diff --git a/fuseki/Dockerfile b/fuseki/Dockerfile index 22c1ee9..b3e0e80 100644 --- a/fuseki/Dockerfile +++ b/fuseki/Dockerfile @@ -1,97 +1,97 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -FROM adoptopenjdk:11-jre-hotspot -MAINTAINER Stian Soiland-Reyes - -ENV LANG C.UTF-8 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - bash curl ca-certificates findutils coreutils gettext pwgen procps tini \ - ; \ - rm -rf /var/lib/apt/lists/* - - -# Update below according to https://jena.apache.org/download/ -# and checksum for apache-jena-fuseki-4.x.x.tar.gz.sha512 -ENV FUSEKI_SHA512 359f8f99c8fa5968c1bdddcc39214db86da822804e3dd5fa182b86daff2d121a85b2102cffec853d9a80ceca7dea8ef65ef875919d653984af9bd297bc740167 -ENV FUSEKI_VERSION 4.2.0 -# No need for https due to sha512 checksums below -ENV ASF_MIRROR http://www.apache.org/dyn/mirrors/mirrors.cgi?action=download&filename= -ENV ASF_ARCHIVE http://archive.apache.org/dist/ - -LABEL org.opencontainers.image.url https://github.com/stain/jena-docker/tree/master/jena-fuseki -LABEL org.opencontainers.image.source https://github.com/stain/jena-docker/ -LABEL org.opencontainers.image.documentation https://jena.apache.org/documentation/fuseki2/ -LABEL org.opencontainers.image.title "Apache Jena Fuseki" -LABEL org.opencontainers.image.description "Fuseki is a SPARQL 1.1 server with a web interface, backed by the Apache Jena TDB RDF triple store." -LABEL org.opencontainers.image.version ${FUSEKI_VERSION} -LABEL org.opencontainers.image.licenses "(Apache-2.0 AND (GPL-2.0 WITH Classpath-exception-2.0) AND GPL-3.0)" -LABEL org.opencontainers.image.authors "Apache Jena Fuseki by https://jena.apache.org/; this image by https://orcid.org/0000-0001-9842-9718" - -# Config and data -ENV FUSEKI_BASE /fuseki - - -# Installation folder -ENV FUSEKI_HOME /jena-fuseki - -WORKDIR /tmp -# published sha512 checksum -RUN echo "$FUSEKI_SHA512 fuseki.tar.gz" > fuseki.tar.gz.sha512 -# Download/check/unpack/move in one go (to reduce image size) -RUN (curl --location --silent --show-error --fail --retry-connrefused --retry 3 --output fuseki.tar.gz ${ASF_MIRROR}jena/binaries/apache-jena-fuseki-$FUSEKI_VERSION.tar.gz || \ - curl --fail --silent --show-error --retry-connrefused --retry 3 --output fuseki.tar.gz $ASF_ARCHIVE/jena/binaries/apache-jena-fuseki-$FUSEKI_VERSION.tar.gz) && \ - sha512sum -c fuseki.tar.gz.sha512 && \ - tar zxf fuseki.tar.gz && \ - mv apache-jena-fuseki* $FUSEKI_HOME && \ - rm fuseki.tar.gz* && \ - cd $FUSEKI_HOME && rm -rf fuseki.war && chmod 755 fuseki-server - -# Test the install by testing it's ping resource. 20s sleep because Docker Hub. -RUN $FUSEKI_HOME/fuseki-server & \ - sleep 20 && \ - curl -sS --fail 'http://localhost:3030/$/ping' - -# No need to kill Fuseki as our shell will exit after curl - -# As "localhost" is often inaccessible within Docker container, -# we'll enable basic-auth with a random admin password -# (which we'll generate on start-up) -COPY shiro.ini $FUSEKI_HOME/shiro.ini -COPY docker-entrypoint.sh / -RUN chmod 755 /docker-entrypoint.sh - - -COPY load.sh $FUSEKI_HOME/ -COPY tdbloader $FUSEKI_HOME/ -COPY tdbloader2 $FUSEKI_HOME/ -RUN chmod 755 $FUSEKI_HOME/load.sh $FUSEKI_HOME/tdbloader $FUSEKI_HOME/tdbloader2 -#VOLUME /staging - - -# Where we start our server from -WORKDIR $FUSEKI_HOME - -# Make sure we start with empty /fuseki -RUN rm -rf $FUSEKI_BASE -VOLUME $FUSEKI_BASE - -EXPOSE 3030 -ENTRYPOINT ["/usr/bin/tini", "--", "/docker-entrypoint.sh"] -CMD ["/jena-fuseki/fuseki-server"] - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +FROM adoptopenjdk:11-jre-hotspot +MAINTAINER Stian Soiland-Reyes + +ENV LANG C.UTF-8 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + bash curl ca-certificates findutils coreutils gettext pwgen procps tini \ + ; \ + rm -rf /var/lib/apt/lists/* + + +# Update below according to https://jena.apache.org/download/ +# and checksum for apache-jena-fuseki-4.x.x.tar.gz.sha512 +ENV FUSEKI_SHA512 359f8f99c8fa5968c1bdddcc39214db86da822804e3dd5fa182b86daff2d121a85b2102cffec853d9a80ceca7dea8ef65ef875919d653984af9bd297bc740167 +ENV FUSEKI_VERSION 4.2.0 +# No need for https due to sha512 checksums below +ENV ASF_MIRROR http://www.apache.org/dyn/mirrors/mirrors.cgi?action=download&filename= +ENV ASF_ARCHIVE http://archive.apache.org/dist/ + +LABEL org.opencontainers.image.url https://github.com/stain/jena-docker/tree/master/jena-fuseki +LABEL org.opencontainers.image.source https://github.com/stain/jena-docker/ +LABEL org.opencontainers.image.documentation https://jena.apache.org/documentation/fuseki2/ +LABEL org.opencontainers.image.title "Apache Jena Fuseki" +LABEL org.opencontainers.image.description "Fuseki is a SPARQL 1.1 server with a web interface, backed by the Apache Jena TDB RDF triple store." +LABEL org.opencontainers.image.version ${FUSEKI_VERSION} +LABEL org.opencontainers.image.licenses "(Apache-2.0 AND (GPL-2.0 WITH Classpath-exception-2.0) AND GPL-3.0)" +LABEL org.opencontainers.image.authors "Apache Jena Fuseki by https://jena.apache.org/; this image by https://orcid.org/0000-0001-9842-9718" + +# Config and data +ENV FUSEKI_BASE /fuseki + + +# Installation folder +ENV FUSEKI_HOME /jena-fuseki + +WORKDIR /tmp +# published sha512 checksum +RUN echo "$FUSEKI_SHA512 fuseki.tar.gz" > fuseki.tar.gz.sha512 +# Download/check/unpack/move in one go (to reduce image size) +RUN (curl --location --silent --show-error --fail --retry-connrefused --retry 3 --output fuseki.tar.gz ${ASF_MIRROR}jena/binaries/apache-jena-fuseki-$FUSEKI_VERSION.tar.gz || \ + curl --fail --silent --show-error --retry-connrefused --retry 3 --output fuseki.tar.gz $ASF_ARCHIVE/jena/binaries/apache-jena-fuseki-$FUSEKI_VERSION.tar.gz) && \ + sha512sum -c fuseki.tar.gz.sha512 && \ + tar zxf fuseki.tar.gz && \ + mv apache-jena-fuseki* $FUSEKI_HOME && \ + rm fuseki.tar.gz* && \ + cd $FUSEKI_HOME && rm -rf fuseki.war && chmod 755 fuseki-server + +# Test the install by testing it's ping resource. 20s sleep because Docker Hub. +RUN $FUSEKI_HOME/fuseki-server & \ + sleep 20 && \ + curl -sS --fail 'http://localhost:3030/$/ping' + +# No need to kill Fuseki as our shell will exit after curl + +# As "localhost" is often inaccessible within Docker container, +# we'll enable basic-auth with a random admin password +# (which we'll generate on start-up) +COPY shiro.ini $FUSEKI_HOME/shiro.ini +COPY docker-entrypoint.sh / +RUN chmod 755 /docker-entrypoint.sh + + +COPY load.sh $FUSEKI_HOME/ +COPY tdbloader $FUSEKI_HOME/ +COPY tdbloader2 $FUSEKI_HOME/ +RUN chmod 755 $FUSEKI_HOME/load.sh $FUSEKI_HOME/tdbloader $FUSEKI_HOME/tdbloader2 +#VOLUME /staging + + +# Where we start our server from +WORKDIR $FUSEKI_HOME + +# Make sure we start with empty /fuseki +RUN rm -rf $FUSEKI_BASE +VOLUME $FUSEKI_BASE + +EXPOSE 3030 +ENTRYPOINT ["/usr/bin/tini", "--", "/docker-entrypoint.sh"] +CMD ["/jena-fuseki/fuseki-server"] + diff --git a/fuseki/docker-compose.yml b/fuseki/docker-compose.yml index 9e7ca87..d6e0f1c 100644 --- a/fuseki/docker-compose.yml +++ b/fuseki/docker-compose.yml @@ -1,13 +1,13 @@ -version: '3' - -services: - fuseki: - image: fuseki-server:4.2.0 - build: . - container_name: fuseki-docker - restart: unless-stopped - volumes: - - ./data:/mnt/apache-fuseki - ports: - - 3030:3030 - +version: '3' + +services: + fuseki: + image: fuseki-server:4.2.0 + build: . + container_name: fuseki-docker + restart: unless-stopped + volumes: + - ./data:/mnt/apache-fuseki + ports: + - 3030:3030 + diff --git a/fuseki/docker-entrypoint.sh b/fuseki/docker-entrypoint.sh index 80bdb19..2866f65 100644 --- a/fuseki/docker-entrypoint.sh +++ b/fuseki/docker-entrypoint.sh @@ -1,75 +1,75 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -if [ ! -f "$FUSEKI_BASE/shiro.ini" ] ; then - # First time - echo "###################################" - echo "Initializing Apache Jena Fuseki" - echo "" - cp "$FUSEKI_HOME/shiro.ini" "$FUSEKI_BASE/shiro.ini" - if [ -z "$ADMIN_PASSWORD" ] ; then - ADMIN_PASSWORD=$(pwgen -s 15) - echo "Randomly generated admin password:" - echo "" - echo "admin=$ADMIN_PASSWORD" - fi - echo "" - echo "###################################" -fi - -if [ -d "/fuseki-extra" ] && [ ! -d "$FUSEKI_BASE/extra" ] ; then - ln -s "/fuseki-extra" "$FUSEKI_BASE/extra" -fi - -# $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD} -# is in shiro.ini -if [ -n "$ADMIN_PASSWORD" ] ; then - export ADMIN_PASSWORD - envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \ - mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini" - unset ADMIN_PASSWORD # Don't keep it in memory - export ADMIN_PASSWORD -fi - -# fork -exec "$@" & - -TDB_VERSION='' -if [ ! -z ${TDB+x} ] && [ "${TDB}" = "2" ] ; then - TDB_VERSION='tdb2' -else - TDB_VERSION='tdb' -fi - -# Wait until server is up -while [[ $(curl -I http://localhost:3030 2>/dev/null | head -n 1 | cut -d$' ' -f2) != '200' ]]; do - sleep 1s -done - -# Convert env to datasets -printenv | egrep "^FUSEKI_DATASET_" | while read env_var -do - dataset=$(echo $env_var | egrep -o "=.*$" | sed 's/^=//g') - curl -s 'http://localhost:3030/$/datasets'\ - -H "Authorization: Basic $(echo -n admin:${ADMIN_PASSWORD} | base64)" \ - -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'\ - --data "dbName=${dataset}&dbType=${TDB_VERSION}" -done - -# rejoin our exec -wait +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +if [ ! -f "$FUSEKI_BASE/shiro.ini" ] ; then + # First time + echo "###################################" + echo "Initializing Apache Jena Fuseki" + echo "" + cp "$FUSEKI_HOME/shiro.ini" "$FUSEKI_BASE/shiro.ini" + if [ -z "$ADMIN_PASSWORD" ] ; then + ADMIN_PASSWORD=$(pwgen -s 15) + echo "Randomly generated admin password:" + echo "" + echo "admin=$ADMIN_PASSWORD" + fi + echo "" + echo "###################################" +fi + +if [ -d "/fuseki-extra" ] && [ ! -d "$FUSEKI_BASE/extra" ] ; then + ln -s "/fuseki-extra" "$FUSEKI_BASE/extra" +fi + +# $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD} +# is in shiro.ini +if [ -n "$ADMIN_PASSWORD" ] ; then + export ADMIN_PASSWORD + envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \ + mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini" + unset ADMIN_PASSWORD # Don't keep it in memory + export ADMIN_PASSWORD +fi + +# fork +exec "$@" & + +TDB_VERSION='' +if [ ! -z ${TDB+x} ] && [ "${TDB}" = "2" ] ; then + TDB_VERSION='tdb2' +else + TDB_VERSION='tdb' +fi + +# Wait until server is up +while [[ $(curl -I http://localhost:3030 2>/dev/null | head -n 1 | cut -d$' ' -f2) != '200' ]]; do + sleep 1s +done + +# Convert env to datasets +printenv | egrep "^FUSEKI_DATASET_" | while read env_var +do + dataset=$(echo $env_var | egrep -o "=.*$" | sed 's/^=//g') + curl -s 'http://localhost:3030/$/datasets'\ + -H "Authorization: Basic $(echo -n admin:${ADMIN_PASSWORD} | base64)" \ + -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'\ + --data "dbName=${dataset}&dbType=${TDB_VERSION}" +done + +# rejoin our exec +wait diff --git a/fuseki/load.sh b/fuseki/load.sh index e69de29..f48991a 100644 --- a/fuseki/load.sh +++ b/fuseki/load.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +extensions="rdf ttl owl nt nquads" +PATTERNS="" +for e in $extensions ; do + PATTERNS="$PATTERNS *.$e *.$e.gz" +done + +if [ $# -eq 0 ] ; then + echo "$0 [DB] [PATTERN ...]" + echo "Load one or more RDF files into Jena Fuseki TDB database DB." + echo "" + echo "Current directory is assumed to be /staging" + echo "" + echo 'PATTERNs can be a filename or a shell glob pattern like *ttl' + echo "" + echo "If no PATTERN are given, the default patterns are searched:" + echo "$PATTERNS" + echo "" + echo "Set the environment variable TDBLOADER_OPTS for any additional" + echo "options to pass to tdbloader, e.g. --graph=https://example.org/graph#name + exit 0 +fi + +cd /staging 2>/dev/null || echo "/staging not found" >&2 +echo "Current directory:" $(pwd) + +DB=$1 +shift + +if [ $# -eq 0 ] ; then + patterns="$PATTERNS" +else + patterns="$@" +fi + +files="" +for f in $patterns; do + if [ -f $f ] ; then + files="$files $f" + else + if [ $# -gt 0 ] ; then + # User-specified file/pattern missing + echo "WARNING: Not found: $f" >&2 + fi + fi +done + +if [ "$files" == "" ] ; then + echo "No files found for: " >&2 + echo "$patterns" >&2 + exit 1 +fi + +echo "#########" +echo "Loading to Fuseki TDB database $DB:" +echo "" +echo $files +echo "#########" + +exec $FUSEKI_HOME/tdbloader $TDBLOADER_OPTS --loc=$FUSEKI_BASE/databases/$DB $files diff --git a/fuseki/shiro.ini b/fuseki/shiro.ini index dd11997..d06a2b3 100644 --- a/fuseki/shiro.ini +++ b/fuseki/shiro.ini @@ -1,57 +1,57 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -[main] -# Development -ssl.enabled = false - -plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher -#iniRealm=org.apache.shiro.realm.text.IniRealm -iniRealm.credentialsMatcher = $plainMatcher - -#localhost=org.apache.jena.fuseki.authz.LocalhostFilter - -[users] -# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm" -# The admin password will be replaced by value of ADMIN_PASSWORD -# variable by docker-entrypoint.sh on FIRST start up. -admin=${ADMIN_PASSWORD} - -[roles] - -[urls] -## Control functions open to anyone -/$/status = anon -/$/ping = anon - -## and the rest are restricted -/$/** = authcBasic,user[admin] - -## Sparql update is restricted -/*/update/** = authcBasic,user[admin] - - -## If you want simple, basic authentication user/password -## on the operations, -## 1 - set a password in [users] -## 2 - change the line above to: -## /$/** = authcBasic,user[admin] -## and set a better - -## or to allow any access. -##/$/** = anon - -# Everything else -/**=anon +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[main] +# Development +ssl.enabled = false + +plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher +#iniRealm=org.apache.shiro.realm.text.IniRealm +iniRealm.credentialsMatcher = $plainMatcher + +#localhost=org.apache.jena.fuseki.authz.LocalhostFilter + +[users] +# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm" +# The admin password will be replaced by value of ADMIN_PASSWORD +# variable by docker-entrypoint.sh on FIRST start up. +admin=${ADMIN_PASSWORD} + +[roles] + +[urls] +## Control functions open to anyone +/$/status = anon +/$/ping = anon + +## and the rest are restricted +/$/** = authcBasic,user[admin] + +## Sparql update is restricted +/*/update/** = authcBasic,user[admin] + + +## If you want simple, basic authentication user/password +## on the operations, +## 1 - set a password in [users] +## 2 - change the line above to: +## /$/** = authcBasic,user[admin] +## and set a better + +## or to allow any access. +##/$/** = anon + +# Everything else +/**=anon