diff --git a/docker/Dockerfile.vlkb b/docker/Dockerfile.vlkb
index 8bfab4432aea13862dbf8f7b793127e24a258963..9ede1f914642bcf0600a09a4cda4de882814ab75 100644
--- a/docker/Dockerfile.vlkb
+++ b/docker/Dockerfile.vlkb
@@ -12,21 +12,23 @@ RUN apt -y update \
rabbitmq-server openjdk-17-jre openjdk-17-jdk tomcat9 tomcat9-admin \
postgresql-client
-COPY ast_9.2.9-1_amd64.deb ./
-RUN dpkg -i /root/ast_9.2.9-1_amd64.deb && ldconfig \
- && mkdir -p /webapps/vlkb-search && mkdir -p /webapps/vlkb-cutout && mkdir /config \
- && mkdir -p /srv/surveys && mkdir -p /srv/cutouts
+#COPY ast_9.2.9-1_amd64.deb ./
+#RUN dpkg -i /root/ast_9.2.9-1_amd64.deb && ldconfig \
+RUN mkdir -p /webapps/vlkb-search
+# && mkdir /config
+# && mkdir -p /srv/surveys && mkdir -p /srv/cutouts
ARG VLKB_VERSION
-COPY vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VLKB_VERSION}.deb ./
+#COPY vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VLKB_VERSION}.deb ./
COPY vlkb-search-${VLKB_VERSION}.war /webapps/vlkb-search/
-COPY vlkb-cutout-${VLKB_VERSION}.war /webapps/vlkb-cutout/
-RUN dpkg -i vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VLKB_VERSION}.deb \
- && cd /webapps/vlkb-search && jar -xf vlkb-search-${VLKB_VERSION}.war \
- && cd /webapps/vlkb-cutout && jar -xf vlkb-cutout-${VLKB_VERSION}.war \
- && mv /webapps/vlkb-search/WEB-INF/lib/postgresql-*.jar /var/lib/tomcat9/lib \
- && rm /webapps/vlkb-cutout/WEB-INF/lib/postgresql-*.jar
+#COPY vlkb-cutout-${VLKB_VERSION}.war /webapps/vlkb-cutout/
+#RUN dpkg -i vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VLKB_VERSION}.deb \
+RUN cd /webapps/vlkb-search && jar -xf vlkb-search-${VLKB_VERSION}.war
+# && cd /webapps/vlkb-cutout && jar -xf vlkb-cutout-${VLKB_VERSION}.war \
+# && mv /webapps/vlkb-search/WEB-INF/lib/postgresql-*.jar /var/lib/tomcat9/lib \
+# && rm /webapps/vlkb-cutout/WEB-INF/lib/postgresql-*.jar
+COPY postgresql-*.jar /var/lib/tomcat9/lib
# Lines with postgresql_*.jar: provide DB-driver so Tomcat loads it
# vlkb-search vlkb-cutout do not explicitely load DB-drivers
@@ -37,21 +39,21 @@ RUN dpkg -i vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VL
ENV INST_DIR=/usr/local
-COPY vlkbd_exec.sh ${INST_DIR}/bin
+#COPY vlkbd_exec.sh ${INST_DIR}/bin
-RUN mkdir -p ${INST_DIR}/etc/vlkb-obscore \
- && mkdir -p ${INST_DIR}/etc/vlkbd \
- && echo "${INST_DIR}/lib" > /etc/ld.so.conf.d/ast.conf \
- && ldconfig
+#RUN mkdir -p ${INST_DIR}/etc/vlkb-obscore \
+# && mkdir -p ${INST_DIR}/etc/vlkbd \
+# && echo "${INST_DIR}/lib" > /etc/ld.so.conf.d/ast.conf \
+# && ldconfig
# configure during docker build-time
-COPY config-vlkb/vlkb-obscore.datasets.conf ${INST_DIR}/etc/vlkb-obscore/datasets.conf
-COPY config-vlkb/vlkbd.datasets.conf ${INST_DIR}/etc/vlkbd/datasets.conf
+#COPY config-vlkb/vlkb-obscore.datasets.conf ${INST_DIR}/etc/vlkb-obscore/datasets.conf
+#COPY config-vlkb/vlkbd.datasets.conf ${INST_DIR}/etc/vlkbd/datasets.conf
# created in entrypoint.sh COPY config-vlkb/servlet.datasets.conf /webapps/vlkb-cutout/WEB-INF/classes/datasets.conf
-COPY config-vlkb/auth.properties config-vlkb/neatoken.properties config-vlkb/iamtoken.properties /webapps/vlkb-cutout/WEB-INF/classes/
+#COPY config-vlkb/auth.properties config-vlkb/neatoken.properties config-vlkb/iamtoken.properties /webapps/vlkb-cutout/WEB-INF/classes/
COPY config-vlkb/auth.properties config-vlkb/neatoken.properties config-vlkb/iamtoken.properties config-vlkb/formatresponsefilter.properties /webapps/vlkb-search/WEB-INF/classes/
#COPY ssl/keystore.jks /root/
diff --git a/docker/Makefile b/docker/Makefile
index e120ae7415db33ae2755a9d7b8e27cc9b6b7fb31..bc22a6fc07a826b01ed8d543195933541462f331 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -32,7 +32,7 @@ ast-9.2.9.tar.gz:
.PHONY: build
build:
- docker build --build-arg VLKB_VERSION=$(VERSION) -t soda -f Dockerfile.vlkb .
+ docker build --build-arg VLKB_VERSION=$(VERSION) -t siav2 -f Dockerfile.vlkb .
# the docker-login below needed a ca-cert(?) which in the middle of the certificate-chain,
# but was not automatically downloaded and also local cert/ket pair(?) ->
diff --git a/docker/compose-siav2.yaml b/docker/compose-siav2.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bfad6328b350c8ff9174f0d035ad177be01ad581
--- /dev/null
+++ b/docker/compose-siav2.yaml
@@ -0,0 +1,43 @@
+version: '2'
+
+services:
+
+ vlkb-db:
+ container_name: vlkb-db
+ #image: git.ia2.inaf.it:5050/butora/vlkb-datasets/postgres-pgsphere:latest
+ image: registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:1.5.2
+ #image: postgres-pgsphere:latest
+ network_mode: "host"
+ environment:
+ - SECURITY=
+ - POSTGRES_PASSWORD=ia2vlkb
+ volumes:
+ - postgres-data:/var/lib/postgresql/data
+
+
+ siav2:
+ container_name: siav2
+ image: siav2:latest
+ #image: git.ia2.inaf.it:5050/butora/vlkb-datasets/soda:latest
+ network_mode: "host"
+ environment:
+ - SECURITY=
+ #- SECURITY=ia2token
+ - DISCOVERY_CONTEXT_ROOT=vlkb#datasets#vlkb_search
+ - DISCOVERY_DB_URI=jdbc:postgresql://localhost:5432/vialactea
+ - DB_USERNAME=vialactea
+ - DB_PASSWORD=ia2vlkb
+ #- VLKBOBSCORE_PG_URI=postgresql://vialactea:ia2vlkb@localhost:5432/vialactea
+ #- ACCESS_CONTEXT_ROOT=vlkb#datasets
+ #- RESPONSE_FORMAT=application/x-vlkb+xml
+ #- RESPONSE_FORMAT=application/x-votable+xml
+ #volumes:
+ #- ./config-vlkb:/config:Z
+ #- /srv/vlkb/surveys:/srv/surveys:Z
+ #- /srv/vlkb/cutouts:/srv/cutouts:Z
+ #restart: always
+
+
+volumes:
+ postgres-data:
+
diff --git a/docker/config-vlkb/Obsolete/context-cutout.xml b/docker/config-vlkb/Obsolete/context-cutout.xml
new file mode 100644
index 0000000000000000000000000000000000000000..4f5f504df9c52f4119d68bf48434f3afb0ae3861
--- /dev/null
+++ b/docker/config-vlkb/Obsolete/context-cutout.xml
@@ -0,0 +1,15 @@
+<Context docBase="/webapps/vlkb-cutout">
+
+ <Resources allowLinking="true">
+ <PostResources readOnly="false"
+ className="org.apache.catalina.webresources.DirResourceSet"
+ base="/srv/cutouts"
+ webAppMount="/cutouts"/>
+ <PostResources readOnly="true"
+ className="org.apache.catalina.webresources.DirResourceSet"
+ base="/srv/surveys"
+ webAppMount="/surveys"/>
+ </Resources>
+
+</Context>
+
diff --git a/docker/config-vlkb/Obsolete/tomcat-users.xml b/docker/config-vlkb/Obsolete/tomcat-users.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6587e75e97ec68e52749cd93b9e2a54f5a28e76d
--- /dev/null
+++ b/docker/config-vlkb/Obsolete/tomcat-users.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+ version="1.0">
+<!--
+ NOTE: By default, no user is included in the "manager-gui" role required
+ to operate the "/manager/html" web application. If you wish to use this app,
+ you must define such a user - the username and password are arbitrary. It is
+ strongly recommended that you do NOT use one of the users in the commented out
+ section below since they are intended for use with the examples web
+ application.
+-->
+<!--
+ NOTE: The sample user and role entries below are intended for use with the
+ examples web application. They are wrapped in a comment and thus are ignored
+ when reading this file. If you wish to configure these users for use with the
+ examples web application, do not forget to remove the <!.. ..> that surrounds
+ them. You will also need to set the passwords to something appropriate.
+-->
+<!--
+ <role rolename="tomcat"/>
+ <role rolename="role1"/>
+ <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
+ <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
+ <user username="role1" password="<must-be-changed>" roles="role1"/>
+-->
+
+ <role rolename="manager-script"/>
+ <user username="admin" password="IA2lbt09" roles="manager-script"/>
+</tomcat-users>
+
diff --git a/docker/config-vlkb/Obsolete/vlkb-obscore.datasets.conf b/docker/config-vlkb/Obsolete/vlkb-obscore.datasets.conf
new file mode 100644
index 0000000000000000000000000000000000000000..9572cd452614d5a6e0de043eaed03c2d1c168f82
--- /dev/null
+++ b/docker/config-vlkb/Obsolete/vlkb-obscore.datasets.conf
@@ -0,0 +1,15 @@
+
+# root of path for local access
+fits_path_surveys=/srv/surveys
+
+# obs_publisher_did = <obscore publisher> ? <generated-pubdid>
+obscore_publisher=ivo://ia2.inaf.it/vlkb/datasets
+
+# full access URL: <obscore_access_url>/<storage-path>/<file-name>
+obscore_access_url=https://vlkb-devel.ia2.inaf.it:8443/vlkb/datasets/surveys
+obscore_access_format=application/fits
+
+# logging (holds last exec only)
+# log_dir=/tmp
+# log_filename=vlkb-obscore.log
+
diff --git a/docker/config-vlkb/Obsolete/vlkbd.datasets.conf b/docker/config-vlkb/Obsolete/vlkbd.datasets.conf
new file mode 100644
index 0000000000000000000000000000000000000000..bccc41819036738345cde389866cc381c672eb2f
--- /dev/null
+++ b/docker/config-vlkb/Obsolete/vlkbd.datasets.conf
@@ -0,0 +1,10 @@
+
+# path to original files
+fits_path_surveys=/srv/surveys
+# path to generated cutouts
+fits_path_cutouts=/srv/cutouts
+
+# logging records last request only
+# log_dir=/tmp
+# log_filename=vlkbd.log
+
diff --git a/docker/config-vlkb/Obsolete/web-cutout.xml b/docker/config-vlkb/Obsolete/web-cutout.xml
new file mode 100644
index 0000000000000000000000000000000000000000..fc812cff418fd6ce0a87c7a737cad77b02efc2f7
--- /dev/null
+++ b/docker/config-vlkb/Obsolete/web-cutout.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
+ Use is subject to license terms.
+-->
+
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ <display-name>Via Lactea. Query FITS datacubes.</display-name>
+ <distributable/>
+
+
+
+<!-- no authorization filter configured -->
+
+ <servlet>
+ <servlet-name>default</servlet-name>
+ <servlet-class>
+ org.apache.catalina.servlets.DefaultServlet
+ </servlet-class>
+ <init-param>
+ <param-name>debug</param-name>
+ <param-value>1</param-value>
+ </init-param>
+ <init-param>
+ <param-name>listings</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/</url-pattern>
+ </servlet-mapping>
+
+
+
+
+
+
+
+
+ <servlet>
+ <servlet-name>vlkb_cutout</servlet-name>
+ <servlet-class>ServletCutout</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_cutout</servlet-name>
+ <url-pattern>/vlkb_cutout</url-pattern>
+ </servlet-mapping>
+
+ <servlet>
+ <servlet-name>vlkb_mcutout</servlet-name>
+ <servlet-class>ServletMCutout</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_mcutout</servlet-name>
+ <url-pattern>/vlkb_mcutout</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>vlkb_merge</servlet-name>
+ <servlet-class>ServletMerge</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_merge</servlet-name>
+ <url-pattern>/vlkb_merge</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>vlkb_vosi_availability</servlet-name>
+ <servlet-class>VlkbServletFile</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_vosi_availability</servlet-name>
+ <url-pattern>/availability</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>vlkb_vosi_capabilities</servlet-name>
+ <servlet-class>VlkbServletFile</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_vosi_capabilities</servlet-name>
+ <url-pattern>/capabilities</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>vlkb_soda</servlet-name>
+ <servlet-class>ServletCutout</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_soda</servlet-name>
+ <url-pattern>/soda</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>vlkb_soda</servlet-name>
+ <url-pattern>/vlkb_soda</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>uws_merge</servlet-name>
+ <servlet-class>UWSMerge</servlet-class>
+ <init-param>
+ <param-name>name</param-name>
+ <param-value>merge</param-value>
+ </init-param>
+ <init-param>
+ <param-name>rootDirectory</param-name>
+ <param-value>/tmp</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>uws_merge</servlet-name>
+ <url-pattern>/uws_merge/*</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>uws_mcutout</servlet-name>
+ <servlet-class>UWSMCutout</servlet-class>
+ <init-param>
+ <param-name>name</param-name>
+ <param-value>mcutout</param-value>
+ </init-param>
+ <init-param>
+ <param-name>rootDirectory</param-name>
+ <param-value>/tmp</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>uws_mcutout</servlet-name>
+ <url-pattern>/uws_mcutout/*</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>uws_soda</servlet-name>
+ <servlet-class>UWSSoda</servlet-class>
+ <init-param>
+ <param-name>name</param-name>
+ <param-value>soda_uws</param-value>
+ </init-param>
+ <init-param>
+ <param-name>rootDirectory</param-name>
+ <param-value>/tmp</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>uws_soda</servlet-name>
+ <url-pattern>/soda_uws/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
diff --git a/docker/config-vlkb/auth.properties b/docker/config-vlkb/auth.properties
new file mode 100644
index 0000000000000000000000000000000000000000..c9c8aee27f0017b03a10a17896236eae4a93a018
--- /dev/null
+++ b/docker/config-vlkb/auth.properties
@@ -0,0 +1,10 @@
+rap_uri=https://sso.ia2.inaf.it/rap-ia2
+gms_uri=https://sso.ia2.inaf.it/gms
+client_id=vospace_ui_demo
+client_secret=VOSpaceDemo123
+
+groups_autoload=true
+store_state_on_login_endpoint=true
+scope=openid email profile read:rap
+
+allow_anonymous_access=true
diff --git a/docker/config-vlkb/authpolicy.properties b/docker/config-vlkb/authpolicy.properties
new file mode 100644
index 0000000000000000000000000000000000000000..1c59ef6ea99316ff778ca7dda6cb2cb3493aa9b3
--- /dev/null
+++ b/docker/config-vlkb/authpolicy.properties
@@ -0,0 +1,6 @@
+db_uri=jdbc:postgresql://127.0.0.1:5432/vialactea
+db_schema=datasets
+db_user_name=vialactea
+db_password=ia2vlkb
+
+
diff --git a/docker/config-vlkb/formatresponsefilter.properties b/docker/config-vlkb/formatresponsefilter.properties
new file mode 100644
index 0000000000000000000000000000000000000000..b8acc01981bfba522a55bb187daebe3a2b1cecf0
--- /dev/null
+++ b/docker/config-vlkb/formatresponsefilter.properties
@@ -0,0 +1,7 @@
+
+# used to retrieve extraCards to add to FITS_header (VLKB-only)
+surveys_metadata_abs_pathname=/srv/surveys/survey_populate.csv
+
+# these URL's are used to construct cutout merge requests strings in response.xml
+cutout_url=http://vlkb-devel.ia2.inaf.it:8080/vlkb/datasets/vlkb_cutout
+merge_url=http://vlkb-devel.ia2.inaf.it:8080/vlkb/datasets/vlkb_merge
diff --git a/docker/config-vlkb/iamtoken.properties b/docker/config-vlkb/iamtoken.properties
new file mode 100644
index 0000000000000000000000000000000000000000..e0935bb1f2d6f832b04b22c9dac817eac6741e5d
--- /dev/null
+++ b/docker/config-vlkb/iamtoken.properties
@@ -0,0 +1,10 @@
+
+#jwks_url=https://iam-escape.cloud.cnaf.infn.it/jwk
+introspect=https://iam-escape.cloud.cnaf.infn.it/introspect
+client_name=02cc260f-9837-4907-b2cb-a1a2d764fb15
+client_password=AJMi3qrB6AHRp_6y55tEwU-IpJ8uZ6X4QXeQ3W4la6dc-BlkzAY1OQpAE9hb1W7-VfYl4208FUtjE2Cl3hUYLkQ
+
+resource_id=vlkb
+
+non_authn_username=anonymous
+
diff --git a/docker/config-vlkb/neatoken.properties b/docker/config-vlkb/neatoken.properties
new file mode 100644
index 0000000000000000000000000000000000000000..21793e2600441bc6122e1ce54387ad8525bbd297
--- /dev/null
+++ b/docker/config-vlkb/neatoken.properties
@@ -0,0 +1,7 @@
+
+jwks_url=https://sso.neanias.eu/auth/realms/neanias-production/protocol/openid-connect/certs
+
+resource_id=vlkb
+
+non_authn_username=anonymous
+
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 8f769fabe3bb54e361d9eea767a120280095f0ea..9f8c06d4df6a0c26884a2138a515ae72af576a09 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -11,19 +11,19 @@ env
#INST_DIR="/usr/local"
WEBAPP_DIR=/webapps
#CONFIG_DIR=/config
-QUEUE_NAME=dockervlkb$ACCESS_CONTEXT_ROOT
+#QUEUE_NAME=dockervlkb$ACCESS_CONTEXT_ROOT
echo "SECURITY : "$SECURITY
echo "DISCOVERY_CONTEXT_ROOT : "$DISCOVERY_CONTEXT_ROOT
echo "DISCOVERY_DB_URI : "$DISCOVERY_DB_URI
-echo "VLKBOBSCORE_PG_URI : "$VLKBOBSCORE_PG_URI
-echo "ACCESS_CONTEXT_ROOT : "$ACCESS_CONTEXT_ROOT
+#echo "VLKBOBSCORE_PG_URI : "$VLKBOBSCORE_PG_URI
+#echo "ACCESS_CONTEXT_ROOT : "$ACCESS_CONTEXT_ROOT
echo "RESPONSE_FORMAT : "$RESPONSE_FORMAT
echo "URL_CUTOUTS : "$URL_CUTOUTS
echo "INST_DIR : "$INST_DIR
echo "WEBAPP_DIR : "$WEBAPP_DIR
#echo "CONFIG_DIR : "$CONFIG_DIR
-echo "QUEUE_NAME : "$QUEUE_NAME
+#echo "QUEUE_NAME : "$QUEUE_NAME
#########################################################################
@@ -31,11 +31,11 @@ echo "QUEUE_NAME : "$QUEUE_NAME
## configure vlkb-tools
#mkdir -p $INST_DIR/etc/vlkb-obscore
#cp $CONFIG_DIR/vlkb-obscore.datasets.conf $INST_DIR/etc/vlkb-obscore/datasets.conf
-if test -n "$VLKBOBSCORE_PG_URI"
-then
- echo "pg_uri=$VLKBOBSCORE_PG_URI" >> $INST_DIR/etc/vlkb-obscore/datasets.conf
- echo "pg_schema=datasets" >> $INST_DIR/etc/vlkb-obscore/datasets.conf
-fi
+#if test -n "$VLKBOBSCORE_PG_URI"
+#then
+# echo "pg_uri=$VLKBOBSCORE_PG_URI" >> $INST_DIR/etc/vlkb-obscore/datasets.conf
+# echo "pg_schema=datasets" >> $INST_DIR/etc/vlkb-obscore/datasets.conf
+#fi
@@ -56,61 +56,70 @@ then
echo "db_password=$DB_PASSWORD" >> $WEBAPP_DIR/vlkb-search/WEB-INF/classes/discovery.properties
# use the same DB for authz permissions (ObsCore with extensions)
cp $WEBAPP_DIR/vlkb-search/WEB-INF/classes/discovery.properties $WEBAPP_DIR/vlkb-search/WEB-INF/classes/authpolicy.properties
+
+ if test -n "$RESPONSE_FORMAT"
+ then
+ echo "default_response_format=$RESPONSE_FORMAT" >> $WEBAPP_DIR/vlkb-search/WEB-INF/classes/discovery.properties
+ fi
+
+
+
+
fi
## configure VLKB access
-if test -n "$ACCESS_CONTEXT_ROOT"
-then
+#if test -n "$ACCESS_CONTEXT_ROOT"
+#then
- if test -n "$SECURITY"
- then
- cd $WEBAPP_DIR/vlkb-cutout/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
- fi
+# if test -n "$SECURITY"
+# then
+# cd $WEBAPP_DIR/vlkb-cutout/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
+# fi
# cp $CONFIG_DIR/{auth.properties,neatoken.properties} $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/
#echo "<Context docBase=\"$WEBAPP_DIR/vlkb-cutout\"/>" > /var/lib/tomcat9/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml
- cp $WEBAPP_DIR/vlkb-cutout/META-INF/context.xml /var/lib/tomcat9/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml
- echo "db_uri=$DISCOVERY_DB_URI" > $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
- echo "db_schema=datasets" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
- echo "db_user_name=$DB_USERNAME" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
- echo "db_password=$DB_PASSWORD" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
-
-
- echo "fits_path_surveys=/srv/surveys" > $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "fits_path_cutouts=/srv/cutouts" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- if test -f /srv/surveys/survey_populate.csv
- then
- echo "surveys_metadata_abs_pathname=/srv/surveys/survey_populate.csv" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "fits_url_cutouts=$URL_CUTOUTS" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- fi
- if test -n "$RESPONSE_FORMAT"
- then
- echo "default_response_format=$RESPONSE_FORMAT" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- fi
-
- case $RESPONSE_FORMAT in application/vlkb*)
- echo "default_sky_system=GALACTIC" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "default_spec_system=VELO_LSRK" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "show_duration=yes" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- esac
+# cp $WEBAPP_DIR/vlkb-cutout/META-INF/context.xml /var/lib/tomcat9/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml
+# echo "db_uri=$DISCOVERY_DB_URI" > $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
+# echo "db_schema=datasets" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
+# echo "db_user_name=$DB_USERNAME" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
+# echo "db_password=$DB_PASSWORD" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/authpolicy.properties
+
+
+# echo "fits_path_surveys=/srv/surveys" > $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "fits_path_cutouts=/srv/cutouts" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# if test -f /srv/surveys/survey_populate.csv
+# then
+# echo "surveys_metadata_abs_pathname=/srv/surveys/survey_populate.csv" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "fits_url_cutouts=$URL_CUTOUTS" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# fi
+# if test -n "$RESPONSE_FORMAT"
+# then
+# echo "default_response_format=$RESPONSE_FORMAT" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# fi
+
+# case $RESPONSE_FORMAT in application/vlkb*)
+# echo "default_sky_system=GALACTIC" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "default_spec_system=VELO_LSRK" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "show_duration=yes" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# esac
# for resolver (id & extraCards)
- echo "db_uri=$DISCOVERY_DB_URI" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "db_schema=datasets" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "db_user_name=$DB_USERNAME" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "db_password=$DB_PASSWORD" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
-
- echo "amqp_host_name=localhost" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "amqp_port=5672" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
- echo "amqp_routing_key=$QUEUE_NAME" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
-
- case $RESPONSE_FORMAT in application/vlkb*)
- service rabbitmq-server start
- $INST_DIR/bin/vlkbd_exec.sh localhost $QUEUE_NAME $INST_DIR/etc/vlkbd/datasets.conf
- esac
-fi
+# echo "db_uri=$DISCOVERY_DB_URI" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "db_schema=datasets" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "db_user_name=$DB_USERNAME" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "db_password=$DB_PASSWORD" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+
+# echo "amqp_host_name=localhost" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "amqp_port=5672" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+# echo "amqp_routing_key=$QUEUE_NAME" >> $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/datasets.conf
+
+# case $RESPONSE_FORMAT in application/vlkb*)
+# service rabbitmq-server start
+# $INST_DIR/bin/vlkbd_exec.sh localhost $QUEUE_NAME $INST_DIR/etc/vlkbd/datasets.conf
+# esac
+#fi
@@ -126,14 +135,14 @@ case $SECURITY in
cp /root/ssl/server-connector-8443.xml /etc/tomcat9/server-connector-8443.xml
# map volume instead of this: cp -r ssl/SECTIGO /etc/pki/tls/
rm /webapps/vlkb-search/WEB-INF/lib/jjwt-*0.12*.jar
- rm /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.12*.jar
+# rm /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.12*.jar
;;
iamtoken)
#cp ssl/server-connector-8443.xml-keystore-self-signed /etc/tomcat9/server-connector-8443.xml
cp /root/ssl/server-connector-8443.xml /etc/tomcat9/server-connector-8443.xml
# map volume somedir:/etc/pki/tls with somedir/{keystore.jks,SECTIGO/*} XXX cp ssl/keystore.jks /etc/pki/tls/
rm /webapps/vlkb-search/WEB-INF/lib/jjwt-*0.11*.jar
- rm /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.11*.jar
+# rm /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.11*.jar
;;
*)
echo "Security not configured, runs open."
@@ -161,7 +170,7 @@ fi
# configure access-token validation
if test -f /srv/surveys/iamtoken.properties
then
- cp /srv/surveys/iamtoken.properties $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/
+# cp /srv/surveys/iamtoken.properties $WEBAPP_DIR/vlkb-cutout/WEB-INF/classes/
cp /srv/surveys/iamtoken.properties $WEBAPP_DIR/vlkb-search/WEB-INF/classes/
fi
diff --git a/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf b/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..2d7b3fd09bb0a24f3f7a1f04af33ee0ec8269d5e
Binary files /dev/null and b/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf differ
diff --git a/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf b/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..c2e26bc3bcf6a7aadf1b8ab23fab0434464168ba
Binary files /dev/null and b/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf differ
diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..cdc5c8deb2b2141a315d28b58e362d658237b0f7
--- /dev/null
+++ b/docker/ssl/Makefile
@@ -0,0 +1,10 @@
+
+
+
+keystore.jks:
+ keytool -genkey -keyalg RSA -noprompt -alias tomcat -dname "CN=localhost, OU=NA, O=NA, L=NA, S=NA, C=NA" -keystore keystore.jks -validity 9999 -storepass tomcatskassl -keypass tomcatskassl
+
+
+showxml:
+ xmlstarlet c14n server.xml
+
diff --git a/docker/ssl/keystore.jks b/docker/ssl/keystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..57c469584925bdc3de5f6919123d67c5a3189560
Binary files /dev/null and b/docker/ssl/keystore.jks differ
diff --git a/docker/ssl/server-connector-8080.xml b/docker/ssl/server-connector-8080.xml
new file mode 100644
index 0000000000000000000000000000000000000000..2917f61d66eeec97c63fd9718c4530337a0a339a
--- /dev/null
+++ b/docker/ssl/server-connector-8080.xml
@@ -0,0 +1,3 @@
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000" />
+
diff --git a/docker/ssl/server-connector-8443.xml b/docker/ssl/server-connector-8443.xml
new file mode 100644
index 0000000000000000000000000000000000000000..1ad61476dbe60e77851fa636d3c40009af30232e
--- /dev/null
+++ b/docker/ssl/server-connector-8443.xml
@@ -0,0 +1,11 @@
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
+ certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
+ certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+
diff --git a/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it b/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
new file mode 100644
index 0000000000000000000000000000000000000000..1ad61476dbe60e77851fa636d3c40009af30232e
--- /dev/null
+++ b/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
@@ -0,0 +1,11 @@
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
+ certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
+ certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+
diff --git a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks b/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks
new file mode 100644
index 0000000000000000000000000000000000000000..02ca4500189bcdf839f61eb03958e8284c4c9205
--- /dev/null
+++ b/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks
@@ -0,0 +1,11 @@
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+ <SSLHostConfig>
+ <Certificate certificateKeyAlias="tomcat"
+ certificateKeystoreFile="/etc/pki/tls/keystore.jks"
+ certificateKeystorePassword="tomcatskassl"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+
diff --git a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG b/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG
new file mode 100644
index 0000000000000000000000000000000000000000..323456aa568ff5e7589dd347879f495d63833b51
--- /dev/null
+++ b/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG
@@ -0,0 +1,11 @@
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+ <SSLHostConfig>
+ <Certificate certificateKeyAlias="tomcat"
+ certificateKeystoreFile="/root/keystore.jks"
+ certificateKeystorePassword="tomcatskassl"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+
diff --git a/docker/ssl/server-connector.xml b/docker/ssl/server-connector.xml
new file mode 100644
index 0000000000000000000000000000000000000000..1ad61476dbe60e77851fa636d3c40009af30232e
--- /dev/null
+++ b/docker/ssl/server-connector.xml
@@ -0,0 +1,11 @@
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
+ certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
+ certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+
diff --git a/docker/ssl/server.xml b/docker/ssl/server.xml
new file mode 100644
index 0000000000000000000000000000000000000000..3ea14238c9561459974a2e3bf1c2c5d4c7730663
--- /dev/null
+++ b/docker/ssl/server.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE server-xml [
+ <!ENTITY connector-config SYSTEM "server-connector.xml">
+]>
+
+<Server port="-1" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <GlobalNamingResources>
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <Service name="Catalina">
+
+ &connector-config;
+
+ <Engine name="Catalina" defaultHost="localhost">
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+ </Host>
+ </Engine>
+ </Service>
+</Server>