/builder:11.0.0.2 . -f ./rhel/Dockerfile.build
+fi
+
+docker create --name builder ace/builder:11.0.0.2
+docker cp builder:/opt/ibm/ace-11 ./rhel/ace-11
+docker cp builder:/go/src/github.com/ot4i/ace-docker/runaceserver ./rhel/runaceserver
+docker cp builder:/go/src/github.com/ot4i/ace-docker/chkaceready ./rhel/chkaceready
+docker cp builder:/go/src/github.com/ot4i/ace-docker/chkacehealthy ./rhel/chkacehealthy
+docker rm -f builder
+
+echo "Building ACE runtime container"
+
+case $buildType in
+"ace-dev-only")
+   echo "Building ACE only for development"
+   docker build -t ace/ace-dev-only -f ./rhel/Dockerfile.acerhel .
+   ;;
+"ace-only")
+   echo "Building ACE only for production"
+   docker build -t ace/ace-only -f ./rhel/Dockerfile.acerhel .
+   ;;
+"ace-mq")
+   echo "Building ACE with MQ for production"
+   docker build -t ace/ace-mq --build-arg BASE_IMAGE=$3 -f ./rhel/Dockerfile.acemqrhel .
+   ;;
+"ace-dev-mq-dev")
+   echo "Building ACE with MQ for production"
+   docker build -t ace/ace-dev-mq-dev --build-arg BASE_IMAGE=$3 -f ./rhel/Dockerfile.acemqrhel .
+  ;;
+*) echo "Invalid option"
+   ;;
+esac

cmd/runaceserver/integrationserver.go

@@ -110,6 +110,16 @@ func initialIntegrationServerConfig() error {
 	}
 
 	log.Printf("Initial configuration of integration server complete")
+
+	log.Println("Discovering override ports")
+
+	out, _, err := command.Run("bash", "ace_discover_port_overrides.sh")
+	if err != nil {
+		log.Errorf("Error discovering override ports: %v", string(out))
+		return err
+	}
+	log.Println("Successfully discovered override ports")
+
 	return nil
 }
 

rhel/Dockerfile.acemqrhel

@@ -0,0 +1,49 @@
+# FROM ibm-mqadvanced-server:9.1.0.0-RHEL-x86_64
+FROM $BASE_IMAGE
+
+WORKDIR /opt/ibm
+
+
+# Install ACE V11
+RUN  yum update -y && \
+     yum upgrade -y && \
+     yum install sudo openssl -y && \
+     rm -rf /var/lib/apt/lists/*
+
+ADD ./rhel/ace-11  /opt/ibm/ace-11
+
+RUN /opt/ibm/ace-11/ace make registry global accept license silently
+
+# Copy in PID1 process
+COPY ./rhel/runaceserver /usr/local/bin/
+COPY ./rhel/chkaceready /usr/local/bin/
+COPY ./rhel/chkacehealthy /usr/local/bin/
+
+# Configure the system and Increase security
+RUN echo "ACE_11:" > /etc/debian_chroot \
+  && sed -i 's/# minlen = 9/minlen = 8/' /etc/security/pwquality.conf \
+  && sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs \
+  && sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
+
+# Copy in script files
+COPY *.sh /usr/local/bin/
+
+# Create a user to run as, create the ace workdir, and chmod script files
+RUN useradd -d /home/aceuser -G mqbrkrs,wheel aceuser \
+  && sed -e 's/^%sudo	.*/%sudo	ALL=NOPASSWD:ALL/g' -i /etc/sudoers \
+  && su - aceuser -c '. /opt/ibm/ace-11/server/bin/mqsiprofile && mqsicreateworkdir /home/aceuser/ace-server' \
+  && chmod 755 /usr/local/bin/*
+
+# Set BASH_ENV to source mqsiprofile when using docker exec bash -c
+ENV BASH_ENV=/usr/local/bin/ace_env.sh
+
+# Expose ports.  7600, 7800, 7843 for ACE; 1414 for MQ; 9157 for MQ metrics; 9483 for ACE metrics;
+EXPOSE 7600 7800 7843 1414 9157 9483
+
+WORKDIR /home/aceuser
+RUN mkdir /home/aceuser/initial-config && chown aceuser:aceuser /home/aceuser/initial-config
+
+ENV USE_QMGR=true LOG_FORMAT=basic
+
+# Set entrypoint to run management script
+ENTRYPOINT ["runaceserver"]

rhel/Dockerfile.acerhel

@@ -0,0 +1,49 @@
+FROM registry.access.redhat.com/rhel7:7.5
+
+WORKDIR /opt/ibm
+
+# Install ACE V11
+RUN  yum update -y && \
+     yum upgrade -y && \
+     yum install sudo openssl -y && \
+     rm -rf /var/lib/apt/lists/*
+
+ADD ./rhel/ace-11  /opt/ibm/ace-11
+
+RUN /opt/ibm/ace-11/ace make registry global accept license silently
+
+# Copy in PID1 process
+COPY ./rhel/runaceserver /usr/local/bin/
+COPY ./rhel/chkaceready /usr/local/bin/
+COPY ./rhel/chkacehealthy /usr/local/bin/
+
+# Configure the system and Increase security
+RUN echo "ACE_11:" > /etc/debian_chroot \
+  && sed -i 's/# minlen = 9/minlen = 8/' /etc/security/pwquality.conf \
+  && sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs \
+  && sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
+
+# Copy in script files
+COPY *.sh /usr/local/bin/
+
+# Create a user to run as, create the ace workdir, and chmod script files
+RUN useradd -d /home/aceuser -G mqbrkrs,wheel aceuser \
+  && sed -e 's/^%sudo   .*/%sudo        ALL=NOPASSWD:ALL/g' -i /etc/sudoers \
+  && su - aceuser -c '. /opt/ibm/ace-11/server/bin/mqsiprofile && mqsicreateworkdir /home/aceuser/ace-server' \
+  && chmod 755 /usr/local/bin/*
+
+# Set BASH_ENV to source mqsiprofile when using docker exec bash -c
+ENV BASH_ENV=/usr/local/bin/ace_env.sh
+
+# Expose ports.  7600, 7800, 7843 for ACE; 9483 for ACE metrics
+EXPOSE 7600 7800 7843 9483
+
+USER aceuser
+
+WORKDIR /home/aceuser
+RUN mkdir /home/aceuser/initial-config && chown aceuser:aceuser /home/aceuser/initial-config
+
+ENV LOG_FORMAT=basic
+
+# Set entrypoint to run management script
+ENTRYPOINT ["runaceserver"]

rhel/Dockerfile.build

@@ -0,0 +1,20 @@
+FROM golang:1.10.3
+WORKDIR /go/src/github.com/ot4i/ace-docker/
+COPY cmd/ ./cmd
+COPY ./internal/ ./internal
+COPY ./vendor/ ./vendor
+RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" ./cmd/runaceserver/
+RUN go build ./cmd/chkaceready/
+RUN go build ./cmd/chkacehealthy/
+# Run all unit tests
+RUN go test -v ./cmd/runaceserver/
+RUN go test -v ./internal/...
+RUN go vet ./cmd/... ./internal/...
+
+ARG ACE_INSTALL=ace-11.0.0.2.tar.gz
+RUN pwd
+WORKDIR /opt/ibm
+RUN pwd
+COPY ./deps/$ACE_INSTALL .
+RUN mkdir ace-11
+RUN tar xzf $ACE_INSTALL --exclude ace-11.\*/tools --strip-components 1 --directory /opt/ibm/ace-11

sample/initial-config/policy/default.policyxml

@@ -22,8 +22,8 @@
     <KeyAlias>mykey</KeyAlias>
     <KeyPassword></KeyPassword>
     <KeystoreFile>/home/aceuser/ace-server/keystore.jks</KeystoreFile>
-    <KeystorePassword>passrods</KeystorePassword>
+    <KeystorePassword>keystorepwd</KeystorePassword>
     <TruststoreFile>/home/aceuser/ace-server/truststore.jks</TruststoreFile>
-    <TruststorePassword>passrods</TruststorePassword>
+    <TruststorePassword>truststorepwd</TruststorePassword>
   </policy>
 </policies>

sample/initial-config/setdbparms/setdbparms.txt

@@ -1,2 +1,2 @@
 # resource user password
-setdbparms::truststore dummy passrods
+setdbparms::truststore dummy truststorepwd