docker: integrate all services and add compose.yaml

README.md

@@ -0,0 +1,132 @@
+## DIM - DNS and IP Management (and also DHCP)
+
+DIM can be used as IP Management for a companies whole IP address space (e.g. RFC1918, public IPv4, ULA IPv6, public IPv6 (GUA), Multicast IPs, ...).
+
+DIM can be used to manage all DNS reverse entries for all IP address space.
+
+DIM allows to document subnets with their vlan id and gateway in a way that this information can be reused for automatic IP configuration on devices.
+
+DIM simplifies the steps "mark ip as used, create forward record, create reverse entry, reload changed zones" to a single line in your preferred shell.
+
+DIM provides an API to allow products to consume and return single IPv4 addresses or whole /64 or /56 prefixes for IPv6.
+
+# Quickstart / Tutorial
+Download [VM](https://github.com/1and1/dim/releases/download/vm-1.0/dim-4-0-9.qcow2) ([Documentation](VM-SETUP.md) how the VM was created). The VM is preconfigured including PowerDNS and PowerDNS recursor so that you
+can immediately check whether your commands had effects.
+
+Read [Tutorial](TUTORIAL.md) to see how DIM can be used to document Prefixes and manage DNS Records.
+
+# Docker
+Docker files are available for below components, and you need to do docker build on your own (There is no pre build docker version at this moment)
+
+## DIM
+Just mount your dim.cfg to `/etc/dim/dim.cfg`
+
+[Docker file](./dim/Dockerfile)
+
+## Ndcli
+To build ndcli you need to be in project directory; because there is dependecy to dimclient
+```
+docker build -f ndcli/Dockerfile .
+```
+
+| ENV            | Default |
+|       ---      | ---     |
+| NDCLI_USERNAME | -       |
+| NDCLI_SERVER   | -       |
+
+[Docker file](./ndcli/Dockerfile)
+
+## PDNS Output
+Mount configuratin to `/etc/dim/pdns-output.properties`
+
+[Docker file](./pdns-output/Dockerfile)
+
+## DIM-Cas
+
+Mount configuratin to `/etc/cas/cas.cfg`
+
+[Docker file](./dim-cas/Dockerfile)
+
+## DIM-Web
+You have to define below args during build
+| ARG       | Description            |
+| ---       | ---                    |
+| DIM_LOGIN | point to dim login url |
+| DIM_RPC   | dim jsonrpc url        |
+| LOGIN     | dim-cas login url      |
+| LOGOUT    | dim-cas logout url     |
+
+Docker build example:
+```
+docker build --progress=plain \
+    --build-arg DIM_LOGIN=http://dim-nginx:8000/login \
+    --build-arg DIM_RPC=http://dim-nginx:8000/jsonrpc \
+    --build-arg LOGIN=http://dim-nginx:8000/dim-cas/ \
+    --build-arg LOGOUT=http://dim-nginx:8000/dim-cas/logout \
+    --build-arg BASE_URL=/web \
+    .
+```
+
+[Docker file](./dim-web/Dockerfile)
+
+## Docker compose (All-in-One)
+Project contains one compose file which contains all dim components and compose file is located in [here](./docker/compose.yaml)
+
+### Components
+- pdns-int: powerdns instance for internal zones
+- pdns-pub: powerdns instance for external zones
+- pdns-rec: required for powerdns_auth
+- mysql_db: we have 3 databases in here
+  - dim: for dim component
+  - pdns_int for pdns-int
+  - pdns_out for pdns-out
+- dim: dim core component
+- dim-nginx: nginx proxy to proxypass different paths to different components. [Config gile](./docker/conf/dim-nginx.conf)
+- dim-web: GUI interface for dim which use dim-cas for authentication
+- dim-cas: CAS authentication relay to cas
+- pdns-output: Write dim zones and changes to powerdns databases
+- cas: authentication server with ldap backend
+- openldap: openldap server for dim and cas
+- phpldapadmin: good to have some gui for ldap:)
+- ndcli: dim cli client
+
+
+to setup docker deployment:
+```
+cd docker
+docker compose up -d
+```
+
+Init dim database
+```
+docker compose exec -it dim bash
+./manage_db init
+exit
+```
+
+Before set a user to role `Admin` you need to login to create user in dim database
+Use web gui or ndcli to login
+```
+docker compose exec ndcli ndcli login --username john1 --password P@ssw0rd
+```
+
+To set an user's role to `Admin`
+```
+docker compose exec -it dim bash
+./manage_dim set_user -u john1 -t Admin
+```
+
+***Notes:***
+- There is no data presistance, you should modify docker compose for your needs
+- The default listen url is http://dim-nginx:8000 and you have to add this url to your /etc/hosts file to reach service from localhost.
+- Default docker network is on 10.10.0.0/16 and for required communication every containers have a assigned ip address in docker compose
+
+### Default users
+You can add new users with openldap or use below users to interact with dim
+
+| Username| Password |
+| ---     | ---      |
+| john3   | P@ssw0rd |
+| john2   | P@ssw0rd |
+| john1   | P@ssw0rd |

docker/.env

@@ -0,0 +1,6 @@
+CAS_PORT=8443
+VIRTUAL_HOST=localhost:8000
+LDAP_PORT=389
+LDAP_UI_PORT=18080
+LDAP_ADMIN_PASSWORD=admin
+LDAP_CONFIG_PASSWORD=config

docker/cas/Dockerfile

@@ -0,0 +1,28 @@
+FROM eclipse-temurin:11-alpine AS buildwar
+RUN cd /tmp \
+  && apk update \
+  && apk upgrade \
+  && apk add --no-cache git \
+  && git clone -b 6.6 --single-branch https://github.com/ahettlin/cas-overlay-template-ldap.git cas-overlay \
+  && mkdir -p /tmp/cas-overlay/src/main/webapp
+
+WORKDIR /tmp/cas-overlay
+COPY src/ /tmp/cas-overlay/src
+RUN  ./gradlew clean build
+
+FROM eclipse-temurin:11-alpine
+
+RUN mkdir /etc/cas
+
+WORKDIR /root
+COPY --from=buildwar /tmp/cas-overlay/build/libs/cas.war .
+
+ARG LDAP_PORT
+ARG LDAP_ADMIN_PASSWORD
+
+COPY ./config-build /etc/cas/config
+
+WORKDIR /etc/cas/config
+
+EXPOSE 8443
+CMD [ "java", "-jar", "/root/cas.war", "-Dcas.log.level=debug" ]

docker/cas/config-build/application.yml

@@ -0,0 +1,44 @@
+info:
+  description: CAS Configuration
+
+cas:
+  authn:
+    accept:
+      enabled: false
+    ldap[0]:
+      bind-dn: cn=admin,dc=example,dc=org
+      bind-credential: admin
+      base-dn: dc=example,dc=org
+      search-filter: cn={user}
+      password-encoder:
+        type: NONE
+      ldap-url: ldap://openldap:389
+      use-start-tls: false
+      type: AUTHENTICATED
+
+    attribute-repository:
+      core:
+        default-attributes-to-release: sn
+      ldap[0]:
+        id: ldapRepository
+        order: 0
+        subtree-search: true
+        base-dn: dc=example,dc=org
+        bind-dn: cn=admin,dc=example,dc=org
+        bind-credential: admin
+        ldap-url: ldap://openldap:389
+        search-filter: cn={user}
+        use-start-tls: false
+        attributes:
+          sn: lastName
+          givenName: firstName
+
+      attribute-definition-store:
+        json:
+          location: file:/etc/cas/config/attr-map.json
+
+  person-directory:
+    attribute-resolution-enabled: true
+    active-attribute-repository-ids: ldapRepository
+    principal-attribute: cn
+

docker/cas/config-build/attr-map.json

@@ -0,0 +1,12 @@
+{
+  "@class" : "java.util.TreeMap",
+  "eduPersonPrincipalName" : {
+    "@class" : "org.apereo.cas.authentication.attribute.DefaultAttributeDefinition",
+    "key" : "eduPersonPrincipalName",
+    "name" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
+    "friendlyName" : "eduPersonPrincipalName",
+    "scoped" : true,
+    "patternFormat": "hello,{0}",
+    "attribute" : "uid"
+  }
+}

docker/cas/config-build/cas.properties

@@ -0,0 +1,36 @@
+host.name=localhost
+server.name=http://localhost:8000
+server.prefix=${server.name}/sso
+
+server.servlet.context-path=/sso
+
+# By default and if you remove this setting, CAS runs on port 8443
+server.port=8443
+
+# To disable SSL configuration, comment out the following settings or set to blank values.
+server.ssl.keyStore=file:/etc/cas/thekeystore
+server.ssl.keyStorePassword=changeit
+server.ssl.keyPassword=changeit
+# server.ssl.ciphers=
+# server.ssl.clientAuth=
+server.ssl.enabled=false
+# server.ssl.keyAlias=
+# server.ssl.keyStoreProvider=
+# server.ssl.keyStoreType=
+# server.ssl.protocol=
+# server.ssl.trustStore=
+# server.ssl.trustStorePassword=
+# server.ssl.trustStoreProvider=
+# server.ssl.trustStoreType=
+
+server.maxHttpHeaderSize=2097152
+
+# logging.config=file:/etc/cas/config/log4j2.xml
+cas.service-registry.json.location=file:/etc/cas/config/services
+cas.service-registry.core.init-from-json=true
+
+# Logout configuration
+logout.followServiceRedirects=true
+logout.redirectParameter=service
+logout.confirmLogout=true
+slo.disabled=false

docker/cas/config-build/log4j2.xml

@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- Specify the refresh internal in seconds. -->
+<Configuration monitorInterval="5" packages="org.apereo.cas.logging">
+    <Properties>
+        <!--
+        Default log directory is the current directory but that can be overridden with -Dcas.log.dir=<logdir>
+        Or you can change this property to a new default
+        -->
+        <Property name="cas.log.dir" >.</Property>
+        <!-- To see more CAS specific logging, adjust this property to info or debug or run server with -Dcas.log.leve=debug -->
+        <Property name="cas.log.level" >debug</Property>
+    </Properties>
+    <Appenders>
+        <Console name="console" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
+        </Console>
+        <RollingFile name="file" fileName="${sys:cas.log.dir}/cas.log" append="true"
+                     filePattern="${sys:cas.log.dir}/cas-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="auditlogfile" fileName="${sys:cas.log.dir}/cas_audit.log" append="true"
+                     filePattern="${sys:cas.log.dir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%d %p [%c] - %m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+
+        <RollingFile name="perfFileAppender" fileName="${sys:cas.log.dir}/perfStats.log" append="true"
+                     filePattern="${sys:cas.log.dir}/perfStats-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+
+        <CasAppender name="casAudit">
+            <AppenderRef ref="auditlogfile" />
+        </CasAppender>
+        <CasAppender name="casFile">
+            <AppenderRef ref="file" />
+        </CasAppender>
+        <CasAppender name="casConsole">
+            <AppenderRef ref="console" />
+        </CasAppender>
+        <CasAppender name="casPerf">
+            <AppenderRef ref="perfFileAppender" />
+        </CasAppender>
+    </Appenders>
+    <Loggers>
+        <!-- If adding a Logger with level set higher than warn, make category as selective as possible -->
+        <!-- Loggers inherit appenders from Root Logger unless additivity is false -->
+        <AsyncLogger name="org.apereo" level="${sys:cas.log.level}" includeLocation="true"/>
+        <AsyncLogger name="org.apereo.services.persondir" level="${sys:cas.log.level}" includeLocation="true"/>
+        <AsyncLogger name="org.apereo.cas.web.flow" level="info" includeLocation="true"/>
+        <AsyncLogger name="org.apache" level="warn" />
+        <AsyncLogger name="org.apache.http" level="error" />
+        <AsyncLogger name="org.springframework" level="warn" />
+        <AsyncLogger name="org.springframework.cloud.server" level="warn" />
+        <AsyncLogger name="org.springframework.cloud.client" level="warn" />
+        <AsyncLogger name="org.springframework.cloud.bus" level="warn" />
+        <AsyncLogger name="org.springframework.aop" level="warn" />
+        <AsyncLogger name="org.springframework.boot" level="warn" />
+        <AsyncLogger name="org.springframework.boot.actuate.autoconfigure" level="warn" />
+        <AsyncLogger name="org.springframework.webflow" level="warn" />
+        <AsyncLogger name="org.springframework.session" level="warn" />
+        <AsyncLogger name="org.springframework.amqp" level="error" />
+        <AsyncLogger name="org.springframework.integration" level="warn" />
+        <AsyncLogger name="org.springframework.messaging" level="warn" />
+        <AsyncLogger name="org.springframework.web" level="warn" />
+        <AsyncLogger name="org.springframework.orm.jpa" level="warn" />
+        <AsyncLogger name="org.springframework.scheduling" level="warn" />
+        <AsyncLogger name="org.springframework.context.annotation" level="error" />
+        <AsyncLogger name="org.springframework.boot.devtools" level="error" />
+        <AsyncLogger name="org.springframework.web.socket" level="warn" />
+        <AsyncLogger name="org.thymeleaf" level="warn" />
+        <AsyncLogger name="org.pac4j" level="warn" />
+        <AsyncLogger name="org.opensaml" level="warn"/>
+        <AsyncLogger name="net.sf.ehcache" level="warn" />
+        <AsyncLogger name="com.couchbase" level="warn" includeLocation="true"/>
+        <AsyncLogger name="com.ryantenney.metrics" level="warn" />
+        <AsyncLogger name="net.jradius" level="warn" />
+        <AsyncLogger name="org.openid4java" level="warn" />
+        <AsyncLogger name="org.ldaptive" level="debug" />
+        <AsyncLogger name="com.hazelcast" level="warn" />
+        <AsyncLogger name="org.jasig.spring" level="warn" />
+
+        <!-- Log perf stats only to perfStats.log -->
+        <AsyncLogger name="perfStatsLogger" level="info" additivity="false" includeLocation="true">
+            <AppenderRef ref="casPerf"/>
+        </AsyncLogger>
+
+        <!-- Log audit to all root appenders, and also to audit log (additivity is not false) -->
+        <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" >
+            <AppenderRef ref="casAudit"/>
+        </AsyncLogger>
+
+        <!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger -->
+        <AsyncRoot level="warn">
+            <AppenderRef ref="casFile"/>
+            <!--
+                 For deployment to an application server running as service,
+                 delete the casConsole appender below
+            -->
+            <AppenderRef ref="casConsole"/>
+        </AsyncRoot>
+    </Loggers>
+</Configuration>

docker/cas/config-build/services/wtest-10.json

@@ -0,0 +1,9 @@
+{
+  "@class" : "org.apereo.cas.services.RegexRegisteredService",
+  "serviceId" : "^(http|https)://.*",
+  "name" : "service1",
+  "id" : 123456789,
+  "attributeReleasePolicy" : {
+    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
+  }
+}