Merge pull request #96 from ot4i/11.0.0.6.1

IBMRob · web-flow · commit b347df8a7f76 · 2019-11-21T19:12:42.000Z
Updates for 11.0.0.6.1 release
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Change log
 
+## 11.0.0.6.1 (2019-11-20)
+
+**Breaking changes**:
+* None
+
+**Other changes**:
+* Updated kubectl to version v1.16.0
+* Updated MQ to version 9.1.3.0-r3
+* Added support for hostname and port overrides when routes are defined
+* Created ACE roles for five different access levels: admin, operator, viewer, editor, and audit
+
 ## 11.0.0.6 (2019-10-30)
 
 **Breaking changes**:
diff --git a/README.md b/README.md
@@ -199,25 +199,55 @@ You can mount the following file structure at `/home/aceuser/initial-config`. Mi
    - The truststore file that will be created for these files needs a password. You must set a truststore password using the environment variable `ACE_TRUSTSTORE_PASSWORD`
    - You can place multiple files, each with a different file name/alias.
 - `/home/aceuser/initial-config/webusers`
-   - A text file called either `admin-users.txt` or `operator-users.txt`. It contains a list of users to be created as admin/operator users using the command `mqsiwebuseradmin`. These users will have READ, WRITE and EXECUTE access on the Integration Server. The file has the following format:
+   - A text file called `admin-users.txt`. It contains a list of users to be created as `admin` users using the command `mqsiwebuseradmin`. These users will have READ, WRITE and EXECUTE access on the Integration Server. The file has the following format:
      ```
      # Lines starting with a "#" are ignored
-     # Each line should specify the <adminUser> <password>, separated by a single space
+     # Each line should specify the <user> <password>, separated by a single space
      # Each user will have "READ", "WRITE" and "EXECUTE" access on the integration server
      # Each line will be processed by calling...
-     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <adminUser> -a <password> -r admin
+     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r admin
      admin1 password1
      admin2 password2
      ```
-   - A text file called `viewer-users.txt`, `editor-users.txt`, `audit-users.txt` . It contains a list of users to be created as viewer/editor/auditor users using the command `mqsiwebuseradmin`. These users will have READ access on the Integration Server. The file has the following format:
+     - A text file called `operator-users.txt`. It contains a list of users to be created as `operator` users using the command `mqsiwebuseradmin`. These users will have READ and EXECUTE access on the Integration Server. The file has the following format:
      ```
      # Lines starting with a "#" are ignored
-     # Each line should specify the <adminUser> <password>, separated by a single space
+     # Each line should specify the <user> <password>, separated by a single space
+     # Each user will have "READ" and "EXECUTE" access on the integration server
+     # Each line will be processed by calling...
+     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r operator
+     operator1 password1
+     operator2 password2
+     ```
+     - A text file called `editor-users.txt`. It contains a list of users to be created as `editor` users using the command `mqsiwebuseradmin`. These users will have READ and WRITE access on the Integration Server. The file has the following format:
+     ```
+     # Lines starting with a "#" are ignored
+     # Each line should specify the <user> <password>, separated by a single space
+     # Each user will have "READ" and "WRITE" access on the integration server
+     # Each line will be processed by calling...
+     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r editor
+     editor1 password1
+     editor2 password2
+     ```
+     - A text file called `audit-users.txt`. It contains a list of users to be created as `audit` users using the command `mqsiwebuseradmin`. These users will have READ access on the Integration Server. The file has the following format:
+     ```
+     # Lines starting with a "#" are ignored
+     # Each line should specify the <user> <password>, separated by a single space
      # Each user will have "READ" access on the integration server
      # Each line will be processed by calling...
-     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <adminUser> -a <password> -r viewer
-     admin1 password1
-     admin2 password2
+     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r audit
+     audit1 password1
+     audit2 password2
+     ```
+     - A text file called `viewer-users.txt`. It contains a list of users to be created as `viewer` users using the command `mqsiwebuseradmin`. These users will have READ access on the Integration Server. The file has the following format:
+     ```
+     # Lines starting with a "#" are ignored
+     # Each line should specify the <user> <password>, separated by a single space
+     # Each user will have "READ" access on the integration server
+     # Each line will be processed by calling...
+     #   mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r viewer
+     viewer1 password1
+     viewer2 password2
      ```
 - `/home/aceuser/initial-config/mqsc`
    - A text file called `config.mqsc`. It contains a list of mqsc commands which will be processed on start by `runmqsc` command. Further details can be found in the [MQ Knowledge Center](https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.ibm.mq.adm.doc/q020670_.htm)
diff --git a/ace_config_webusers.sh b/ace_config_webusers.sh
@@ -18,19 +18,27 @@ log "Handling webusers configuration"
 
 ADMINUSERSFILE=/home/aceuser/initial-config/webusers/admin-users.txt
 OPERATORUSERSFILE=/home/aceuser/initial-config/webusers/operator-users.txt
-VIEWERUSERSFILE=/home/aceuser/initial-config/webusers/viewer-users.txt
 EDITORUSERSFILE=/home/aceuser/initial-config/webusers/editor-users.txt
 AUDITUSERSFILE=/home/aceuser/initial-config/webusers/audit-users.txt
-DASHBOARDUSERSFILE=/home/aceuser/initial-config/webusers/dashboard-users.txt
+VIEWERUSERSFILE=/home/aceuser/initial-config/webusers/viewer-users.txt
 
-if [ -s $ADMINUSERSFILE ] || [ -s $OPERATORUSERSFILE ] || [ -s $VIEWERUSERSFILE ] || [ -s $EDITORUSERSFILE ]  || [ -s $AUDITUSERSFILE ] || [ -s $DASHBOARDUSERSFILE ]; then
+if [ -s $ADMINUSERSFILE ] || [ -s $OPERATORUSERSFILE ] || [ -s $EDITORUSERSFILE ] || [ -s $AUDITUSERSFILE ] || [ -s $VIEWERUSERSFILE ]; then
   OUTPUT=$(mqsichangeauthmode -w /home/aceuser/ace-server -s active -m file 2>&1)
   logAndExitIfError $? "${OUTPUT}"
 
   OUTPUT=$(mqsichangefileauth -w /home/aceuser/ace-server -r admin -p all+ 2>&1)
   logAndExitIfError $? "${OUTPUT}"
 
-  OUTPUT=$(mqsichangefileauth -w /home/aceuser/ace-server -r viewer -p read+ 2>&1)
+  OUTPUT=$(mqsichangefileauth -w /home/aceuser/ace-server -r operator -p read+,write-,execute+ 2>&1)
+  logAndExitIfError $? "${OUTPUT}"
+  
+  OUTPUT=$(mqsichangefileauth -w /home/aceuser/ace-server -r editor -p read+,write+,execute- 2>&1)
+  logAndExitIfError $? "${OUTPUT}"
+
+  OUTPUT=$(mqsichangefileauth -w /home/aceuser/ace-server -r audit -p read+,write-,execute- 2>&1)
+  logAndExitIfError $? "${OUTPUT}"
+
+  OUTPUT=$(mqsichangefileauth -w /home/aceuser/ace-server -r viewer -p read+,write-,execute- 2>&1)
   logAndExitIfError $? "${OUTPUT}"
 
   OLDIFS=${IFS}
@@ -58,24 +66,9 @@ if [ -s $ADMINUSERSFILE ] || [ -s $OPERATORUSERSFILE ] || [ -s $VIEWERUSERSFILE
       fi
       IFS=${OLDIFS}
       fields=($line)
-      log "Creating admin user ${fields[0]}"
-
-      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r admin 2>&1)
-      logAndExitIfError $? "${OUTPUT}"
-    done
-  fi
-
-  if [ -s $VIEWERUSERSFILE ]; then
-    IFS=$'\n'
-    for line in $(cat $VIEWERUSERSFILE | tr -d '\r'); do
-      if [[ $line =~ ^\# ]]; then
-        continue
-      fi
-      IFS=${OLDIFS}
-      fields=($line)
-      log "Creating viewer user ${fields[0]}"
+      log "Creating operator user ${fields[0]}"
 
-      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r viewer 2>&1)
+      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r operator 2>&1)
       logAndExitIfError $? "${OUTPUT}"
     done
   fi
@@ -88,9 +81,9 @@ if [ -s $ADMINUSERSFILE ] || [ -s $OPERATORUSERSFILE ] || [ -s $VIEWERUSERSFILE
       fi
       IFS=${OLDIFS}
       fields=($line)
-      log "Creating viewer user ${fields[0]}"
+      log "Creating editor user ${fields[0]}"
 
-      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r viewer 2>&1)
+      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r editor 2>&1)
       logAndExitIfError $? "${OUTPUT}"
     done
   fi
@@ -103,16 +96,16 @@ if [ -s $ADMINUSERSFILE ] || [ -s $OPERATORUSERSFILE ] || [ -s $VIEWERUSERSFILE
       fi
       IFS=${OLDIFS}
       fields=($line)
-      log "Creating viewer user ${fields[0]}"
+      log "Creating audit user ${fields[0]}"
 
-      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r viewer 2>&1)
+      OUTPUT=$(mqsiwebuseradmin -w /home/aceuser/ace-server -c -u ${fields[0]} -a ${fields[1]} -r audit 2>&1)
       logAndExitIfError $? "${OUTPUT}"
     done
   fi
 
-  if [ -s $DASHBOARDUSERSFILE ]; then
+  if [ -s $VIEWERUSERSFILE ]; then
     IFS=$'\n'
-    for line in $(cat $DASHBOARDUSERSFILE | tr -d '\r'); do
+    for line in $(cat $VIEWERUSERSFILE | tr -d '\r'); do
       if [[ $line =~ ^\# ]]; then
         continue
       fi
diff --git a/ace_discover_port_overrides.sh b/ace_discover_port_overrides.sh
@@ -1,6 +1,11 @@
 #!/bin/bash -ex
-
-if ! [[ -z "${KUBERNETES_PORT}" ]] && ! [[ -z "${SERVICE_NAME}" ]] ; then
+if ! [[ -z "${ACE_HTTP_ROUTE_NAME}" ]] && [[ "${ACE_ENDPOINT_TYPE}" = 'http' ]]; then
+  echo "export MQSI_OVERRIDE_HTTP_PORT=80" >> /home/aceuser/portOverrides
+  echo "export MQSI_OVERRIDE_HOSTNAME=$(kubectl get route ${ACE_HTTP_ROUTE_NAME} -o jsonpath=\"{.status.ingress[0].host}\")" >> /home/aceuser/portOverrides
+elif ! [[ -z "${ACE_HTTPS_ROUTE_NAME}" ]] && [[ "${ACE_ENDPOINT_TYPE}" = 'https' ]]; then
+  echo "export MQSI_OVERRIDE_HTTPS_PORT=443" >> /home/aceuser/portOverrides
+  echo "export MQSI_OVERRIDE_HOSTNAME=$(kubectl get route ${ACE_HTTPS_ROUTE_NAME} -o jsonpath=\"{.status.ingress[0].host}\")" >> /home/aceuser/portOverrides
+elif ! [[ -z "${KUBERNETES_PORT}" ]] && ! [[ -z "${SERVICE_NAME}" ]] ; then
   echo "export MQSI_OVERRIDE_HTTP_PORT=$(kubectl get svc ${SERVICE_NAME} -o jsonpath=\"{.spec.ports[1].nodePort}\")" >> /home/aceuser/portOverrides
   echo "export MQSI_OVERRIDE_HTTPS_PORT=$(kubectl get svc ${SERVICE_NAME} -o jsonpath=\"{.spec.ports[2].nodePort}\")" >> /home/aceuser/portOverrides
 fi
diff --git a/ace_integration_server.sh b/ace_integration_server.sh
@@ -15,7 +15,9 @@ if [ -s /home/aceuser/ace-server/odbc.ini ]; then
   export ODBCINI=/home/aceuser/ace-server/odbc.ini
 fi
 
-if ! [[ -z "${KUBERNETES_PORT}" ]] && ! [[ -z "${SERVICE_NAME}" ]] ; then
+if ! [[ -z "${ACE_HTTP_ROUTE_NAME}" ]] || ! [[ -z "${ACE_HTTPS_ROUTE_NAME}" ]] ; then
+  . /home/aceuser/portOverrides
+elif ! [[ -z "${KUBERNETES_PORT}" ]] && ! [[ -z "${SERVICE_NAME}" ]] ; then
   . /home/aceuser/portOverrides
 fi
 
diff --git a/experimental/README.md b/experimental/README.md
@@ -12,4 +12,4 @@ To run the sample after building:
 
 docker run -e LICENSE=accept --rm -ti ace-sample-alpine
 
-and then curl http://IP_address_of_container:7800/test should return '{"data":"a string from ACE"}'
+and then curl http://<container IP>:7800/test should return '{"data":"a string from ACE"}'
diff --git a/ubi/Dockerfile.acemq b/ubi/Dockerfile.acemq
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=ibmcom/mq:9.1.3.0
+ARG BASE_IMAGE=ibmcom/mq:9.1.3.0-r3
 
 FROM golang:1.10.3 as builder
 
@@ -69,7 +69,7 @@ COPY --from=builder /go/src/github.com/ot4i/ace-docker/chkace* /usr/local/bin/
 # Copy in script files
 COPY *.sh /usr/local/bin/
 
-ADD https://storage.googleapis.com/kubernetes-release/release/v1.12.9/bin/linux/amd64/kubectl /usr/local/bin/kubectl
+ADD https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/linux/amd64/kubectl /usr/local/bin/kubectl
 RUN chmod +x /usr/local/bin/kubectl && \
     /usr/local/bin/kubectl version --client
 
diff --git a/ubi/Dockerfile.aceonly b/ubi/Dockerfile.aceonly
@@ -63,7 +63,7 @@ COPY --from=builder /go/src/github.com/ot4i/ace-docker/chkace* /usr/local/bin/
 # Copy in script files
 COPY *.sh /usr/local/bin/
 
-ADD https://storage.googleapis.com/kubernetes-release/release/v1.12.9/bin/linux/amd64/kubectl /usr/local/bin/kubectl
+ADD https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/linux/amd64/kubectl /usr/local/bin/kubectl
 RUN chmod +x /usr/local/bin/kubectl && \
     /usr/local/bin/kubectl version --client
 
diff --git a/ubi/Dockerfile.mqclient b/ubi/Dockerfile.mqclient
@@ -3,7 +3,7 @@ ARG BASE_IMAGE=ibmcom/ace
 FROM $BASE_IMAGE
 
 # The MQ packages to install - see install-mq.sh for default value
-ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
+ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev913_linux_x86-64.tar.gz"
 ARG MQ_URL_USER
 ARG MQ_URL_PASS
 ARG MQ_PACKAGES="MQSeriesRuntime*.rpm MQSeriesJava*.rpm MQSeriesGSKit*.rpm MQSeriesClient*.rpm"

Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,4 @@ To run the sample after building:`
`12`	`12`
`13`	`13`	`docker run -e LICENSE=accept --rm -ti ace-sample-alpine`
`14`	`14`
`15`		`-and then curl http://IP_address_of_container:7800/test should return '{"data":"a string from ACE"}'`
	`15`	`+and then curl http://<container IP>:7800/test should return '{"data":"a string from ACE"}'`