academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #464 from david-r-bell/v9.2.3

Browse Source 
V9.2.3
This commit is contained in:
David
2021-07-22 13:50:03 +01:00
committed by GitHub
parent 4580cecf49 cc956b29f4
commit 7fbb8ff076
16 changed files with 85 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
.travis.yml
View File

@@ -25,7 +25,7 @@ services:
env: env:
global: global:
- MAIN_BRANCH=v9.2.2 - MAIN_BRANCH=v9.2.3
- MQ_LTS_VERSION=9.2.0.1 - MQ_LTS_VERSION=9.2.0.1
- TAGCACHE_FILE=tagcache - TAGCACHE_FILE=tagcache
- RELEASE=r1 - RELEASE=r1
@@ -40,50 +40,50 @@ go_import_path: "github.com/ibm-messaging/mq-container"
jobs: jobs:
include: include:
- stage: basic-build - stage: basic-build
if: branch != v9.2.2 AND tag IS blank if: branch != v9.2.3 AND tag IS blank
name: "Basic AMD64 build" name: "Basic AMD64 build"
os: linux os: linux
env: env:
- MQ_ARCHIVE_REPOSITORY_DEV=$MQ_922_ARCHIVE_REPOSITORY_DEV_AMD64 - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_923_ARCHIVE_REPOSITORY_DEV_AMD64
script: bash -e travis-build-scripts/run.sh script: bash -e travis-build-scripts/run.sh
# CD Build # CD Build
- stage: global-tag - stage: global-tag
if: branch = v9.2.2 AND type != pull_request OR tag =~ ^release-candidate* if: branch = v9.2.3 AND type != pull_request OR tag =~ ^release-candidate*
name: "Generate Global Tag" name: "Generate Global Tag"
os: linux os: linux
script: bash -e travis-build-scripts/global-tag.sh script: bash -e travis-build-scripts/global-tag.sh
- stage: build - stage: build
if: branch = v9.2.2 OR tag =~ ^release-candidate* if: branch = v9.2.3 OR tag =~ ^release-candidate*
name: "Multi-Arch AMD64 build" name: "Multi-Arch AMD64 build"
os: linux os: linux
env: env:
- BUILD_ALL=true - BUILD_ALL=true
- MQ_ARCHIVE_REPOSITORY=$MQ_922_ARCHIVE_REPOSITORY_AMD64 - MQ_ARCHIVE_REPOSITORY=$MQ_923_ARCHIVE_REPOSITORY_AMD64
- MQ_ARCHIVE_REPOSITORY_DEV=$MQ_922_ARCHIVE_REPOSITORY_DEV_AMD64 - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_923_ARCHIVE_REPOSITORY_DEV_AMD64
script: bash -e travis-build-scripts/run.sh script: bash -e travis-build-scripts/run.sh
# - if: branch = v9.2.2 OR tag =~ ^release-candidate* # - if: branch = v9.2.3 OR tag =~ ^release-candidate*
# name: "Multi-Arch PPC64LE build" # name: "Multi-Arch PPC64LE build"
# os: linux-ppc64le # os: linux-ppc64le
# env: # env:
# - BUILD_ALL=true # - BUILD_ALL=true
# - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics" # - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics"
# # - MQ_ARCHIVE_REPOSITORY=$MQ_922_ARCHIVE_REPOSITORY_PPC64LE # # - MQ_ARCHIVE_REPOSITORY=$MQ_923_ARCHIVE_REPOSITORY_PPC64LE
# - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_922_ARCHIVE_REPOSITORY_DEV_PPC64LE # - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_923_ARCHIVE_REPOSITORY_DEV_PPC64LE
# script: bash -e travis-build-scripts/run.sh # script: bash -e travis-build-scripts/run.sh
- stage: build - stage: build
if: branch = v9.2.2 OR tag =~ ^release-candidate* if: branch = v9.2.3 OR tag =~ ^release-candidate*
name: "Multi-Arch S390X build" name: "Multi-Arch S390X build"
os: linux-s390 os: linux-s390
env: env:
- BUILD_ALL=true - BUILD_ALL=true
- TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics" - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics"
- MQ_ARCHIVE_REPOSITORY=$MQ_922_ARCHIVE_REPOSITORY_S390X - MQ_ARCHIVE_REPOSITORY=$MQ_923_ARCHIVE_REPOSITORY_S390X
- MQ_ARCHIVE_REPOSITORY_DEV=$MQ_922_ARCHIVE_REPOSITORY_DEV_S390X - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_923_ARCHIVE_REPOSITORY_DEV_S390X
script: bash -e travis-build-scripts/run.sh script: bash -e travis-build-scripts/run.sh
- stage: push-manifest - stage: push-manifest
if: branch = v9.2.2 AND type != pull_request OR tag =~ ^release-candidate* if: branch = v9.2.3 AND type != pull_request OR tag =~ ^release-candidate*
name: "Push Manifest-list to registry" name: "Push Manifest-list to registry"
env: env:
- PUSH_MANIFEST_ONLY=true - PUSH_MANIFEST_ONLY=true
@@ -92,7 +92,7 @@ jobs:
# LTS Build # LTS Build
- stage: global-tag - stage: global-tag
if: branch = v9.2.2 AND type != pull_request OR tag =~ ^release-candidate* if: branch = v9.2.3 AND type != pull_request OR tag =~ ^release-candidate*
name: "Generate Global Tag" name: "Generate Global Tag"
os: linux os: linux
env: env:
@@ -102,7 +102,7 @@ jobs:
- RELEASE=$RELEASE_LTS - RELEASE=$RELEASE_LTS
script: bash -e travis-build-scripts/global-tag.sh script: bash -e travis-build-scripts/global-tag.sh
- stage: build - stage: build
if: branch = v9.2.2 OR tag =~ ^release-candidate* if: branch = v9.2.3 OR tag =~ ^release-candidate*
name: "Multi-Arch AMD64 build" name: "Multi-Arch AMD64 build"
os: linux os: linux
env: env:
@@ -113,7 +113,7 @@ jobs:
- RELEASE=$RELEASE_LTS - RELEASE=$RELEASE_LTS
script: bash -e travis-build-scripts/run.sh script: bash -e travis-build-scripts/run.sh
- stage: build - stage: build
if: branch = v9.2.2 OR tag =~ ^release-candidate* if: branch = v9.2.3 OR tag =~ ^release-candidate*
name: "Multi-Arch S390X build" name: "Multi-Arch S390X build"
os: linux-s390 os: linux-s390
env: env:
@@ -125,7 +125,7 @@ jobs:
- RELEASE=$RELEASE_LTS - RELEASE=$RELEASE_LTS
script: bash -e travis-build-scripts/run.sh script: bash -e travis-build-scripts/run.sh
- stage: push-manifest - stage: push-manifest
if: branch = v9.2.2 AND type != pull_request OR tag =~ ^release-candidate* if: branch = v9.2.3 AND type != pull_request OR tag =~ ^release-candidate*
name: "Push Manifest-list to registry" name: "Push Manifest-list to registry"
env: env:
- LTS=true - LTS=true

4
CHANGELOG.md
View File

@@ -1,5 +1,9 @@
# Change log # Change log
## 9.2.3.0 (2021-07-22)
* Updated to MQ version 9.2.3.0
## 9.2.2.0 (2021-03-26) ## 9.2.2.0 (2021-03-26)
* Updated to MQ version 9.2.2.0 * Updated to MQ version 9.2.2.0

8
Dockerfile-server
View File

@@ -13,13 +13,13 @@
# limitations under the License. # limitations under the License.
ARG BASE_IMAGE=registry.redhat.io/ubi8/ubi-minimal ARG BASE_IMAGE=registry.redhat.io/ubi8/ubi-minimal
ARG BASE_TAG=8.3-291 ARG BASE_TAG=8.4-205
ARG GO_WORKDIR=/go/src/github.com/ibm-messaging/mq-container ARG GO_WORKDIR=/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container
ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/9.2.2.0-IBM-MQ-Advanced-for-Developers-Non-Install-LinuxX64.tar.gz" ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/9.2.3.0-IBM-MQ-Advanced-for-Developers-Non-Install-LinuxX64.tar.gz"
############################################################################### ###############################################################################
# Build stage to build Go code # Build stage to build Go code
############################################################################### ###############################################################################
FROM docker.io/golang:1.14.15 as builder FROM registry.redhat.io/ubi8/go-toolset:1.15.13-4 as builder
# The URL to download the MQ installer from in tar.gz format # The URL to download the MQ installer from in tar.gz format
# This assumes an archive containing the MQ Non-Install packages # This assumes an archive containing the MQ Non-Install packages
ARG MQ_URL ARG MQ_URL

2
Makefile
View File

@@ -258,7 +258,7 @@ test-advancedserver: test/docker/vendor
cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) -timeout $(TEST_TIMEOUT_DOCKER) $(TEST_OPTS_DOCKER) cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) -timeout $(TEST_TIMEOUT_DOCKER) $(TEST_OPTS_DOCKER)
.PHONY: build-devjmstest .PHONY: build-devjmstest
build-devjmstest: build-devjmstest: registry-login
$(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END))) $(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END)))
cd test/messaging && docker build --tag $(DEV_JMS_IMAGE) . cd test/messaging && docker build --tag $(DEV_JMS_IMAGE) .

4
README.md
View File

@@ -44,8 +44,8 @@ For issues relating specifically to the container image or Helm chart, please us
The Dockerfiles and associated code and scripts are licensed under the [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0.html). The Dockerfiles and associated code and scripts are licensed under the [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0.html).
Licenses for the products installed within the images are as follows: Licenses for the products installed within the images are as follows:
- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BMKG5H) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above. - [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BYHCL7) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BVJJB3) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above. - [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BZDDDY) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
Note: The IBM MQ Advanced for Developers license does not permit further distribution and the terms restrict usage to a developer machine. Note: The IBM MQ Advanced for Developers license does not permit further distribution and the terms restrict usage to a developer machine.

14
cmd/chkmqstarted/main.go
View File

@@ -43,20 +43,6 @@ func queueManagerStarted() (bool, error) {
if !strings.Contains(string(out), "(RUNNING)") && !strings.Contains(string(out), "(RUNNING AS STANDBY)") && !strings.Contains(string(out), "(STARTING)") && !strings.Contains(string(out), "(REPLICA)") { if !strings.Contains(string(out), "(RUNNING)") && !strings.Contains(string(out), "(RUNNING AS STANDBY)") && !strings.Contains(string(out), "(STARTING)") && !strings.Contains(string(out), "(REPLICA)") {
return false, nil return false, nil
} }
if os.Getenv("MQ_NATIVE_HA") == "true" {
// Specify the queue manager name, just in case someone's created a second queue manager
// #nosec G204
cmd = exec.Command("dspmq", "-n", "-o", "nativeha", "-m", name)
// Run the command and wait for completion
out, err = cmd.CombinedOutput()
if err != nil {
fmt.Println(err)
return false, err
}
if !strings.Contains(string(out), "INSYNC(YES)") {
return false, nil
}
}
return true, nil return true, nil
} }

2
config.env
View File

@@ -1,6 +1,6 @@
########################################################################################################################################################### ###########################################################################################################################################################
# MQ_VERSION is the fully qualified MQ version number to build # MQ_VERSION is the fully qualified MQ version number to build
MQ_VERSION ?= 9.2.2.0 MQ_VERSION ?= 9.2.3.0
########################################################################################################################################################### ###########################################################################################################################################################

2
docs/building.md
View File

@@ -20,7 +20,7 @@ From MQ 9.2.X, the MQ container adds support for MQ Long Term Support (LTS) **pr
This procedure works for building the MQ Continuous Delivery release, on `amd64`, `ppc64le` and `s390x` architectures. This procedure works for building the MQ Continuous Delivery release, on `amd64`, `ppc64le` and `s390x` architectures.
1. Create a `downloads` directory in the root of this repository 1. Create a `downloads` directory in the root of this repository
2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.2.2_LINUX_X86-64_NOINST.tar.gz`) in the `downloads` directory 2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.2.3_LINUX_X86-64_NOINST.tar.gz`) in the `downloads` directory
3. Login to the Red Hat Registry: `docker login registry.redhat.io` using your Customer Portal credentials. 3. Login to the Red Hat Registry: `docker login registry.redhat.io` using your Customer Portal credentials.
4. Run `make build-advancedserver` 4. Run `make build-advancedserver`

2
docs/security.md
View File

@@ -16,5 +16,5 @@ docker run \
--env LICENSE=accept \ --env LICENSE=accept \
--env MQ_QMGR_NAME=QM1 \ --env MQ_QMGR_NAME=QM1 \
--detach \ --detach \
ibm-mqadvanced-server:9.2.2.0-amd64 ibm-mqadvanced-server:9.2.3.0-amd64
``` ```

2
docs/testing.md
View File

@@ -25,7 +25,7 @@ make advancedserver
You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example: You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example:
``` ```
MQ_IMAGE_ADVANCEDSERVER=ibm-mqadvanced-server:9.2.2.0-amd64 make test-advancedserver MQ_IMAGE_ADVANCEDSERVER=ibm-mqadvanced-server:9.2.3.0-amd64 make test-advancedserver
``` ```
You can pass parameters to `go test` with an environment variable. For example, to run the "TestGoldenPath" test, run the following command: You can pass parameters to `go test` with an environment variable. For example, to run the "TestGoldenPath" test, run the following command:

2
go.mod
View File

@@ -1,6 +1,6 @@
module github.com/ibm-messaging/mq-container module github.com/ibm-messaging/mq-container
go 1.14 go 1.15
require ( require (
github.com/genuinetools/amicontained v0.4.0 github.com/genuinetools/amicontained v0.4.0

2
internal/ha/ha.go
View File

@@ -41,7 +41,7 @@ func ConfigureNativeHA(log *logger.Logger) error {
templateMap["NativeHAInstance2_ReplicationAddress"] = os.Getenv("MQ_NATIVE_HA_INSTANCE_2_REPLICATION_ADDRESS") templateMap["NativeHAInstance2_ReplicationAddress"] = os.Getenv("MQ_NATIVE_HA_INSTANCE_2_REPLICATION_ADDRESS")
if os.Getenv("MQ_NATIVE_HA_TLS") == "true" { if os.Getenv("MQ_NATIVE_HA_TLS") == "true" {
keyLabel, _, err := tls.ConfigureHATLSKeystore() keyLabel, _, _, err := tls.ConfigureHATLSKeystore()
if err != nil { if err != nil {
return err return err
} }

102
internal/tls/tls.go
View File

@@ -76,23 +76,22 @@ type TLSStore struct {
Truststore KeyStoreData Truststore KeyStoreData
} }
// ConfigureDefaultTLSKeystores configures the CMS Keystore & PKCS#12 Truststore func configureTLSKeystores(keystoreDir, keyDir, trustDir string, p12TruststoreRequired bool) (string, KeyStoreData, KeyStoreData, error) {
func ConfigureDefaultTLSKeystores() (string, KeyStoreData, KeyStoreData, error) {
// Create the CMS Keystore & PKCS#12 Truststore // Create the CMS Keystore & PKCS#12 Truststore (if required)
tlsStore, err := generateAllDefaultKeystores() tlsStore, err := generateAllKeystores(keystoreDir, p12TruststoreRequired)
if err != nil { if err != nil {
return "", tlsStore.Keystore, tlsStore.Truststore, err return "", tlsStore.Keystore, tlsStore.Truststore, err
} }
// Process all keys - add them to the CMS KeyStore // Process all keys - add them to the CMS KeyStore
keyLabel, err := processKeys(&tlsStore, keystoreDirDefault, keyDirDefault) keyLabel, err := processKeys(&tlsStore, keystoreDir, keyDir)
if err != nil { if err != nil {
return "", tlsStore.Keystore, tlsStore.Truststore, err return "", tlsStore.Keystore, tlsStore.Truststore, err
} }
// Process all trust certificates - add them to the CMS KeyStore & PKCS#12 Truststore // Process all trust certificates - add them to the CMS KeyStore & PKCS#12 Truststore (if required)
err = processTrustCertificates(&tlsStore, trustDirDefault) err = processTrustCertificates(&tlsStore, trustDir)
if err != nil { if err != nil {
return "", tlsStore.Keystore, tlsStore.Truststore, err return "", tlsStore.Keystore, tlsStore.Truststore, err
} }
@@ -100,22 +99,15 @@ func ConfigureDefaultTLSKeystores() (string, KeyStoreData, KeyStoreData, error)
return keyLabel, tlsStore.Keystore, tlsStore.Truststore, err return keyLabel, tlsStore.Keystore, tlsStore.Truststore, err
} }
// ConfigureDefaultTLSKeystores configures the CMS Keystore & PKCS#12 Truststore
func ConfigureDefaultTLSKeystores() (string, KeyStoreData, KeyStoreData, error) {
return configureTLSKeystores(keystoreDirDefault, keyDirDefault, trustDirDefault, true)
}
// ConfigureHATLSKeystore configures the CMS Keystore & PKCS#12 Truststore // ConfigureHATLSKeystore configures the CMS Keystore & PKCS#12 Truststore
func ConfigureHATLSKeystore() (string, KeyStoreData, error) { func ConfigureHATLSKeystore() (string, KeyStoreData, KeyStoreData, error) {
// *.crt files mounted to the HA TLS dir keyDirHA will be processed as trusted in the CMS keystore
// Create a CMS Keystore only return configureTLSKeystores(keystoreDirHA, keyDirHA, keyDirHA, false)
tlsStore, err := generateHAKeystore()
if err != nil {
return "", tlsStore.Keystore, err
}
// Process all keys - add them to the CMS KeyStore
keyLabel, err := processKeys(&tlsStore, keystoreDirHA, keyDirHA)
if err != nil {
return "", tlsStore.Keystore, err
}
return keyLabel, tlsStore.Keystore, err
} }
// ConfigureTLS configures TLS for the queue manager // ConfigureTLS configures TLS for the queue manager
@@ -166,8 +158,8 @@ func configureTLSDev(log *logger.Logger) error {
return nil return nil
} }
// generateAllDefaultKeystores creates the CMS Keystore & PKCS#12 Truststore // generateAllKeystores creates the CMS Keystore & PKCS#12 Truststore (if required)
func generateAllDefaultKeystores() (TLSStore, error) { func generateAllKeystores(keystoreDir string, p12TruststoreRequired bool) (TLSStore, error) {
var cmsKeystore, p12Truststore KeyStoreData var cmsKeystore, p12Truststore KeyStoreData
@@ -178,52 +170,30 @@ func generateAllDefaultKeystores() (TLSStore, error) {
// Create the Keystore directory - if it does not already exist // Create the Keystore directory - if it does not already exist
// #nosec G301 - write group permissions are required // #nosec G301 - write group permissions are required
err := os.MkdirAll(keystoreDirDefault, 0770) err := os.MkdirAll(keystoreDir, 0770)
if err != nil { if err != nil {
return TLSStore{cmsKeystore, p12Truststore}, fmt.Errorf("Failed to create Keystore directory: %v", err) return TLSStore{cmsKeystore, p12Truststore}, fmt.Errorf("Failed to create Keystore directory: %v", err)
} }
// Create the CMS Keystore // Create the CMS Keystore
cmsKeystore.Keystore = keystore.NewCMSKeyStore(filepath.Join(keystoreDirDefault, cmsKeystoreName), cmsKeystore.Password) cmsKeystore.Keystore = keystore.NewCMSKeyStore(filepath.Join(keystoreDir, cmsKeystoreName), cmsKeystore.Password)
err = cmsKeystore.Keystore.Create() err = cmsKeystore.Keystore.Create()
if err != nil { if err != nil {
return TLSStore{cmsKeystore, p12Truststore}, fmt.Errorf("Failed to create CMS Keystore: %v", err) return TLSStore{cmsKeystore, p12Truststore}, fmt.Errorf("Failed to create CMS Keystore: %v", err)
} }
// Create the PKCS#12 Truststore // Create the PKCS#12 Truststore (if required)
p12Truststore.Keystore = keystore.NewPKCS12KeyStore(filepath.Join(keystoreDirDefault, p12TruststoreName), p12Truststore.Password) if p12TruststoreRequired {
err = p12Truststore.Keystore.Create() p12Truststore.Keystore = keystore.NewPKCS12KeyStore(filepath.Join(keystoreDir, p12TruststoreName), p12Truststore.Password)
if err != nil { err = p12Truststore.Keystore.Create()
return TLSStore{cmsKeystore, p12Truststore}, fmt.Errorf("Failed to create PKCS#12 Truststore: %v", err) if err != nil {
return TLSStore{cmsKeystore, p12Truststore}, fmt.Errorf("Failed to create PKCS#12 Truststore: %v", err)
}
} }
return TLSStore{cmsKeystore, p12Truststore}, nil return TLSStore{cmsKeystore, p12Truststore}, nil
} }
// generateHAKeystore creates the CMS Keystore for Native HA replication
func generateHAKeystore() (TLSStore, error) {
var cmsKeystore KeyStoreData
// Generate a pasword for use with the CMS Keystore
pw := generateRandomPassword()
cmsKeystore.Password = pw
// Create the Keystore directory - if it does not already exist
// #nosec G301 - write group permissions are required
err := os.MkdirAll(keystoreDirHA, 0770)
if err != nil {
return TLSStore{Keystore: cmsKeystore}, fmt.Errorf("Failed to create HA Keystore directory: %v", err)
}
// Create the CMS Keystore
cmsKeystore.Keystore = keystore.NewCMSKeyStore(filepath.Join(keystoreDirHA, cmsKeystoreName), cmsKeystore.Password)
err = cmsKeystore.Keystore.Create()
if err != nil {
return TLSStore{Keystore: cmsKeystore}, fmt.Errorf("Failed to create CMS Keystore: %v", err)
}
return TLSStore{Keystore: cmsKeystore}, nil
}
// processKeys processes all keys - adding them to the CMS KeyStore // processKeys processes all keys - adding them to the CMS KeyStore
func processKeys(tlsStore *TLSStore, keystoreDir string, keyDir string) (string, error) { func processKeys(tlsStore *TLSStore, keystoreDir string, keyDir string) (string, error) {
@@ -273,7 +243,7 @@ func processKeys(tlsStore *TLSStore, keystoreDir string, keyDir string) (string,
// Import the new PKCS#12 Keystore into the CMS Keystore // Import the new PKCS#12 Keystore into the CMS Keystore
err = tlsStore.Keystore.Keystore.Import(filepath.Join(keystoreDir, keySet.Name()+".p12"), tlsStore.Keystore.Password) err = tlsStore.Keystore.Keystore.Import(filepath.Join(keystoreDir, keySet.Name()+".p12"), tlsStore.Keystore.Password)
if err != nil { if err != nil {
return "", fmt.Errorf("Failed tp import keys from %s into CMS Keystore: %v", filepath.Join(keystoreDir, keySet.Name()+".p12"), err) return "", fmt.Errorf("Failed to import keys from %s into CMS Keystore: %v", filepath.Join(keystoreDir, keySet.Name()+".p12"), err)
} }
// Relabel the certificate in the CMS Keystore // Relabel the certificate in the CMS Keystore
@@ -292,7 +262,7 @@ func processKeys(tlsStore *TLSStore, keystoreDir string, keyDir string) (string,
return keyLabel, nil return keyLabel, nil
} }
// processTrustCertificates processes all trust certificates - adding them to the CMS KeyStore & PKCS#12 Truststore // processTrustCertificates processes all trust certificates - adding them to the CMS KeyStore & PKCS#12 Truststore (if required)
func processTrustCertificates(tlsStore *TLSStore, trustDir string) error { func processTrustCertificates(tlsStore *TLSStore, trustDir string) error {
// Process all trust certiifcates // Process all trust certiifcates
@@ -324,10 +294,12 @@ func processTrustCertificates(tlsStore *TLSStore, trustDir string) error {
return fmt.Errorf("Failed to add to know certificates for CMS Keystore") return fmt.Errorf("Failed to add to know certificates for CMS Keystore")
} }
// Add to known certificates for the PKCS#12 Truststore if tlsStore.Truststore.Keystore != nil {
err = addToKnownCertificates(block, &tlsStore.Truststore, true) // Add to known certificates for the PKCS#12 Truststore
if err != nil { err = addToKnownCertificates(block, &tlsStore.Truststore, true)
return fmt.Errorf("Failed to add to know certificates for PKCS#12 Truststore") if err != nil {
return fmt.Errorf("Failed to add to know certificates for PKCS#12 Truststore")
}
} }
} }
} }
@@ -335,8 +307,8 @@ func processTrustCertificates(tlsStore *TLSStore, trustDir string) error {
} }
} }
// Add all trust certificates to PKCS#12 Truststore // Add all trust certificates to PKCS#12 Truststore (if required)
if len(tlsStore.Truststore.TrustedCerts) > 0 { if tlsStore.Truststore.Keystore != nil && len(tlsStore.Truststore.TrustedCerts) > 0 {
err = addCertificatesToTruststore(&tlsStore.Truststore) err = addCertificatesToTruststore(&tlsStore.Truststore)
if err != nil { if err != nil {
return err return err
@@ -438,7 +410,7 @@ func processCertificates(keyDir string, keySetName, keyPrefix string, keys []os.
return nil, nil, fmt.Errorf("Failed to add to know certificates for CMS Keystore") return nil, nil, fmt.Errorf("Failed to add to know certificates for CMS Keystore")
} }
if p12Truststore != nil { if p12Truststore.Keystore != nil {
// Add to known certificates for the PKCS#12 Truststore // Add to known certificates for the PKCS#12 Truststore
err = addToKnownCertificates(block, p12Truststore, true) err = addToKnownCertificates(block, p12Truststore, true)
if err != nil { if err != nil {

2
test/docker/go.mod
View File

@@ -1,6 +1,6 @@
module github.com/ibm-messaging/mq-container/test/docker module github.com/ibm-messaging/mq-container/test/docker
go 1.14 go 1.15
require ( require (
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect

17
test/messaging/Dockerfile
View File

@@ -15,23 +15,24 @@
############################################################################### ###############################################################################
# Application build environment (Maven) # Application build environment (Maven)
############################################################################### ###############################################################################
FROM docker.io/maven:3-ibmjava as builder FROM registry.redhat.io/ubi8/openjdk-8 as builder
COPY pom.xml /usr/src/mymaven/ COPY pom.xml .
WORKDIR /usr/src/mymaven #WORKDIR /usr/src/mymaven
# Download dependencies separately, so Docker caches them # Download dependencies separately, so Docker caches them
RUN mvn dependency:go-offline install RUN mvn dependency:go-offline install
# Copy source # Copy source
COPY src /usr/src/mymaven/src COPY src .
# Run the main build # Run the main build
RUN mvn --offline install RUN mvn --offline install
# Print a list of all the files (useful for debugging) # Print a list of all the files (useful for debugging)
RUN find /usr/src/mymaven RUN find .
############################################################################### ###############################################################################
# Application runtime (JRE only, no build environment) # Application runtime (JRE only, no build environment)
############################################################################### ###############################################################################
FROM docker.io/ibmjava:8-jre # OpenJDK is not technically supported with the MQ client, but is good enough for these tests
COPY --from=builder /usr/src/mymaven/target/*.jar /opt/app/ FROM registry.redhat.io/ubi8/openjdk-8-runtime
COPY --from=builder /usr/src/mymaven/target/lib/*.jar /opt/app/ COPY --from=builder /home/jboss/target/*.jar /opt/app/
COPY --from=builder /home/jboss/target/lib/*.jar /opt/app/
USER 1001 USER 1001
ENTRYPOINT ["java", "-classpath", "/opt/app/*", "org.junit.platform.console.ConsoleLauncher", "-p", "com.ibm.mqcontainer.test", "--details", "verbose"] ENTRYPOINT ["java", "-classpath", "/opt/app/*", "org.junit.platform.console.ConsoleLauncher", "-p", "com.ibm.mqcontainer.test", "--details", "verbose"]

3
travis-build-scripts/run.sh
View File

@@ -18,6 +18,9 @@ set -e
if [ "$(uname -m)" = "x86_64" ] ; then export ARCH="amd64" ; else export ARCH=$(uname -m) ; fi if [ "$(uname -m)" = "x86_64" ] ; then export ARCH="amd64" ; else export ARCH=$(uname -m) ; fi
# if DOCKER_USER is set, authenticate with docker.io to mitigate rate limit (https://www.docker.com/increase-rate-limits)
if [ -n "$DOCKER_USER" ] ; then echo 'Authenticating with docker.io...' && docker login -u $DOCKER_USER -p $DOCKER_PASS docker.io ; fi
if [ "$PUSH_MANIFEST_ONLY" = true ] ; then if [ "$PUSH_MANIFEST_ONLY" = true ] ; then
echo 'Retrieving remote tagcache' && echo -en 'travis_fold:start:retrieve-tag-cache\\r' echo 'Retrieving remote tagcache' && echo -en 'travis_fold:start:retrieve-tag-cache\\r'
./travis-build-scripts/artifact-util.sh -c ${CACHE_PATH} -u ${REPOSITORY_USER} -p ${REPOSITORY_CREDENTIAL} -f cache/${TAGCACHE_FILE} -l ./.tagcache --get ./travis-build-scripts/artifact-util.sh -c ${CACHE_PATH} -u ${REPOSITORY_USER} -p ${REPOSITORY_CREDENTIAL} -f cache/${TAGCACHE_FILE} -l ./.tagcache --get