From c134e5b160756bd9229da24e3d256c158693f051 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 17:47:14 +0200 Subject: [PATCH 01/14] UPD k8s development values - Update k8s development values to follow latest changes in charts. --- docs/k8s/cloud-development-values.yaml | 3 ++- docs/k8s/local-development-values.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/k8s/cloud-development-values.yaml b/docs/k8s/cloud-development-values.yaml index 36ca585a..71ea9662 100644 --- a/docs/k8s/cloud-development-values.yaml +++ b/docs/k8s/cloud-development-values.yaml @@ -70,7 +70,8 @@ cloudSymmetric: dbUser: cloudsymmetric dbPassword: symmetric dbRole: clouddiscoveryservice - cloudSymmetricHost: cloudsymmetric.cloud.svc.cluster.local + cloudSymmetricProtocol: http + cloudSymmetricPublicHost: cloudsymmetric.cloud.svc.cluster.local nodePassword: jtpmff6bfm9lm51vykn3hz8dor053833 localNodes: - id: 2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa diff --git a/docs/k8s/local-development-values.yaml b/docs/k8s/local-development-values.yaml index 0695b206..a220e09e 100644 --- a/docs/k8s/local-development-values.yaml +++ b/docs/k8s/local-development-values.yaml @@ -48,4 +48,5 @@ localSymmetric: dbUser: localsymmetric dbPassword: symmetric dbRole: localdiscoveryservice - cloudSymmetricHost: cloudsymmetric.cloud.svc.cluster.local + cloudSymmetricProtocol: http + cloudSymmetricPublicHost: cloudsymmetric.cloud.svc.cluster.local From 9c54c59cbb3acf12a4ed8655b7742ad82503ffe2 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 17:51:15 +0200 Subject: [PATCH 02/14] UPD samples for symmetric - There's no need for separate statements. - Adds sql that just cleans symmetric db. --- services/symmetric/samples/clean.sql | 10 ++++++++++ services/symmetric/samples/initial.sql | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100755 services/symmetric/samples/clean.sql mode change 100644 => 100755 services/symmetric/samples/initial.sql diff --git a/services/symmetric/samples/clean.sql b/services/symmetric/samples/clean.sql new file mode 100755 index 00000000..b90476e4 --- /dev/null +++ b/services/symmetric/samples/clean.sql @@ -0,0 +1,10 @@ +delete from sym_trigger_router; +delete from sym_trigger; +delete from sym_router; +delete from sym_channel where channel_id in ('discovery', 'codes'); +delete from sym_node_group_link; +delete from sym_node_group; +delete from sym_node_host; +delete from sym_node_identity; +delete from sym_node_security; +delete from sym_node; diff --git a/services/symmetric/samples/initial.sql b/services/symmetric/samples/initial.sql old mode 100644 new mode 100755 index 520cbab9..dd9a9c60 --- a/services/symmetric/samples/initial.sql +++ b/services/symmetric/samples/initial.sql @@ -1,7 +1,7 @@ delete from sym_trigger_router; delete from sym_trigger; delete from sym_router; -delete from sym_channel where channel_id in ('discovery'); +delete from sym_channel where channel_id in ('discovery', 'codes'); delete from sym_node_group_link; delete from sym_node_group; delete from sym_node_host; From 754843a6332b37cca03fea3fdf7092eeaf51b23d Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 17:53:42 +0200 Subject: [PATCH 03/14] UPD make cert scripts more universal - Updates certs generation scripts to work across systems. Problems were identified when running from windows. --- bin/tls/Makefile | 4 ++-- bin/tls/createCert.sh | 1 - bin/tls/createProfileCert.sh | 4 +--- 3 files changed, 3 insertions(+), 6 deletions(-) mode change 100644 => 100755 bin/tls/Makefile diff --git a/bin/tls/Makefile b/bin/tls/Makefile old mode 100644 new mode 100755 index a361fc2c..8dd5aa6a --- a/bin/tls/Makefile +++ b/bin/tls/Makefile @@ -13,10 +13,10 @@ clean: @find . -type f \( -name '*.pem' -o -name '*.csr' \) -not -name "ca*" -delete ca.pem: - $(DOCKER) ./createCert.sh + $(DOCKER) /bin/bash createCert.sh %.pem: %.json - $(DOCKER) ./createProfileCert.sh $(TYPE) $* + $(DOCKER) /bin/bash createProfileCert.sh $(TYPE) $* certs/%.pem: mkdir -p $(CDIR)/certs diff --git a/bin/tls/createCert.sh b/bin/tls/createCert.sh index 60dbbafe..392e1a87 100755 --- a/bin/tls/createCert.sh +++ b/bin/tls/createCert.sh @@ -1,3 +1,2 @@ #!/bin/bash - cfssl gencert -initca ca-csr.json | cfssljson -bare ca - diff --git a/bin/tls/createProfileCert.sh b/bin/tls/createProfileCert.sh index 4d11f921..4278ee99 100755 --- a/bin/tls/createProfileCert.sh +++ b/bin/tls/createProfileCert.sh @@ -1,4 +1,2 @@ #!/bin/bash - -cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json \ - -profile=$1 $2.json | cfssljson -bare $2 +cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=$1 $2.json | cfssljson -bare $2 From 462abb056a366bad9f511a332ab82457c304b923 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 17:56:35 +0200 Subject: [PATCH 04/14] UPD make local symmetric configurable - Makes local symmetric configurable using environment variables to easily specify configuration when running with docker-compose. --- docker-compose.yml | 6 ++++++ services/symmetric/bin/local.sh | 24 +++++++++++---------- services/symmetric/engines/local.properties | 13 +++++------ 3 files changed, 26 insertions(+), 17 deletions(-) mode change 100644 => 100755 docker-compose.yml mode change 100644 => 100755 services/symmetric/engines/local.properties diff --git a/docker-compose.yml b/docker-compose.yml old mode 100644 new mode 100755 index dfa1bf26..2fa73365 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -322,6 +322,12 @@ services: - ./services/symmetric/samples:/opt/symmetric/samples:ro - ./services/symmetric/bin:/root/bin:ro - ./services/symmetric/log4j.xml:/opt/symmetric/conf/log4j.xml:ro + environment: + - LOCATION_ID=2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa + - DB_URL=jdbc:postgresql://postgres/localdiscovery + - DB_USER=localsymmetric + - DB_PASSWORD=symmetric + - REGISTRATION_URL=http://cloudSymmetric:31415/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 depends_on: - postgres diff --git a/services/symmetric/bin/local.sh b/services/symmetric/bin/local.sh index e80b3e28..edb1b3de 100755 --- a/services/symmetric/bin/local.sh +++ b/services/symmetric/bin/local.sh @@ -2,22 +2,24 @@ SYM_DIR=/opt/symmetric +# Fill-in values in engine file with environment variables +cp /opt/symmetric/enginesTemplates/* /opt/symmetric/engines +sed -i -e "s#^engine.name=local-#engine.name=local-${LOCATION_ID}#" /opt/symmetric/engines/local.properties +sed -i -e "s#^external.id=#external.id=${LOCATION_ID}#" /opt/symmetric/engines/local.properties +sed -i -e "s#^db.url=#db.url=${DB_URL}#" /opt/symmetric/engines/local.properties +sed -i -e "s#^db.user=#db.user=${DB_USER}#" /opt/symmetric/engines/local.properties +sed -i -e "s#^db.password=#db.password=${DB_PASSWORD}#" /opt/symmetric/engines/local.properties +sed -i -e "s#^registration.url=#registration.url=${REGISTRATION_URL}#" /opt/symmetric/engines/local.properties + # Create symmetric tables # (We need to manually create them to be able to insert our own rules in # the next step even though symmetric would create them automatically on # first run) -$SYM_DIR/bin/symadmin --engine local-2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa \ +$SYM_DIR/bin/symadmin --engine local-${LOCATION_ID} \ create-sym-tables -# Register the local node on the cloud node -$SYM_DIR/bin/symadmin open-registration \ - --engine cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 \ - local 2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa - -# Trigger the full reload of the local node -$SYM_DIR/bin/symadmin reload-node \ - --engine cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 \ - 2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa +$SYM_DIR/bin/dbimport --engine local-${LOCATION_ID} \ + $SYM_DIR/samples/clean.sql # Start the tool -$SYM_DIR/bin/sym --engine local-2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa +$SYM_DIR/bin/sym --engine local-${LOCATION_ID} diff --git a/services/symmetric/engines/local.properties b/services/symmetric/engines/local.properties old mode 100644 new mode 100755 index 5d499c16..a536f5e3 --- a/services/symmetric/engines/local.properties +++ b/services/symmetric/engines/local.properties @@ -1,15 +1,16 @@ -engine.name=local-2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa +engine.name=local- db.driver=org.postgresql.Driver -db.url=jdbc:postgresql://postgres/localdiscovery -db.user=localsymmetric -db.password=symmetric +db.url= +db.user= +db.password= db.init.sql=set role localdiscoveryservice -registration.url=http://cloudSymmetric:31415/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 +sync.url= +registration.url= # Do not change these for running the demo group.id=local -external.id=2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa +external.id= # This is how often the routing job will be run in milliseconds job.routing.period.time.ms=5000 From 193c5e581cd9fc7b62d58b290ffb1228d80666e7 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 17:57:36 +0200 Subject: [PATCH 05/14] UPD postgres to make compatible with windows - updates Dockerfile of postgres to make it work as well when running docker toolbox on windows. --- services/postgres/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 services/postgres/Dockerfile diff --git a/services/postgres/Dockerfile b/services/postgres/Dockerfile old mode 100644 new mode 100755 index 283d0f52..9a951a84 --- a/services/postgres/Dockerfile +++ b/services/postgres/Dockerfile @@ -1,5 +1,5 @@ FROM postgres:10.1-alpine -ADD ./bin/tls/ca.pem ./bin/tls/postgres.pem ./bin/tls/postgres-key.pem /certs/ -RUN chown -R postgres:postgres /certs && chmod 0600 /certs/* -CMD ["postgres", "--ssl=true", "--ssl_ca_file=/certs/ca.pem", "--ssl_cert_file=/certs/postgres.pem", "--ssl_key_file=/certs/postgres-key.pem"] +ADD ./bin/tls/ca.pem ./bin/tls/postgres.pem ./bin/tls/postgres-key.pem /ownCerts/ +RUN chown -R postgres:postgres /ownCerts && chmod 0600 /ownCerts/* && chown -R postgres:postgres /ownCerts/* +CMD ["postgres", "--ssl=true", "--ssl_ca_file=/ownCerts/ca.pem", "--ssl_cert_file=/ownCerts/postgres.pem", "--ssl_key_file=/ownCerts/postgres-key.pem"] From ab2260bfe3b50a43fb544410ba8a9808bb18d7d6 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 17:58:37 +0200 Subject: [PATCH 06/14] ADD avahi docker service for mDNS - Adds avahi docker spec to allow for full deployment on windows laptop to be accessible with hostname. --- services/avahi/Dockerfile | 13 +++++++++ services/avahi/avahi-daemon.conf | 48 ++++++++++++++++++++++++++++++++ services/avahi/entrypoint.sh | 13 +++++++++ 3 files changed, 74 insertions(+) create mode 100755 services/avahi/Dockerfile create mode 100755 services/avahi/avahi-daemon.conf create mode 100755 services/avahi/entrypoint.sh diff --git a/services/avahi/Dockerfile b/services/avahi/Dockerfile new file mode 100755 index 00000000..47697b54 --- /dev/null +++ b/services/avahi/Dockerfile @@ -0,0 +1,13 @@ +FROM alpine:3.8 + +ARG AVAHI_VERSION=0.7 +ARG AVAHI_RELEASE=r1 + +RUN env && apk add --no-cache \ + avahi=$AVAHI_VERSION-$AVAHI_RELEASE \ + avahi-tools=$AVAHI_VERSION-$AVAHI_RELEASE + +ADD avahi-daemon.conf /etc/avahi/avahi-daemon.conf +ADD entrypoint.sh /opt/entrypoint.sh + +ENTRYPOINT /opt/entrypoint.sh diff --git a/services/avahi/avahi-daemon.conf b/services/avahi/avahi-daemon.conf new file mode 100755 index 00000000..e4779607 --- /dev/null +++ b/services/avahi/avahi-daemon.conf @@ -0,0 +1,48 @@ +[server] +host-name=iryo +domain-name=local +#browse-domains=0pointer.de, zeroconf.org +use-ipv4=yes +use-ipv6=yes +#allow-interfaces=eth0 +#deny-interfaces=eth1 +#check-response-ttl=no +#use-iff-running=no +enable-dbus=no +#disallow-other-stacks=no +#allow-point-to-point=no +#cache-entries-max=4096 +#clients-max=4096 +#objects-per-client-max=1024 +#entries-per-entry-group-max=32 +ratelimit-interval-usec=1000000 +ratelimit-burst=1000 + +[wide-area] +enable-wide-area=yes + +[publish] +#disable-publishing=yes +#disable-user-service-publishing=no +#add-service-cookie=no +#publish-addresses=yes +#publish-hinfo=no +#publish-workstation=no +#publish-domain=yes +#publish-dns-servers=192.168.50.1, 192.168.50.2 +#publish-resolv-conf-dns-servers=yes +#publish-aaaa-on-ipv4=yes +#publish-a-on-ipv6=no + +[reflector] +#enable-reflector=no +#reflect-ipv=no + +[rlimits] +#rlimit-as= +rlimit-core=0 +rlimit-data=4194304 +rlimit-fsize=0 +rlimit-nofile=768 +rlimit-stack=4194304 +rlimit-nproc=3 \ No newline at end of file diff --git a/services/avahi/entrypoint.sh b/services/avahi/entrypoint.sh new file mode 100755 index 00000000..3db8c760 --- /dev/null +++ b/services/avahi/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +# replace host variables +AVAHI_HOST=${AVAHI_HOST:-"iryo"} +AVAHI_DOMAIN=${AVAHI_DOMAIN:-"local"} +sed -i -e "s/^host-name=.*/host-name=${AVAHI_HOST}/" /etc/avahi/avahi-daemon.conf +sed -i -e "s/^domain-name=.*/domain-name=${AVAHI_DOMAIN}/" /etc/avahi/avahi-daemon.conf + +# remove junk from previous run +rm -r /var/run/avahi-daemon + +avahi-daemon From 9fa379ba65ba9ffae3e759d339fbe1fe6b6d54ac Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Thu, 27 Sep 2018 18:00:35 +0200 Subject: [PATCH 07/14] ADD docs and config for running clinic on windows - Adds preliminary docs and config for running full clinic deployment on Windows. --- docs/windowsClinic.md | 76 ++++++ docs/windowsClinic/Dockerfile.traefik | 4 + docs/windowsClinic/docker-compose.yml | 224 ++++++++++++++++++ docs/windowsClinic/frontendConfig.json | 15 ++ docs/windowsClinic/generateAndImportCerts.ps1 | 48 ++++ .../statusReporterComponents.yml | 24 ++ docs/windowsClinic/traefik.toml | 143 +++++++++++ 7 files changed, 534 insertions(+) create mode 100755 docs/windowsClinic.md create mode 100755 docs/windowsClinic/Dockerfile.traefik create mode 100755 docs/windowsClinic/docker-compose.yml create mode 100755 docs/windowsClinic/frontendConfig.json create mode 100755 docs/windowsClinic/generateAndImportCerts.ps1 create mode 100755 docs/windowsClinic/statusReporterComponents.yml create mode 100755 docs/windowsClinic/traefik.toml diff --git a/docs/windowsClinic.md b/docs/windowsClinic.md new file mode 100755 index 00000000..4fc10f5d --- /dev/null +++ b/docs/windowsClinic.md @@ -0,0 +1,76 @@ +# Running full clinic deployment on Windows + +### Requirements + +Setup was tested on Windows 10 Home Edition. + +## 1. Install Docker Toolbox for Windows. + +* Unless you have them already installed choose to install Virtual Box and Git for Windows. +* Run Docker Toolbox QuickStart Shell to create and setup dockem machine. + +## 2. Checkout IRYO WWM repo. + +Before checkout, while configuring git you should disable auto conversion to CRLF line endings. + +``` +git config --global core.autocrlf false +``` + +## 3. Add IRYO WWM dir to shared folders for docker machine VM. + +Run in powershell (as admin) while being in IRYO WWM dir: + +``` +docker-machine stop +vboxmanage sharedfolder add default --name "iryo" --hostpath "${PWD}" --automount +docker-machine start +``` + +## 4. Generate certificates and import root certificate to Windows root truststore. + +* Enter `docs/windowsClinic` directory in the admin-mode powershell. +* Run `generateAndImportCerts.ps1` script: + +``` +powershell -ExecutionPolicy ByPass -File .\generateAndImportCerts.ps1 +``` + +## 5. Setup location, clinic on cloud and import certificates. + +1. Setup location and clinic on cloud deployment that you intend to connect clinic to. Write down location ID and clinic ID. +2. Configure certificates for authSync, storageSync and batchStorageSync generated in previous step so they will be accepted as valid by `cloudAuth`. + +## 6. Set configuration values. + +1. Edit `frontendConfig.json` to include correct `clinicId` and `locationId`. +2. Set environment variables. You can do it by running following commands in powershell (replace placeholders with correct values!). + +``` +$Env:IRYO_TAG = "v0.4.2" +$Env:CLINIC_ID = "" +$Env:LOCATION_ID = "" +$Env:CLOUD_AUTH_HOST = "" +$Env:CLOUD_STORAGE_HOST = "" +$Env:AUTH_STORAGE_ENCRYPTION_KEY = "" +$Env:SYMMETRIC_REGISTRATION_URL = "" +``` + +`AUTH_STORAGE_ENCRYPTION_KEY` needs to be the same as at your chosen cloud deployment's `cloudAuth`. Otherwise `locatAuth` won't be able to decrypt received auth DB file. + +## 7. Start clinic + +While being in `docs/windowsClinic` run in powershell: + +``` +docker-compose up -d +``` + +Now you should be able to access clinic web interface at `https://iryo.local`. + +## Known issues + +1. `locaNats` often does not start on the first try. When `docker-compose up` is called once again it finally works. The issue needs to be investigated. +2. `localDiscovery` often does not start on the first try due to `postgres` not being online yet. Waiting script needs to be implemented. +3. `localPrometheus` container is forced to run as root as on default it's run as user `nobody` and cannot access data volume. +4. `localPrometheus` expression browser is not easily accessible at the moment. diff --git a/docs/windowsClinic/Dockerfile.traefik b/docs/windowsClinic/Dockerfile.traefik new file mode 100755 index 00000000..a190f395 --- /dev/null +++ b/docs/windowsClinic/Dockerfile.traefik @@ -0,0 +1,4 @@ +FROM traefik:1.4-alpine + +ADD ../../bin/tls/certs /usr/local/share/ca-certificates/ +RUN update-ca-certificates diff --git a/docs/windowsClinic/docker-compose.yml b/docs/windowsClinic/docker-compose.yml new file mode 100755 index 00000000..b69b3946 --- /dev/null +++ b/docs/windowsClinic/docker-compose.yml @@ -0,0 +1,224 @@ +version: "3" +services: + traefik: + build: + context: . + dockerfile: Dockerfile.traefik + image: traefik:1.4-alpine + command: + - --configfile=/etc/traefik.toml + - --debug + volumes: + - /iryo/docs/windowsClinic/traefik.toml:/etc/traefik.toml + - /iryo/bin/tls:/certs + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 80:80 + - 443:443 + - 8080:8080 + + localFrontend: + image: iryo/localfrontend:${IRYO_TAG} + volumes: + - /iryo/docs/windowsClinic/frontendConfig.json:/iryo/config.json:ro + + localAuth: + image: iryo/localauth:${IRYO_TAG} + command: + - ./localAuth + volumes: + - /mnt/sda1/data/localAuth:/data + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /iryo/cmd/localAuth/serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localAuth-key.pem + - CERT_PATH=/certs/localAuth.pem + - AUTH_SYNC_KEY_PATH=/certs/localAuthSync-key.pem + - AUTH_SYNC_CERT_PATH=/certs/localAuthSync.pem + - STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_ENCRYPTION_KEY} + - CLOUD_AUTH_HOST=${CLOUD_AUTH_HOST} + - BOLT_DB_FILEPATH=/data/auth.db + + localStorage: + image: iryo/localstorage:${IRYO_TAG} + command: + - ./localStorage + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localStorage-key.pem + - CERT_PATH=/certs/localStorage.pem + - S3_SECRET=localminio + - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - NATS_SECRET=secret + + localMinio: + image: minio/minio + command: + - server + - /data + environment: + - MINIO_ACCESS_KEY=local + - MINIO_SECRET_KEY=localminio + ports: + - 9000:9000 + volumes: + - /iryo/bin/tls/localMinio-key.pem:/root/.minio/certs/private.key + - /iryo/bin/tls/localMinio.pem:/root/.minio/certs/public.crt + - /mnt/sda1/data/localMinio:/data + + localNats: + image: nats-streaming + ports: + - 4242:4242 + - 8282:8282 + command: + - --stan_config=/etc/nats/config.conf + volumes: + - /iryo/services/localNats/config.conf:/etc/nats/config.conf:ro + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/localNats:/data + + storageSync: + image: iryo/storagesync:${IRYO_TAG} + command: + - ./storageSync + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - KEY_PATH=/certs/storageSync-key.pem + - CERT_PATH=/certs/storageSync.pem + - NATS_SECRET=secret + - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} + + localPrometheus: + image: prom/prometheus + command: + - --config.file=/etc/prometheus/config.yml + - --storage.tsdb.path=/data + user: root:root + volumes: + - /iryo/services/localPrometheus/config.yml:/etc/prometheus/config.yml:ro + - /iryo/services/localPrometheus/rules.yml:/etc/prometheus/rules.yml:ro + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/localPrometheus:/data:rw + + natsStreamingExporter: + image: registry.gitlab.com/civist/nats-streaming-exporter + command: + - /nats-streaming-exporter + - -nats-uri=http://localNats:8282/ + ports: + - 9275:9275 + + batchStorageSync: + image: iryo/batchstoragesync:${IRYO_TAG} + command: + - ./batchStorageSync + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/batchStorageSync:/data + environment: + - KEY_PATH=/certs/batchStorageSync-key.pem + - CERT_PATH=/certs/batchStorageSync.pem + - BOLT_DB_FILEPATH=/batchStorageSync.db + - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} + + localPrometheusPushGateway: + image: prom/pushgateway + + waitlist: + image: iryo/waitlist:${IRYO_TAG} + command: + - ./waitlist + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/waitlist:/data + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/waitlist-key.pem + - CERT_PATH=/certs/waitlist.pem + - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - BOLT_DB_FILEPATH=/data/waitlist.db + + localStatusReporter: + image: iryo/localstatusreporter:${IRYO_TAG} + command: + - ./localStatusReporter + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /iryo/docs/windowsClinic/statusReporterComponents.yml:/components.yml:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=$CLINIC_ID} + - KEY_PATH=/certs/localStatusReporter-key.pem + - CERT_PATH=/certs/localStatusReporter.pem + + postgres: + build: + context: ../../ + dockerfile: services/postgres/Dockerfile + volumes: + - /iryo/services/postgres:/docker-entrypoint-initdb.d + - /iryo/bin/tls:/certs:ro + ports: + - 5432:5432 + environment: + - POSTGRES_USER=root + - POSTGRES_PASSWORD=root + + localDiscovery: + image: iryo/localdiscovery:${IRYO_TAG} + command: + - ./localDiscovery + volumes: + - /mnt/sda1/data/localDiscovery:/var/data + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localDiscovery-key.pem + - CERT_PATH=/certs/localDiscovery.pem + - DB_USERNAME=localdiscovery + - DB_PASSWORD=localdiscovery + depends_on: + - postgres + + localSymmetric: + image: iryo/symmetric + command: + - bash + - /opt/symmetric/local/local.sh + volumes: + - /iryo/services/symmetric/engines:/opt/symmetric/enginesTemplates:ro + - /iryo/services/symmetric/samples:/opt/symmetric/samples:ro + - /iryo/services/symmetric/bin:/opt/symmetric/local:ro + environment: + - LOCATION_ID=${LOCATION_ID} + - DB_URL=jdbc:postgresql://postgres/localdiscovery + - DB_USER=localsymmetric + - DB_PASSWORD=symmetric + - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} + depends_on: + - postgres + + avahi: + image: iryo/avahi + network_mode: host + environment: + - AVAHI_HOST=iryo + - AVAHI_DOMAIN=local diff --git a/docs/windowsClinic/frontendConfig.json b/docs/windowsClinic/frontendConfig.json new file mode 100755 index 00000000..c36f4169 --- /dev/null +++ b/docs/windowsClinic/frontendConfig.json @@ -0,0 +1,15 @@ +{ + "locale": "en", + "baseUrl": "https://iryo.local", + "apiUrl": "https://iryo.local/api/v1", + "clinicId": "bb5841f1-e37f-49aa-ad6f-dd0cdcfa0ead", + "locationId": "10f99d96-af0c-424c-ad56-10a7e1a43b5c", + "babyMaxAge": 1, + "childMaxAge": 7, + "waitlistId": "22afd921-0630-49f4-89a8-d1ad7639ee83", + "advancedRoleIDs": [ + "338fae76-9859-4803-8441-c5c441319cfd", + "d91ff466-125b-4250-9dde-bbc282489430", + "3720198b-74ed-40de-a45e-8756f22e67d2" + ] +} diff --git a/docs/windowsClinic/generateAndImportCerts.ps1 b/docs/windowsClinic/generateAndImportCerts.ps1 new file mode 100755 index 00000000..6fd03891 --- /dev/null +++ b/docs/windowsClinic/generateAndImportCerts.ps1 @@ -0,0 +1,48 @@ +Write-Output "Generating certificate for local CA..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createCert.sh + +Write-Output "Generating certificate for localMinio..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localMinio + +Write-Output "Generating certificate for localNats..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localNats + +Write-Output "Generating certificate for localStatusReporter..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localStatusReporter + +Write-Output "Generating certificate for postgres..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server postgres + +Write-Output "Generating certificate for localAuth..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localAuth + +Write-Output "Generating certificate for traefik..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer traefik + +Write-Output "Generating certificate for localStorage..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localStorage + +Write-Output "Generating certificate for waitlist..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer waitlist + +Write-Output "Generating certificate for storageSync..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer storageSync + +Write-Output "Generating certificate for localDiscovery..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localDiscovery + +Write-Output "Generating certificate for localAuthSync..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh client localAuthSync + +Write-Output "Generating certificate for localNatsStreaming..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localNatsStreaming + +Write-Output "Generating certificate for localPrometheus..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localPrometheus + +Write-Output "Generating certificate for batchStorageSync..." +docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer batchStorageSync + +cp ../../bin/tls/*.pem ../../bin/tls/certs/ + +Import-Certificate -Filepath ../../bin/tls/ca.pem -CertStoreLocation cert:\CurrentUser\Root diff --git a/docs/windowsClinic/statusReporterComponents.yml b/docs/windowsClinic/statusReporterComponents.yml new file mode 100755 index 00000000..2608a843 --- /dev/null +++ b/docs/windowsClinic/statusReporterComponents.yml @@ -0,0 +1,24 @@ +Local: + storage: + urlType: Internal + url: https://localStorage:4433/status + auth: + urlType: Internal + url: https://localAuth:4433/status + discovery: + urlType: Internal + url: https://localDiscovery:4433/status + waitlist: + urlType: Internal + url: https://waitlist:4433/status +Cloud: + cloud: + urlType: Internal + url: https://cloud.stg.iryo.io/api/v1/status +External: + Lebanese National News Agency: + urlType: External + url: http://nna-leb.gov.lb + Google: + urlType: External + url: https://www.google.com diff --git a/docs/windowsClinic/traefik.toml b/docs/windowsClinic/traefik.toml new file mode 100755 index 00000000..2d970a32 --- /dev/null +++ b/docs/windowsClinic/traefik.toml @@ -0,0 +1,143 @@ +defaultEntryPoints = ["http","https"] +RootCAs = [ "/certs/ca.pem" ] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + [[entryPoints.https.tls.certificates]] + CertFile = "/certs/traefik.pem" + KeyFile = "/certs/traefik-key.pem" + +[web] +address = ":8080" + +[file] + +[backends] + [backends.localfrontend] + [backends.localfrontend.servers.server1] + url = "http://localFrontend" + + [backends.localauth] + [backends.localauth.servers.server1] + url = "https://localAuth" + + [backends.localauthMetrics] + [backends.localauthMetrics.servers.server1] + url = "http://localAuth:9090" + + [backends.localauthStatus] + [backends.localauthStatus.servers.server1] + url = "http://localAuth:4433" + + [backends.localstorage] + [backends.localstorage.servers.server1] + url = "https://localStorage" + + [backends.localstorageMetrics] + [backends.localstorageMetrics.servers.server1] + url = "http://localStorage:9090" + + [backends.localstorageStatus] + [backends.localstorageStatus.servers.server1] + url = "https://localStorage:4433" + + [backends.waitlist] + [backends.waitlist.servers.server1] + url = "https://waitlist" + + [backends.waitlistMetrics] + [backends.waitlistMetrics.servers.server1] + url = "https://waitlist:9090" + + [backends.waitlistStatus] + [backends.waitlistStatus.servers.server1] + url = "https://waitlist:4433" + + [backends.localMinio] + [backends.localMinio.servers.server1] + url = "https://localMinio:9000" + + [backends.cloudstorage] + [backends.cloudstorage.servers.server1] + url = "https://cloudStorage" + + [backends.localNats] + [backends.localNats.servers.server1] + url = "http://localNats:4242" + + [backends.localNatsMonitor] + [backends.localNatsMonitor.servers.server1] + url = "http://localNats:8282" + + [backends.localPrometheus] + [backends.localPrometheus.servers.server1] + url = "http://localPrometheus:9090" + + [backends.natsStreamingMetricsExporter] + [backends.natsStreamingMetricsExporter.servers.server1] + url = "http://natsStreamingExporter:9275" + + [backends.storagesyncMetrics] + [backends.storagesyncMetrics.servers.server1] + url = "http://storageSync:9090" + + [backends.storagesyncStatus] + [backends.storagesyncStatus.servers.server1] + url = "http://storageSync:4433" + + [backends.localPrometheusPushGateway] + [backends.localPrometheusPushGateway.servers.server1] + url = "http://localPrometheusPushGateway:9091" + + [backends.localStatusReporter] + [backends.localStatusReporter.servers.server1] + url = "https://localStatusReporter" + + [backends.localStatusReporterMetrics] + [backends.localStatusReporterMetrics.servers.server1] + url = "http://localStatusReporterMetrics:9090" + + [backends.localdiscovery] + [backends.localdiscovery.servers.server1] + url = "https://localDiscovery" + + [backends.localdiscoveryMetrics] + [backends.localdiscoveryMetrics.servers.server1] + url = "https://localDiscovery:9090" + +[frontends] + [frontends.localauth] + backend = "localauth" + [frontends.localauth.routes.route1] + rule = "Host:iryo.local;PathPrefixStrip:/api/v1/auth;AddPrefix:/auth" + + [frontends.localstorage] + backend = "localstorage" + [frontends.localstorage.routes.route1] + rule = "Host:iryo.local;PathPrefixStrip:/api/v1/storage;AddPrefix:/storage" + + [frontends.waitlist] + backend = "waitlist" + [frontends.waitlist.routes.route1] + rule = "Host:iryo.local;PathPrefixStrip:/api/v1/waitlist;AddPrefix:/waitlist" + + [frontends.localStatus] + backend = "localStatusReporter" + [frontends.localStatus.routes.route1] + rule = "Host:iryo.local;PathPrefixStrip:/api/v1/status;AddPrefix:/status" + + [frontends.localdiscovery] + backend = "localdiscovery" + [frontends.localdiscovery.routes.route1] + rule = "Host:iryo.local;PathPrefixStrip:/api/v1/discovery;AddPrefix:/discovery" + + [frontends.localfrontend] + backend = "localfrontend" + [frontends.localfrontend.routes.route1] + rule = "Host:iryo.local" From f4c4e6533fc35933caf78bae277930f2e5798cc3 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Tue, 16 Oct 2018 13:14:52 +0200 Subject: [PATCH 08/14] ADD windows 10 pro clinic docs and config --- docs/windowsClinic.md | 88 ++++---- docs/windowsClinic/frontendConfig.json | 10 +- docs/windowsClinic/home/.env | 8 + docs/windowsClinic/home/docker-compose.yml | 224 +++++++++++++++++++++ docs/windowsClinic/pro/.env | 8 + docs/windowsClinic/pro/docker-compose.yml | 224 +++++++++++++++++++++ 6 files changed, 517 insertions(+), 45 deletions(-) create mode 100644 docs/windowsClinic/home/.env create mode 100755 docs/windowsClinic/home/docker-compose.yml create mode 100644 docs/windowsClinic/pro/.env create mode 100755 docs/windowsClinic/pro/docker-compose.yml diff --git a/docs/windowsClinic.md b/docs/windowsClinic.md index 4fc10f5d..e3116792 100755 --- a/docs/windowsClinic.md +++ b/docs/windowsClinic.md @@ -2,32 +2,47 @@ ### Requirements -Setup was tested on Windows 10 Home Edition. +Setup was tested on Windows 10 Home & Pro Editions. -## 1. Install Docker Toolbox for Windows. +## 1. Initial setup. -* Unless you have them already installed choose to install Virtual Box and Git for Windows. -* Run Docker Toolbox QuickStart Shell to create and setup dockem machine. +### Windows 10 Pro -## 2. Checkout IRYO WWM repo. +* Install Git for Windows to be able to checkout the project. +* Install and setup Docker for Windows. Choose default options to use Linux Containers on Windows. +* Install Bonjour for Windows to get support for mDNS. + * The easiest way to get latest Bonjour for Windows is to install iTunes. It is possible to extract Bonjour-only _\*.msi_ installer by unzipping iTunes installer file. +* Checkout IRYO WWM repo: + Before checkout, while configuring git you should disable auto conversion to CRLF line endings. -Before checkout, while configuring git you should disable auto conversion to CRLF line endings. + ``` + git config --global core.autocrlf false + ``` -``` -git config --global core.autocrlf false -``` +### Windows 10 Home -## 3. Add IRYO WWM dir to shared folders for docker machine VM. +* Download Docker Toolbox for Windows. +* Unless you have them already installed choose to install Virtual Box and Git for Windows. +* Run Docker Toolbox QuickStart Shell to create and setup docker machine. +* Install Bonjour for Windows to get support for mDNS. + * The easiest way to get latest Bonjour for Windows is to install iTunes. It is possible to extract Bonjour-only _\*.msi_ installer by unzipping iTunes installer file. +* Checkout IRYO WWM repo: + Before checkout, while configuring git you should disable auto conversion to CRLF line endings. -Run in powershell (as admin) while being in IRYO WWM dir: + ``` + git config --global core.autocrlf false + ``` -``` -docker-machine stop -vboxmanage sharedfolder add default --name "iryo" --hostpath "${PWD}" --automount -docker-machine start -``` +* Add IRYO WWM dir to shared folders for docker machine VM. + Run following commands in powershell (as admin) while being in IRYO WWM dir: + + ``` + docker-machine stop + vboxmanage sharedfolder add default --name "iryo" --hostpath "${PWD}" --automount + docker-machine start + ``` -## 4. Generate certificates and import root certificate to Windows root truststore. +## 2. Generate certificates and import root certificate to Windows root truststore. * Enter `docs/windowsClinic` directory in the admin-mode powershell. * Run `generateAndImportCerts.ps1` script: @@ -36,31 +51,21 @@ docker-machine start powershell -ExecutionPolicy ByPass -File .\generateAndImportCerts.ps1 ``` -## 5. Setup location, clinic on cloud and import certificates. +## 3. Setup location, clinic on cloud and import certificates. 1. Setup location and clinic on cloud deployment that you intend to connect clinic to. Write down location ID and clinic ID. 2. Configure certificates for authSync, storageSync and batchStorageSync generated in previous step so they will be accepted as valid by `cloudAuth`. -## 6. Set configuration values. +## 4. Set configuration values. 1. Edit `frontendConfig.json` to include correct `clinicId` and `locationId`. -2. Set environment variables. You can do it by running following commands in powershell (replace placeholders with correct values!). +2. Edit `.env` environment variables file for `docker-compose` it's included together with `docker-compose` in folders speciifc for Windows edition. + The .env files contain on default values for test Windows deployment connecting to staging environment. + The only value not set-up at all is `AUTH_STORAGE_ENCRYPTION_KEY` that needs to be the same as at your chosen cloud deployment's `cloudAuth`. Otherwise `locatAuth` won't be able to decrypt received auth DB file. -``` -$Env:IRYO_TAG = "v0.4.2" -$Env:CLINIC_ID = "" -$Env:LOCATION_ID = "" -$Env:CLOUD_AUTH_HOST = "" -$Env:CLOUD_STORAGE_HOST = "" -$Env:AUTH_STORAGE_ENCRYPTION_KEY = "" -$Env:SYMMETRIC_REGISTRATION_URL = "" -``` - -`AUTH_STORAGE_ENCRYPTION_KEY` needs to be the same as at your chosen cloud deployment's `cloudAuth`. Otherwise `locatAuth` won't be able to decrypt received auth DB file. - -## 7. Start clinic +## 6. Start clinic -While being in `docs/windowsClinic` run in powershell: +While being in `docs/windowsClinic/home` (for Windows 10 Home) or `docs/windowsClinic/home` (for Windows 10 Pro) run in powershell: ``` docker-compose up -d @@ -70,7 +75,14 @@ Now you should be able to access clinic web interface at `https://iryo.local`. ## Known issues -1. `locaNats` often does not start on the first try. When `docker-compose up` is called once again it finally works. The issue needs to be investigated. -2. `localDiscovery` often does not start on the first try due to `postgres` not being online yet. Waiting script needs to be implemented. -3. `localPrometheus` container is forced to run as root as on default it's run as user `nobody` and cannot access data volume. -4. `localPrometheus` expression browser is not easily accessible at the moment. +### Windows 10 Pro + +1. Clinic site is not accessible from Microsoft Edge browser. + +### Windows 10 Home + +1. Clinic site is not accessible from Microsoft Edge browser. +2. `locaNats` often does not start on the first try. When `docker-compose up` is called once again it finally works. The issue needs to be investigated. +3. `localDiscovery` often does not start on the first try due to `postgres` not being online yet. Waiting script needs to be implemented. +4. `localPrometheus` container is forced to run as root as on default it's run as user `nobody` and cannot access data volume. +5. `localPrometheus` expression browser is not easily accessible at the moment. diff --git a/docs/windowsClinic/frontendConfig.json b/docs/windowsClinic/frontendConfig.json index c36f4169..bf35eee5 100755 --- a/docs/windowsClinic/frontendConfig.json +++ b/docs/windowsClinic/frontendConfig.json @@ -2,14 +2,10 @@ "locale": "en", "baseUrl": "https://iryo.local", "apiUrl": "https://iryo.local/api/v1", - "clinicId": "bb5841f1-e37f-49aa-ad6f-dd0cdcfa0ead", - "locationId": "10f99d96-af0c-424c-ad56-10a7e1a43b5c", + "clinicId": "c14b34ce-c855-40e6-99fd-87c360546714", + "locationId": "499d7014-7318-4b8d-8388-092a7d81fcee", "babyMaxAge": 1, "childMaxAge": 7, "waitlistId": "22afd921-0630-49f4-89a8-d1ad7639ee83", - "advancedRoleIDs": [ - "338fae76-9859-4803-8441-c5c441319cfd", - "d91ff466-125b-4250-9dde-bbc282489430", - "3720198b-74ed-40de-a45e-8756f22e67d2" - ] + "advancedRoleIDs": ["338fae76-9859-4803-8441-c5c441319cfd", "d91ff466-125b-4250-9dde-bbc282489430", "3720198b-74ed-40de-a45e-8756f22e67d2"] } diff --git a/docs/windowsClinic/home/.env b/docs/windowsClinic/home/.env new file mode 100644 index 00000000..9a3469db --- /dev/null +++ b/docs/windowsClinic/home/.env @@ -0,0 +1,8 @@ +COMPOSE_CONVERT_WINDOWS_PATHS=1 +IRYO_TAG=v0.4.2 +CLINIC_ID=c14b34ce-c855-40e6-99fd-87c360546714 +LOCATION_ID=499d7014-7318-4b8d-8388-092a7d81fcee +CLOUD_AUTH_HOST=cloud.stg.iryo.io/api/v1 +CLOUD_STORAGE_HOST=cloud.stg.iryo.io/api/v1 +SYMMETRIC_REGISTRATION_URL=https://cloudsymmetric.stg.iryo.io/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 +AUTH_STORAGE_ENCRYPTION_KEY= diff --git a/docs/windowsClinic/home/docker-compose.yml b/docs/windowsClinic/home/docker-compose.yml new file mode 100755 index 00000000..b69b3946 --- /dev/null +++ b/docs/windowsClinic/home/docker-compose.yml @@ -0,0 +1,224 @@ +version: "3" +services: + traefik: + build: + context: . + dockerfile: Dockerfile.traefik + image: traefik:1.4-alpine + command: + - --configfile=/etc/traefik.toml + - --debug + volumes: + - /iryo/docs/windowsClinic/traefik.toml:/etc/traefik.toml + - /iryo/bin/tls:/certs + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 80:80 + - 443:443 + - 8080:8080 + + localFrontend: + image: iryo/localfrontend:${IRYO_TAG} + volumes: + - /iryo/docs/windowsClinic/frontendConfig.json:/iryo/config.json:ro + + localAuth: + image: iryo/localauth:${IRYO_TAG} + command: + - ./localAuth + volumes: + - /mnt/sda1/data/localAuth:/data + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /iryo/cmd/localAuth/serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localAuth-key.pem + - CERT_PATH=/certs/localAuth.pem + - AUTH_SYNC_KEY_PATH=/certs/localAuthSync-key.pem + - AUTH_SYNC_CERT_PATH=/certs/localAuthSync.pem + - STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_ENCRYPTION_KEY} + - CLOUD_AUTH_HOST=${CLOUD_AUTH_HOST} + - BOLT_DB_FILEPATH=/data/auth.db + + localStorage: + image: iryo/localstorage:${IRYO_TAG} + command: + - ./localStorage + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localStorage-key.pem + - CERT_PATH=/certs/localStorage.pem + - S3_SECRET=localminio + - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - NATS_SECRET=secret + + localMinio: + image: minio/minio + command: + - server + - /data + environment: + - MINIO_ACCESS_KEY=local + - MINIO_SECRET_KEY=localminio + ports: + - 9000:9000 + volumes: + - /iryo/bin/tls/localMinio-key.pem:/root/.minio/certs/private.key + - /iryo/bin/tls/localMinio.pem:/root/.minio/certs/public.crt + - /mnt/sda1/data/localMinio:/data + + localNats: + image: nats-streaming + ports: + - 4242:4242 + - 8282:8282 + command: + - --stan_config=/etc/nats/config.conf + volumes: + - /iryo/services/localNats/config.conf:/etc/nats/config.conf:ro + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/localNats:/data + + storageSync: + image: iryo/storagesync:${IRYO_TAG} + command: + - ./storageSync + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - KEY_PATH=/certs/storageSync-key.pem + - CERT_PATH=/certs/storageSync.pem + - NATS_SECRET=secret + - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} + + localPrometheus: + image: prom/prometheus + command: + - --config.file=/etc/prometheus/config.yml + - --storage.tsdb.path=/data + user: root:root + volumes: + - /iryo/services/localPrometheus/config.yml:/etc/prometheus/config.yml:ro + - /iryo/services/localPrometheus/rules.yml:/etc/prometheus/rules.yml:ro + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/localPrometheus:/data:rw + + natsStreamingExporter: + image: registry.gitlab.com/civist/nats-streaming-exporter + command: + - /nats-streaming-exporter + - -nats-uri=http://localNats:8282/ + ports: + - 9275:9275 + + batchStorageSync: + image: iryo/batchstoragesync:${IRYO_TAG} + command: + - ./batchStorageSync + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/batchStorageSync:/data + environment: + - KEY_PATH=/certs/batchStorageSync-key.pem + - CERT_PATH=/certs/batchStorageSync.pem + - BOLT_DB_FILEPATH=/batchStorageSync.db + - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} + + localPrometheusPushGateway: + image: prom/pushgateway + + waitlist: + image: iryo/waitlist:${IRYO_TAG} + command: + - ./waitlist + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /mnt/sda1/data/waitlist:/data + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/waitlist-key.pem + - CERT_PATH=/certs/waitlist.pem + - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - BOLT_DB_FILEPATH=/data/waitlist.db + + localStatusReporter: + image: iryo/localstatusreporter:${IRYO_TAG} + command: + - ./localStatusReporter + volumes: + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - /iryo/docs/windowsClinic/statusReporterComponents.yml:/components.yml:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=$CLINIC_ID} + - KEY_PATH=/certs/localStatusReporter-key.pem + - CERT_PATH=/certs/localStatusReporter.pem + + postgres: + build: + context: ../../ + dockerfile: services/postgres/Dockerfile + volumes: + - /iryo/services/postgres:/docker-entrypoint-initdb.d + - /iryo/bin/tls:/certs:ro + ports: + - 5432:5432 + environment: + - POSTGRES_USER=root + - POSTGRES_PASSWORD=root + + localDiscovery: + image: iryo/localdiscovery:${IRYO_TAG} + command: + - ./localDiscovery + volumes: + - /mnt/sda1/data/localDiscovery:/var/data + - /iryo/bin/tls:/certs:ro + - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localDiscovery-key.pem + - CERT_PATH=/certs/localDiscovery.pem + - DB_USERNAME=localdiscovery + - DB_PASSWORD=localdiscovery + depends_on: + - postgres + + localSymmetric: + image: iryo/symmetric + command: + - bash + - /opt/symmetric/local/local.sh + volumes: + - /iryo/services/symmetric/engines:/opt/symmetric/enginesTemplates:ro + - /iryo/services/symmetric/samples:/opt/symmetric/samples:ro + - /iryo/services/symmetric/bin:/opt/symmetric/local:ro + environment: + - LOCATION_ID=${LOCATION_ID} + - DB_URL=jdbc:postgresql://postgres/localdiscovery + - DB_USER=localsymmetric + - DB_PASSWORD=symmetric + - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} + depends_on: + - postgres + + avahi: + image: iryo/avahi + network_mode: host + environment: + - AVAHI_HOST=iryo + - AVAHI_DOMAIN=local diff --git a/docs/windowsClinic/pro/.env b/docs/windowsClinic/pro/.env new file mode 100644 index 00000000..9a3469db --- /dev/null +++ b/docs/windowsClinic/pro/.env @@ -0,0 +1,8 @@ +COMPOSE_CONVERT_WINDOWS_PATHS=1 +IRYO_TAG=v0.4.2 +CLINIC_ID=c14b34ce-c855-40e6-99fd-87c360546714 +LOCATION_ID=499d7014-7318-4b8d-8388-092a7d81fcee +CLOUD_AUTH_HOST=cloud.stg.iryo.io/api/v1 +CLOUD_STORAGE_HOST=cloud.stg.iryo.io/api/v1 +SYMMETRIC_REGISTRATION_URL=https://cloudsymmetric.stg.iryo.io/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 +AUTH_STORAGE_ENCRYPTION_KEY= diff --git a/docs/windowsClinic/pro/docker-compose.yml b/docs/windowsClinic/pro/docker-compose.yml new file mode 100755 index 00000000..728352e9 --- /dev/null +++ b/docs/windowsClinic/pro/docker-compose.yml @@ -0,0 +1,224 @@ +version: "3.6" +services: + traefik: + build: + context: ..\ + dockerfile: Dockerfile.traefik + image: traefik:1.4-alpine + command: + - --configfile=/etc/traefik.toml + - --debug + volumes: + - C:\iryo\wwm\docs\windowsClinic\traefik.toml:/etc/traefik.toml + - C:\iryo\wwm\bin\tls:/certs + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 80:80 + - 443:443 + - 8080:8080 + + localFrontend: + image: iryo/localfrontend:${IRYO_TAG} + volumes: + - C:\iryo\wwm\docs\windowsClinic\frontendConfig.json:/iryo/config.json:ro + + localAuth: + image: iryo/localauth:${IRYO_TAG} + command: + - ./localAuth + volumes: + - C:\iryo\wwm\.data\localAuth:/data + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin/tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - C:\iryo\wwm\cmd\localAuth\serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=$CLINIC_ID} + - KEY_PATH=/certs/localAuth-key.pem + - CERT_PATH=/certs/localAuth.pem + - AUTH_SYNC_KEY_PATH=/certs/localAuthSync-key.pem + - AUTH_SYNC_CERT_PATH=/certs/localAuthSync.pem + - STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_ENCRYPTION_KEY} + - CLOUD_AUTH_HOST=${CLOUD_AUTH_HOST} + - BOLT_DB_FILEPATH=/data/auth.db + + localStorage: + image: iryo/localstorage:${IRYO_TAG} + command: + - ./localStorage + volumes: + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localStorage-key.pem + - CERT_PATH=/certs/localStorage.pem + - S3_SECRET=localminio + - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - NATS_SECRET=secret + + localMinio: + image: minio/minio + command: + - server + - /data + environment: + - MINIO_ACCESS_KEY=local + - MINIO_SECRET_KEY=localminio + ports: + - 9000:9000 + volumes: + - C:\iryo\wwm\bin/tls/localMinio-key.pem:/root/.minio/certs/private.key + - C:\iryo\wwm\bin/tls/localMinio.pem:/root/.minio/certs/public.crt + - C:\iryo\wwm\.data\localMinio:/data + + localNats: + image: nats-streaming + ports: + - 4242:4242 + - 8282:8282 + command: + - --stan_config=/etc/nats/config.conf + volumes: + - C:\iryo\wwm\services\localNats\config.conf:/etc/nats/config.conf:ro + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - C:\iryo\wwm\.data\localNats:/data + + storageSync: + image: iryo/storagesync:${IRYO_TAG} + command: + - ./storageSync + volumes: + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - KEY_PATH=/certs/storageSync-key.pem + - CERT_PATH=/certs/storageSync.pem + - NATS_SECRET=secret + - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} + + localPrometheus: + image: prom/prometheus + command: + - --config.file=/etc/prometheus/config.yml + - --storage.tsdb.path=/data + user: root:root + volumes: + - C:\iryo\wwm\services\localPrometheus\config.yml:/etc/prometheus/config.yml:ro + - C:\iryo\wwm\services\localPrometheus\rules.yml:/etc/prometheus/rules.yml:ro + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - C:\iryo\wwm\.data\localPrometheus:/data:rw + + natsStreamingExporter: + image: registry.gitlab.com/civist/nats-streaming-exporter + command: + - /nats-streaming-exporter + - -nats-uri=http://localNats:8282/ + ports: + - 9275:9275 + + batchStorageSync: + image: iryo/batchstoragesync:${IRYO_TAG} + command: + - ./batchStorageSync + volumes: + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - C:\iryo\wwm\.data\batchStorageSync:/data + environment: + - KEY_PATH=/certs/batchStorageSync-key.pem + - CERT_PATH=/certs/batchStorageSync.pem + - BOLT_DB_FILEPATH=/batchStorageSync.db + - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} + + localPrometheusPushGateway: + image: prom/pushgateway + + waitlist: + image: iryo/waitlist:${IRYO_TAG} + command: + - ./waitlist + volumes: + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - C:\iryo\wwm\.data\waitlist:/data + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/waitlist-key.pem + - CERT_PATH=/certs/waitlist.pem + - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - BOLT_DB_FILEPATH=/data/waitlist.db + + localStatusReporter: + image: iryo/localstatusreporter:${IRYO_TAG} + command: + - ./localStatusReporter + volumes: + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - C:\iryo\wwm\docs\windowsClinic\statusReporterComponents.yml:/components.yml:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=$CLINIC_ID} + - KEY_PATH=/certs/localStatusReporter-key.pem + - CERT_PATH=/certs/localStatusReporter.pem + + postgres: + build: + context: ../../../ + dockerfile: services/postgres/Dockerfile + volumes: + - C:\iryo\wwm\services\postgres:/docker-entrypoint-initdb.d + - C:\iryo\wwm\bin\tls:/certs:ro + ports: + - 5432:5432 + environment: + - POSTGRES_USER=root + - POSTGRES_PASSWORD=root + + localDiscovery: + image: iryo/localdiscovery:${IRYO_TAG} + command: + - ./localDiscovery + volumes: + - C:\iryo\wwm\localDiscovery:/var/data + - C:\iryo\wwm\bin\tls:/certs:ro + - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + environment: + - DOMAIN_TYPE=clinic + - DOMAIN_ID=${CLINIC_ID} + - KEY_PATH=/certs/localDiscovery-key.pem + - CERT_PATH=/certs/localDiscovery.pem + - DB_USERNAME=localdiscovery + - DB_PASSWORD=localdiscovery + depends_on: + - postgres + + localSymmetric: + image: iryo/symmetric + command: + - bash + - /opt/symmetric/local/local.sh + volumes: + - C:\iryo\wwm\services\symmetric\engines:/opt/symmetric/enginesTemplates:ro + - C:\iryo\wwm\services\symmetric\samples:/opt/symmetric/samples:ro + - C:\iryo\wwm\services\symmetric\bin:/opt/symmetric/local:ro + environment: + - LOCATION_ID=${LOCATION_ID} + - DB_URL=jdbc:postgresql://postgres/localdiscovery + - DB_USER=localsymmetric + - DB_PASSWORD=symmetric + - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} + depends_on: + - postgres + + avahi: + image: iryo/avahi + network_mode: host + environment: + - AVAHI_HOST=iryo + - AVAHI_DOMAIN=local From 261e265591be2461ff5a643f44090d985ab79a66 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Tue, 16 Oct 2018 13:29:19 +0200 Subject: [PATCH 09/14] UPD windows setup shared folders config manual --- docs/windowsClinic.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/docs/windowsClinic.md b/docs/windowsClinic.md index e3116792..fe710875 100755 --- a/docs/windowsClinic.md +++ b/docs/windowsClinic.md @@ -19,6 +19,8 @@ Setup was tested on Windows 10 Home & Pro Editions. git config --global core.autocrlf false ``` +* Go to Docker for Windows settings. In tab `Shared Drives` add the drive on which you checked out IRYO WWM repo to list of drives that can be available to Docker containers. + ### Windows 10 Home * Download Docker Toolbox for Windows. @@ -34,13 +36,7 @@ Setup was tested on Windows 10 Home & Pro Editions. ``` * Add IRYO WWM dir to shared folders for docker machine VM. - Run following commands in powershell (as admin) while being in IRYO WWM dir: - - ``` - docker-machine stop - vboxmanage sharedfolder add default --name "iryo" --hostpath "${PWD}" --automount - docker-machine start - ``` + The easiest way to do it currently is to open Virtual Box GUI and add path to WWM dir to visible there docker machine VM. You should mount WWM dir under `/iryo` in the VM not to have to change any docker-compose values. ## 2. Generate certificates and import root certificate to Windows root truststore. From cb4a88ab0e71e48320c3edee18f0f4dd242e4e2e Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Tue, 16 Oct 2018 13:52:20 +0200 Subject: [PATCH 10/14] UDP windows setup docker-compose files - Adds more values to be configurable through environment variables. Defaults are set in .env files. --- docs/windowsClinic.md | 10 +- docs/windowsClinic/docker-compose.yml | 224 --------------------- docs/windowsClinic/home/.env | 13 ++ docs/windowsClinic/home/docker-compose.yml | 94 ++++----- docs/windowsClinic/pro/.env | 13 ++ docs/windowsClinic/pro/docker-compose.yml | 110 +++++----- 6 files changed, 134 insertions(+), 330 deletions(-) delete mode 100755 docs/windowsClinic/docker-compose.yml diff --git a/docs/windowsClinic.md b/docs/windowsClinic.md index fe710875..78a59cfb 100755 --- a/docs/windowsClinic.md +++ b/docs/windowsClinic.md @@ -15,9 +15,11 @@ Setup was tested on Windows 10 Home & Pro Editions. * Checkout IRYO WWM repo: Before checkout, while configuring git you should disable auto conversion to CRLF line endings. - ``` - git config --global core.autocrlf false - ``` + ``` + git config --global core.autocrlf false + ``` + + You should checkout IRYO WWM to `C:\iryo\wwm` not to have to change default `IRYO_WWM_DIR` docker-compose file environment variable * Go to Docker for Windows settings. In tab `Shared Drives` add the drive on which you checked out IRYO WWM repo to list of drives that can be available to Docker containers. @@ -36,7 +38,7 @@ Setup was tested on Windows 10 Home & Pro Editions. ``` * Add IRYO WWM dir to shared folders for docker machine VM. - The easiest way to do it currently is to open Virtual Box GUI and add path to WWM dir to visible there docker machine VM. You should mount WWM dir under `/iryo` in the VM not to have to change any docker-compose values. + The easiest way to do it currently is to open Virtual Box GUI and add path to WWM dir to visible there docker machine VM. You should mount WWM dir under `/iryo` in the VM not to have to change default `IRYO_WWM_DIR` docker-compose file environment variable. ## 2. Generate certificates and import root certificate to Windows root truststore. diff --git a/docs/windowsClinic/docker-compose.yml b/docs/windowsClinic/docker-compose.yml deleted file mode 100755 index b69b3946..00000000 --- a/docs/windowsClinic/docker-compose.yml +++ /dev/null @@ -1,224 +0,0 @@ -version: "3" -services: - traefik: - build: - context: . - dockerfile: Dockerfile.traefik - image: traefik:1.4-alpine - command: - - --configfile=/etc/traefik.toml - - --debug - volumes: - - /iryo/docs/windowsClinic/traefik.toml:/etc/traefik.toml - - /iryo/bin/tls:/certs - - /var/run/docker.sock:/var/run/docker.sock - ports: - - 80:80 - - 443:443 - - 8080:8080 - - localFrontend: - image: iryo/localfrontend:${IRYO_TAG} - volumes: - - /iryo/docs/windowsClinic/frontendConfig.json:/iryo/config.json:ro - - localAuth: - image: iryo/localauth:${IRYO_TAG} - command: - - ./localAuth - volumes: - - /mnt/sda1/data/localAuth:/data - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /iryo/cmd/localAuth/serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro - environment: - - DOMAIN_TYPE=clinic - - DOMAIN_ID=${CLINIC_ID} - - KEY_PATH=/certs/localAuth-key.pem - - CERT_PATH=/certs/localAuth.pem - - AUTH_SYNC_KEY_PATH=/certs/localAuthSync-key.pem - - AUTH_SYNC_CERT_PATH=/certs/localAuthSync.pem - - STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_ENCRYPTION_KEY} - - CLOUD_AUTH_HOST=${CLOUD_AUTH_HOST} - - BOLT_DB_FILEPATH=/data/auth.db - - localStorage: - image: iryo/localstorage:${IRYO_TAG} - command: - - ./localStorage - volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - environment: - - DOMAIN_TYPE=clinic - - DOMAIN_ID=${CLINIC_ID} - - KEY_PATH=/certs/localStorage-key.pem - - CERT_PATH=/certs/localStorage.pem - - S3_SECRET=localminio - - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= - - NATS_SECRET=secret - - localMinio: - image: minio/minio - command: - - server - - /data - environment: - - MINIO_ACCESS_KEY=local - - MINIO_SECRET_KEY=localminio - ports: - - 9000:9000 - volumes: - - /iryo/bin/tls/localMinio-key.pem:/root/.minio/certs/private.key - - /iryo/bin/tls/localMinio.pem:/root/.minio/certs/public.crt - - /mnt/sda1/data/localMinio:/data - - localNats: - image: nats-streaming - ports: - - 4242:4242 - - 8282:8282 - command: - - --stan_config=/etc/nats/config.conf - volumes: - - /iryo/services/localNats/config.conf:/etc/nats/config.conf:ro - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /mnt/sda1/data/localNats:/data - - storageSync: - image: iryo/storagesync:${IRYO_TAG} - command: - - ./storageSync - volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - environment: - - KEY_PATH=/certs/storageSync-key.pem - - CERT_PATH=/certs/storageSync.pem - - NATS_SECRET=secret - - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} - - localPrometheus: - image: prom/prometheus - command: - - --config.file=/etc/prometheus/config.yml - - --storage.tsdb.path=/data - user: root:root - volumes: - - /iryo/services/localPrometheus/config.yml:/etc/prometheus/config.yml:ro - - /iryo/services/localPrometheus/rules.yml:/etc/prometheus/rules.yml:ro - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /mnt/sda1/data/localPrometheus:/data:rw - - natsStreamingExporter: - image: registry.gitlab.com/civist/nats-streaming-exporter - command: - - /nats-streaming-exporter - - -nats-uri=http://localNats:8282/ - ports: - - 9275:9275 - - batchStorageSync: - image: iryo/batchstoragesync:${IRYO_TAG} - command: - - ./batchStorageSync - volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /mnt/sda1/data/batchStorageSync:/data - environment: - - KEY_PATH=/certs/batchStorageSync-key.pem - - CERT_PATH=/certs/batchStorageSync.pem - - BOLT_DB_FILEPATH=/batchStorageSync.db - - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} - - localPrometheusPushGateway: - image: prom/pushgateway - - waitlist: - image: iryo/waitlist:${IRYO_TAG} - command: - - ./waitlist - volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /mnt/sda1/data/waitlist:/data - environment: - - DOMAIN_TYPE=clinic - - DOMAIN_ID=${CLINIC_ID} - - KEY_PATH=/certs/waitlist-key.pem - - CERT_PATH=/certs/waitlist.pem - - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= - - BOLT_DB_FILEPATH=/data/waitlist.db - - localStatusReporter: - image: iryo/localstatusreporter:${IRYO_TAG} - command: - - ./localStatusReporter - volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /iryo/docs/windowsClinic/statusReporterComponents.yml:/components.yml:ro - environment: - - DOMAIN_TYPE=clinic - - DOMAIN_ID=$CLINIC_ID} - - KEY_PATH=/certs/localStatusReporter-key.pem - - CERT_PATH=/certs/localStatusReporter.pem - - postgres: - build: - context: ../../ - dockerfile: services/postgres/Dockerfile - volumes: - - /iryo/services/postgres:/docker-entrypoint-initdb.d - - /iryo/bin/tls:/certs:ro - ports: - - 5432:5432 - environment: - - POSTGRES_USER=root - - POSTGRES_PASSWORD=root - - localDiscovery: - image: iryo/localdiscovery:${IRYO_TAG} - command: - - ./localDiscovery - volumes: - - /mnt/sda1/data/localDiscovery:/var/data - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - environment: - - DOMAIN_TYPE=clinic - - DOMAIN_ID=${CLINIC_ID} - - KEY_PATH=/certs/localDiscovery-key.pem - - CERT_PATH=/certs/localDiscovery.pem - - DB_USERNAME=localdiscovery - - DB_PASSWORD=localdiscovery - depends_on: - - postgres - - localSymmetric: - image: iryo/symmetric - command: - - bash - - /opt/symmetric/local/local.sh - volumes: - - /iryo/services/symmetric/engines:/opt/symmetric/enginesTemplates:ro - - /iryo/services/symmetric/samples:/opt/symmetric/samples:ro - - /iryo/services/symmetric/bin:/opt/symmetric/local:ro - environment: - - LOCATION_ID=${LOCATION_ID} - - DB_URL=jdbc:postgresql://postgres/localdiscovery - - DB_USER=localsymmetric - - DB_PASSWORD=symmetric - - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} - depends_on: - - postgres - - avahi: - image: iryo/avahi - network_mode: host - environment: - - AVAHI_HOST=iryo - - AVAHI_DOMAIN=local diff --git a/docs/windowsClinic/home/.env b/docs/windowsClinic/home/.env index 9a3469db..f7e934df 100644 --- a/docs/windowsClinic/home/.env +++ b/docs/windowsClinic/home/.env @@ -1,8 +1,21 @@ COMPOSE_CONVERT_WINDOWS_PATHS=1 +IRYO_WWM_DIR=/iryo IRYO_TAG=v0.4.2 CLINIC_ID=c14b34ce-c855-40e6-99fd-87c360546714 LOCATION_ID=499d7014-7318-4b8d-8388-092a7d81fcee CLOUD_AUTH_HOST=cloud.stg.iryo.io/api/v1 CLOUD_STORAGE_HOST=cloud.stg.iryo.io/api/v1 SYMMETRIC_REGISTRATION_URL=https://cloudsymmetric.stg.iryo.io/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 +LOCAL_POSTGRES_USER=root +LOCAL_POSTGRES_PASSWORD=root +LOCAL_DISCOVERY_DB_USERNAME=localdiscovery +LOCAL_DISCOVERY_DB_PASSWORD=localdiscovery +LOCAL_SYMMETRIC_DB_USERNAME=localsymmetric +LOCAL_SYMMETRIC_DB_PASSWORD=symmetric +WAITLIST_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= +LOCAL_STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= +LOCAL_STORAGE_S3_SECRET=localminio +LOCAL_NATS_SECRET=secret +LOCAL_MINIO_ACCESS_KEY=local +LOCAL_MINIO_SECRET_KEY=localminio AUTH_STORAGE_ENCRYPTION_KEY= diff --git a/docs/windowsClinic/home/docker-compose.yml b/docs/windowsClinic/home/docker-compose.yml index b69b3946..3d433e2a 100755 --- a/docs/windowsClinic/home/docker-compose.yml +++ b/docs/windowsClinic/home/docker-compose.yml @@ -9,8 +9,8 @@ services: - --configfile=/etc/traefik.toml - --debug volumes: - - /iryo/docs/windowsClinic/traefik.toml:/etc/traefik.toml - - /iryo/bin/tls:/certs + - ${IRYO_WWM_DIR}/docs/windowsClinic/traefik.toml:/etc/traefik.toml + - ${IRYO_WWM_DIR}/bin/tls:/certs - /var/run/docker.sock:/var/run/docker.sock ports: - 80:80 @@ -20,7 +20,7 @@ services: localFrontend: image: iryo/localfrontend:${IRYO_TAG} volumes: - - /iryo/docs/windowsClinic/frontendConfig.json:/iryo/config.json:ro + - ${IRYO_WWM_DIR}/docs/windowsClinic/frontendConfig.json:${IRYO_WWM_DIR}/config.json:ro localAuth: image: iryo/localauth:${IRYO_TAG} @@ -28,9 +28,9 @@ services: - ./localAuth volumes: - /mnt/sda1/data/localAuth:/data - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /iryo/cmd/localAuth/serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/cmd/localAuth/serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} @@ -47,16 +47,16 @@ services: command: - ./localStorage volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localStorage-key.pem - CERT_PATH=/certs/localStorage.pem - - S3_SECRET=localminio - - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= - - NATS_SECRET=secret + - S3_SECRET=${LOCAL_STORAGE_S3_SECRET} + - STORAGE_ENCRYPTION_KEY=${STORAGE_ENCRYPTION_KEY} + - NATS_SECRET=${LOCAL_NATS_SECRET} localMinio: image: minio/minio @@ -64,13 +64,13 @@ services: - server - /data environment: - - MINIO_ACCESS_KEY=local - - MINIO_SECRET_KEY=localminio + - MINIO_ACCESS_KEY=${LOCAL_MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${LOCAL_MINIO_SECRET_KEY} ports: - 9000:9000 volumes: - - /iryo/bin/tls/localMinio-key.pem:/root/.minio/certs/private.key - - /iryo/bin/tls/localMinio.pem:/root/.minio/certs/public.crt + - ${IRYO_WWM_DIR}/bin/tls/localMinio-key.pem:/root/.minio/certs/private.key + - ${IRYO_WWM_DIR}/bin/tls/localMinio.pem:/root/.minio/certs/public.crt - /mnt/sda1/data/localMinio:/data localNats: @@ -81,9 +81,9 @@ services: command: - --stan_config=/etc/nats/config.conf volumes: - - /iryo/services/localNats/config.conf:/etc/nats/config.conf:ro - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/services/localNats/config.conf:/etc/nats/config.conf:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - /mnt/sda1/data/localNats:/data storageSync: @@ -91,12 +91,12 @@ services: command: - ./storageSync volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro environment: - KEY_PATH=/certs/storageSync-key.pem - CERT_PATH=/certs/storageSync.pem - - NATS_SECRET=secret + - NATS_SECRET=${LOCAL_NATS_SECRET} - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} localPrometheus: @@ -106,10 +106,10 @@ services: - --storage.tsdb.path=/data user: root:root volumes: - - /iryo/services/localPrometheus/config.yml:/etc/prometheus/config.yml:ro - - /iryo/services/localPrometheus/rules.yml:/etc/prometheus/rules.yml:ro - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/services/localPrometheus/config.yml:/etc/prometheus/config.yml:ro + - ${IRYO_WWM_DIR}/services/localPrometheus/rules.yml:/etc/prometheus/rules.yml:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - /mnt/sda1/data/localPrometheus:/data:rw natsStreamingExporter: @@ -125,8 +125,8 @@ services: command: - ./batchStorageSync volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - /mnt/sda1/data/batchStorageSync:/data environment: - KEY_PATH=/certs/batchStorageSync-key.pem @@ -142,15 +142,15 @@ services: command: - ./waitlist volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - /mnt/sda1/data/waitlist:/data environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/waitlist-key.pem - CERT_PATH=/certs/waitlist.pem - - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - STORAGE_ENCRYPTION_KEY=${WAITLIST_ENCRYPTION_KEY} - BOLT_DB_FILEPATH=/data/waitlist.db localStatusReporter: @@ -158,12 +158,12 @@ services: command: - ./localStatusReporter volumes: - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - /iryo/docs/windowsClinic/statusReporterComponents.yml:/components.yml:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/docs/windowsClinic/statusReporterComponents.yml:/components.yml:ro environment: - DOMAIN_TYPE=clinic - - DOMAIN_ID=$CLINIC_ID} + - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localStatusReporter-key.pem - CERT_PATH=/certs/localStatusReporter.pem @@ -172,13 +172,13 @@ services: context: ../../ dockerfile: services/postgres/Dockerfile volumes: - - /iryo/services/postgres:/docker-entrypoint-initdb.d - - /iryo/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/services/postgres:/docker-entrypoint-initdb.d + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro ports: - 5432:5432 environment: - - POSTGRES_USER=root - - POSTGRES_PASSWORD=root + - POSTGRES_USER=${LOCAL_POSTGRES_USER} + - POSTGRES_PASSWORD=${LOCAL_POSTGRES_PASSWORD} localDiscovery: image: iryo/localdiscovery:${IRYO_TAG} @@ -186,15 +186,15 @@ services: - ./localDiscovery volumes: - /mnt/sda1/data/localDiscovery:/var/data - - /iryo/bin/tls:/certs:ro - - /iryo/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}/bin/tls:/certs:ro + - ${IRYO_WWM_DIR}/bin/tls/ca.pem:/etc/ssl/certs/ca-iryo.pem:ro environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localDiscovery-key.pem - CERT_PATH=/certs/localDiscovery.pem - - DB_USERNAME=localdiscovery - - DB_PASSWORD=localdiscovery + - DB_USERNAME=${LOCAL_DISCOVERY_DB_USERNAME} + - DB_PASSWORD=${LOCAL_DISCOVERY_DB_PASSWORD} depends_on: - postgres @@ -204,14 +204,14 @@ services: - bash - /opt/symmetric/local/local.sh volumes: - - /iryo/services/symmetric/engines:/opt/symmetric/enginesTemplates:ro - - /iryo/services/symmetric/samples:/opt/symmetric/samples:ro - - /iryo/services/symmetric/bin:/opt/symmetric/local:ro + - ${IRYO_WWM_DIR}/services/symmetric/engines:/opt/symmetric/enginesTemplates:ro + - ${IRYO_WWM_DIR}/services/symmetric/samples:/opt/symmetric/samples:ro + - ${IRYO_WWM_DIR}/services/symmetric/bin:/opt/symmetric/local:ro environment: - LOCATION_ID=${LOCATION_ID} - DB_URL=jdbc:postgresql://postgres/localdiscovery - - DB_USER=localsymmetric - - DB_PASSWORD=symmetric + - DB_USERNAME=${LOCAL_SYMMETRIC_DB_USERNAME} + - DB_PASSWORD=${LOCAL_SYMMETRIC_DB_PASSWORD} - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} depends_on: - postgres diff --git a/docs/windowsClinic/pro/.env b/docs/windowsClinic/pro/.env index 9a3469db..ece3abf5 100644 --- a/docs/windowsClinic/pro/.env +++ b/docs/windowsClinic/pro/.env @@ -1,8 +1,21 @@ COMPOSE_CONVERT_WINDOWS_PATHS=1 +IRYO_WWM_DIR=C:\iryo\wwm IRYO_TAG=v0.4.2 CLINIC_ID=c14b34ce-c855-40e6-99fd-87c360546714 LOCATION_ID=499d7014-7318-4b8d-8388-092a7d81fcee CLOUD_AUTH_HOST=cloud.stg.iryo.io/api/v1 CLOUD_STORAGE_HOST=cloud.stg.iryo.io/api/v1 SYMMETRIC_REGISTRATION_URL=https://cloudsymmetric.stg.iryo.io/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326 +LOCAL_POSTGRES_USER=root +LOCAL_POSTGRES_PASSWORD=root +LOCAL_DISCOVERY_DB_USERNAME=localdiscovery +LOCAL_DISCOVERY_DB_PASSWORD=localdiscovery +LOCAL_SYMMETRIC_DB_USERNAME=localsymmetric +LOCAL_SYMMETRIC_DB_PASSWORD=symmetric +WAITLIST_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= +LOCAL_STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= +LOCAL_STORAGE_S3_SECRET=localminio +LOCAL_NATS_SECRET=secret +LOCAL_MINIO_ACCESS_KEY=local +LOCAL_MINIO_SECRET_KEY=localminio AUTH_STORAGE_ENCRYPTION_KEY= diff --git a/docs/windowsClinic/pro/docker-compose.yml b/docs/windowsClinic/pro/docker-compose.yml index 728352e9..efcc2dc0 100755 --- a/docs/windowsClinic/pro/docker-compose.yml +++ b/docs/windowsClinic/pro/docker-compose.yml @@ -9,8 +9,8 @@ services: - --configfile=/etc/traefik.toml - --debug volumes: - - C:\iryo\wwm\docs\windowsClinic\traefik.toml:/etc/traefik.toml - - C:\iryo\wwm\bin\tls:/certs + - ${IRYO_WWM_DIR}\docs\windowsClinic\traefik.toml:/etc/traefik.toml + - ${IRYO_WWM_DIR}\bin\tls:/certs - /var/run/docker.sock:/var/run/docker.sock ports: - 80:80 @@ -20,20 +20,20 @@ services: localFrontend: image: iryo/localfrontend:${IRYO_TAG} volumes: - - C:\iryo\wwm\docs\windowsClinic\frontendConfig.json:/iryo/config.json:ro + - ${IRYO_WWM_DIR}\docs\windowsClinic\frontendConfig.json:/iryo/config.json:ro localAuth: image: iryo/localauth:${IRYO_TAG} command: - ./localAuth volumes: - - C:\iryo\wwm\.data\localAuth:/data - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin/tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - C:\iryo\wwm\cmd\localAuth\serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro + - ${IRYO_WWM_DIR}\.data\localAuth:/data + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin/tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\cmd\localAuth\serviceCertsAndPaths.yml:/serviceCertsAndPaths.yml:ro environment: - DOMAIN_TYPE=clinic - - DOMAIN_ID=$CLINIC_ID} + - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localAuth-key.pem - CERT_PATH=/certs/localAuth.pem - AUTH_SYNC_KEY_PATH=/certs/localAuthSync-key.pem @@ -47,16 +47,16 @@ services: command: - ./localStorage volumes: - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localStorage-key.pem - CERT_PATH=/certs/localStorage.pem - - S3_SECRET=localminio - - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= - - NATS_SECRET=secret + - S3_SECRET=${LOCAL_STORAGE_S3_SECRET} + - STORAGE_ENCRYPTION_KEY=${LOCAL_STORAGE_ENCRYPTION_KEY} + - NATS_SECRET=${LOCAL_NATS_SECRET} localMinio: image: minio/minio @@ -64,14 +64,14 @@ services: - server - /data environment: - - MINIO_ACCESS_KEY=local - - MINIO_SECRET_KEY=localminio + - MINIO_ACCESS_KEY=${LOCAL_MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${LOCAL_MINIO_SECRET_KEY} ports: - 9000:9000 volumes: - - C:\iryo\wwm\bin/tls/localMinio-key.pem:/root/.minio/certs/private.key - - C:\iryo\wwm\bin/tls/localMinio.pem:/root/.minio/certs/public.crt - - C:\iryo\wwm\.data\localMinio:/data + - ${IRYO_WWM_DIR}\bin/tls/localMinio-key.pem:/root/.minio/certs/private.key + - ${IRYO_WWM_DIR}\bin/tls/localMinio.pem:/root/.minio/certs/public.crt + - ${IRYO_WWM_DIR}\.data\localMinio:/data localNats: image: nats-streaming @@ -81,22 +81,22 @@ services: command: - --stan_config=/etc/nats/config.conf volumes: - - C:\iryo\wwm\services\localNats\config.conf:/etc/nats/config.conf:ro - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - C:\iryo\wwm\.data\localNats:/data + - ${IRYO_WWM_DIR}\services\localNats\config.conf:/etc/nats/config.conf:ro + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\.data\localNats:/data storageSync: image: iryo/storagesync:${IRYO_TAG} command: - ./storageSync volumes: - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro environment: - KEY_PATH=/certs/storageSync-key.pem - CERT_PATH=/certs/storageSync.pem - - NATS_SECRET=secret + - NATS_SECRET=${LOCAL_NATS_SECRET} - CLOUD_STORAGE_HOST=${CLOUD_STORAGE_HOST} localPrometheus: @@ -106,11 +106,11 @@ services: - --storage.tsdb.path=/data user: root:root volumes: - - C:\iryo\wwm\services\localPrometheus\config.yml:/etc/prometheus/config.yml:ro - - C:\iryo\wwm\services\localPrometheus\rules.yml:/etc/prometheus/rules.yml:ro - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - C:\iryo\wwm\.data\localPrometheus:/data:rw + - ${IRYO_WWM_DIR}\services\localPrometheus\config.yml:/etc/prometheus/config.yml:ro + - ${IRYO_WWM_DIR}\services\localPrometheus\rules.yml:/etc/prometheus/rules.yml:ro + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\.data\localPrometheus:/data:rw natsStreamingExporter: image: registry.gitlab.com/civist/nats-streaming-exporter @@ -125,9 +125,9 @@ services: command: - ./batchStorageSync volumes: - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - C:\iryo\wwm\.data\batchStorageSync:/data + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\.data\batchStorageSync:/data environment: - KEY_PATH=/certs/batchStorageSync-key.pem - CERT_PATH=/certs/batchStorageSync.pem @@ -142,15 +142,15 @@ services: command: - ./waitlist volumes: - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - C:\iryo\wwm\.data\waitlist:/data + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\.data\waitlist:/data environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/waitlist-key.pem - CERT_PATH=/certs/waitlist.pem - - STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ= + - STORAGE_ENCRYPTION_KEY=${WAITLIST_ENCRYPTION_KEY} - BOLT_DB_FILEPATH=/data/waitlist.db localStatusReporter: @@ -158,12 +158,12 @@ services: command: - ./localStatusReporter volumes: - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro - - C:\iryo\wwm\docs\windowsClinic\statusReporterComponents.yml:/components.yml:ro + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\docs\windowsClinic\statusReporterComponents.yml:/components.yml:ro environment: - DOMAIN_TYPE=clinic - - DOMAIN_ID=$CLINIC_ID} + - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localStatusReporter-key.pem - CERT_PATH=/certs/localStatusReporter.pem @@ -172,29 +172,29 @@ services: context: ../../../ dockerfile: services/postgres/Dockerfile volumes: - - C:\iryo\wwm\services\postgres:/docker-entrypoint-initdb.d - - C:\iryo\wwm\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\services\postgres:/docker-entrypoint-initdb.d + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro ports: - 5432:5432 environment: - - POSTGRES_USER=root - - POSTGRES_PASSWORD=root + - POSTGRES_USER=${LOCAL_POSTGRES_USER} + - POSTGRES_PASSWORD=${LOCAL_POSTGRES_PASSWORD} localDiscovery: image: iryo/localdiscovery:${IRYO_TAG} command: - ./localDiscovery volumes: - - C:\iryo\wwm\localDiscovery:/var/data - - C:\iryo\wwm\bin\tls:/certs:ro - - C:\iryo\wwm\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro + - ${IRYO_WWM_DIR}\.data\localDiscovery:/var/data + - ${IRYO_WWM_DIR}\bin\tls:/certs:ro + - ${IRYO_WWM_DIR}\bin\tls\ca.pem:/etc/ssl/certs/ca-iryo.pem:ro environment: - DOMAIN_TYPE=clinic - DOMAIN_ID=${CLINIC_ID} - KEY_PATH=/certs/localDiscovery-key.pem - CERT_PATH=/certs/localDiscovery.pem - - DB_USERNAME=localdiscovery - - DB_PASSWORD=localdiscovery + - DB_USERNAME=${LOCAL_DISCOVERY_DB_USERNAME} + - DB_PASSWORD=${LOCAL_DISCOVERY_DB_PASSWORD} depends_on: - postgres @@ -204,14 +204,14 @@ services: - bash - /opt/symmetric/local/local.sh volumes: - - C:\iryo\wwm\services\symmetric\engines:/opt/symmetric/enginesTemplates:ro - - C:\iryo\wwm\services\symmetric\samples:/opt/symmetric/samples:ro - - C:\iryo\wwm\services\symmetric\bin:/opt/symmetric/local:ro + - ${IRYO_WWM_DIR}\services\symmetric\engines:/opt/symmetric/enginesTemplates:ro + - ${IRYO_WWM_DIR}\services\symmetric\samples:/opt/symmetric/samples:ro + - ${IRYO_WWM_DIR}\services\symmetric\bin:/opt/symmetric/local:ro environment: - LOCATION_ID=${LOCATION_ID} - DB_URL=jdbc:postgresql://postgres/localdiscovery - - DB_USER=localsymmetric - - DB_PASSWORD=symmetric + - DB_USER=${LOCAL_SYMMETRIC_DB_USERNAME} + - DB_PASSWORD=${LOCAL_SYMMETRIC_DB_PASSWORD} - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} depends_on: - postgres From ea1448193554c08e58fe57d9a30d5f1c90bc7981 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Fri, 19 Oct 2018 14:57:49 +0200 Subject: [PATCH 11/14] ADD support for cloud symmetric basic auth - Adds support for cloudSymmetric endpoints basic auth. --- docs/windowsClinic.md | 10 +++++++--- docs/windowsClinic/home/.env | 4 ++++ docs/windowsClinic/home/docker-compose.yml | 3 +++ docs/windowsClinic/pro/.env | 3 +++ docs/windowsClinic/pro/docker-compose.yml | 3 +++ services/symmetric/bin/local.sh | 7 +++++++ services/symmetric/engines/local.properties | 2 ++ 7 files changed, 29 insertions(+), 3 deletions(-) diff --git a/docs/windowsClinic.md b/docs/windowsClinic.md index 78a59cfb..460f4137 100755 --- a/docs/windowsClinic.md +++ b/docs/windowsClinic.md @@ -58,8 +58,12 @@ powershell -ExecutionPolicy ByPass -File .\generateAndImportCerts.ps1 1. Edit `frontendConfig.json` to include correct `clinicId` and `locationId`. 2. Edit `.env` environment variables file for `docker-compose` it's included together with `docker-compose` in folders speciifc for Windows edition. - The .env files contain on default values for test Windows deployment connecting to staging environment. - The only value not set-up at all is `AUTH_STORAGE_ENCRYPTION_KEY` that needs to be the same as at your chosen cloud deployment's `cloudAuth`. Otherwise `locatAuth` won't be able to decrypt received auth DB file. + The .env files contain default values for test Windows clinic deployment that is connecting to stagingcloud deployment. + The values that are not filled in and has to be added before running the clinic are: + * `CLOUDSYMMETRIC_BASIC_AUTH_USERNAME` and `CLOUDSYMMETRIC_BASIC_AUTH_PASSWORD`. + It needs to be set to correct username and password setup for `cloudSymmetric` server endpoints at the chosen cloud deployment. + * `AUTH_STORAGE_ENCRYPTION_KEY` + It needs to be the same as at the chosen cloud deployment's `cloudAuth`. Otherwise `locatAuth` won't be able to decrypt received auth DB file. ## 6. Start clinic @@ -75,7 +79,7 @@ Now you should be able to access clinic web interface at `https://iryo.local`. ### Windows 10 Pro -1. Clinic site is not accessible from Microsoft Edge browser. +1. Clinic site is not accessible from Microsoft Edge browser due to Microsoft Edge not being able to correctly resolve local domains. ### Windows 10 Home diff --git a/docs/windowsClinic/home/.env b/docs/windowsClinic/home/.env index f7e934df..6df870c4 100644 --- a/docs/windowsClinic/home/.env +++ b/docs/windowsClinic/home/.env @@ -19,3 +19,7 @@ LOCAL_NATS_SECRET=secret LOCAL_MINIO_ACCESS_KEY=local LOCAL_MINIO_SECRET_KEY=localminio AUTH_STORAGE_ENCRYPTION_KEY= +CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED=true +CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME= +CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD= +AUTH_STORAGE_ENCRYPTION_KEY= diff --git a/docs/windowsClinic/home/docker-compose.yml b/docs/windowsClinic/home/docker-compose.yml index 3d433e2a..3d5fef4e 100755 --- a/docs/windowsClinic/home/docker-compose.yml +++ b/docs/windowsClinic/home/docker-compose.yml @@ -213,6 +213,9 @@ services: - DB_USERNAME=${LOCAL_SYMMETRIC_DB_USERNAME} - DB_PASSWORD=${LOCAL_SYMMETRIC_DB_PASSWORD} - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} + - CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED=${CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED} + - CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME=${CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME} + - CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD=${CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD} depends_on: - postgres diff --git a/docs/windowsClinic/pro/.env b/docs/windowsClinic/pro/.env index ece3abf5..a62dee45 100644 --- a/docs/windowsClinic/pro/.env +++ b/docs/windowsClinic/pro/.env @@ -18,4 +18,7 @@ LOCAL_STORAGE_S3_SECRET=localminio LOCAL_NATS_SECRET=secret LOCAL_MINIO_ACCESS_KEY=local LOCAL_MINIO_SECRET_KEY=localminio +CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED=true +CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME= +CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD= AUTH_STORAGE_ENCRYPTION_KEY= diff --git a/docs/windowsClinic/pro/docker-compose.yml b/docs/windowsClinic/pro/docker-compose.yml index efcc2dc0..c59d10ca 100755 --- a/docs/windowsClinic/pro/docker-compose.yml +++ b/docs/windowsClinic/pro/docker-compose.yml @@ -213,6 +213,9 @@ services: - DB_USER=${LOCAL_SYMMETRIC_DB_USERNAME} - DB_PASSWORD=${LOCAL_SYMMETRIC_DB_PASSWORD} - REGISTRATION_URL=${SYMMETRIC_REGISTRATION_URL} + - CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED=${CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED} + - CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME=${CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME} + - CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD=${CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD} depends_on: - postgres diff --git a/services/symmetric/bin/local.sh b/services/symmetric/bin/local.sh index edb1b3de..bb37c321 100755 --- a/services/symmetric/bin/local.sh +++ b/services/symmetric/bin/local.sh @@ -10,6 +10,13 @@ sed -i -e "s#^db.url=#db.url=${DB_URL}#" /opt/symmetric/engines/local.pr sed -i -e "s#^db.user=#db.user=${DB_USER}#" /opt/symmetric/engines/local.properties sed -i -e "s#^db.password=#db.password=${DB_PASSWORD}#" /opt/symmetric/engines/local.properties sed -i -e "s#^registration.url=#registration.url=${REGISTRATION_URL}#" /opt/symmetric/engines/local.properties +if [ "$CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED" = true ] ; then + sed -i -e "s#^http.basic.auth.username=#http.basic.auth.username=${CLOUDSYMMETRIC_BASIC_AUTH_USERNAME}#" /opt/symmetric/engines/local.properties + sed -i -e "s#^http.basic.auth.password=#http.basic.auth.password=${CLOUDSYMMETRIC_BASIC_AUTH_PASSWORD}#" /opt/symmetric/engines/local.properties +else + sed -i -e "s#^http.basic.auth.username=##" /opt/symmetric/engines/local.properties + sed -i -e "s#^http.basic.auth.password=##" /opt/symmetric/engines/local.properties +fi # Create symmetric tables # (We need to manually create them to be able to insert our own rules in diff --git a/services/symmetric/engines/local.properties b/services/symmetric/engines/local.properties index a536f5e3..d48f7f3f 100755 --- a/services/symmetric/engines/local.properties +++ b/services/symmetric/engines/local.properties @@ -7,6 +7,8 @@ db.init.sql=set role localdiscoveryservice sync.url= registration.url= +http.basic.auth.username= +http.basic.auth.password= # Do not change these for running the demo group.id=local From 3bd737d3063ae226ed0e708f558f5d4f515d3ac6 Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Mon, 22 Oct 2018 10:56:50 +0200 Subject: [PATCH 12/14] UPD generateAndImportCers powershell script - Updates the script to take the path to IRYO WWM DIR from env variable. --- docs/windowsClinic.md | 4 +++ docs/windowsClinic/generateAndImportCerts.ps1 | 35 ++++++++++--------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/docs/windowsClinic.md b/docs/windowsClinic.md index 460f4137..0894d113 100755 --- a/docs/windowsClinic.md +++ b/docs/windowsClinic.md @@ -42,6 +42,10 @@ Setup was tested on Windows 10 Home & Pro Editions. ## 2. Generate certificates and import root certificate to Windows root truststore. +* Set IRYO_WWM_DIR environment variable to the directory to which you checked out IRYO WWM repo. You can set it in Powershell following way + ``` + $env:IRYO_WWM_DIR = "" + ``` * Enter `docs/windowsClinic` directory in the admin-mode powershell. * Run `generateAndImportCerts.ps1` script: diff --git a/docs/windowsClinic/generateAndImportCerts.ps1 b/docs/windowsClinic/generateAndImportCerts.ps1 index 6fd03891..65ac2328 100755 --- a/docs/windowsClinic/generateAndImportCerts.ps1 +++ b/docs/windowsClinic/generateAndImportCerts.ps1 @@ -1,48 +1,49 @@ Write-Output "Generating certificate for local CA..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createCert.sh +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createCert.sh Write-Output "Generating certificate for localMinio..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localMinio +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localMinio Write-Output "Generating certificate for localNats..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localNats +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localNats Write-Output "Generating certificate for localStatusReporter..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localStatusReporter +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server localStatusReporter Write-Output "Generating certificate for postgres..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server postgres +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh server postgres Write-Output "Generating certificate for localAuth..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localAuth +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localAuth Write-Output "Generating certificate for traefik..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer traefik +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer traefik Write-Output "Generating certificate for localStorage..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localStorage +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localStorage Write-Output "Generating certificate for waitlist..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer waitlist +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer waitlist Write-Output "Generating certificate for storageSync..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer storageSync +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer storageSync Write-Output "Generating certificate for localDiscovery..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localDiscovery +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localDiscovery Write-Output "Generating certificate for localAuthSync..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh client localAuthSync +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh client localAuthSync Write-Output "Generating certificate for localNatsStreaming..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localNatsStreaming +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localNatsStreaming Write-Output "Generating certificate for localPrometheus..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localPrometheus +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer localPrometheus Write-Output "Generating certificate for batchStorageSync..." -docker run --rm -it -v /iryo/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer batchStorageSync +docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createProfileCert.sh peer batchStorageSync -cp ../../bin/tls/*.pem ../../bin/tls/certs/ +md ${env:IRYO_WWM_DIR}/bin/tls/certs/ -Force +cp ${env:IRYO_WWM_DIR}/bin/tls/*.pem ${env:IRYO_WWM_DIR}/bin/tls/certs/ -Import-Certificate -Filepath ../../bin/tls/ca.pem -CertStoreLocation cert:\CurrentUser\Root +Import-Certificate -Filepath ${env:IRYO_WWM_DIR}/bin/tls/ca.pem -CertStoreLocation cert:\CurrentUser\Root From 02f806a541b7f2bd55cc105bf950c8a437238f70 Mon Sep 17 00:00:00 2001 From: Dominik Znidar Date: Wed, 21 Nov 2018 15:43:30 +0100 Subject: [PATCH 13/14] Add missing readOnlyKeys for windows clinic --- docs/windowsClinic/frontendConfig.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/windowsClinic/frontendConfig.json b/docs/windowsClinic/frontendConfig.json index bf35eee5..09f0d604 100755 --- a/docs/windowsClinic/frontendConfig.json +++ b/docs/windowsClinic/frontendConfig.json @@ -7,5 +7,6 @@ "babyMaxAge": 1, "childMaxAge": 7, "waitlistId": "22afd921-0630-49f4-89a8-d1ad7639ee83", - "advancedRoleIDs": ["338fae76-9859-4803-8441-c5c441319cfd", "d91ff466-125b-4250-9dde-bbc282489430", "3720198b-74ed-40de-a45e-8756f22e67d2"] + "advancedRoleIDs": ["338fae76-9859-4803-8441-c5c441319cfd", "d91ff466-125b-4250-9dde-bbc282489430", "3720198b-74ed-40de-a45e-8756f22e67d2"], + “readOnlyKeys”: [“readOnlyKeys”, “baseUrl”, “apiUrl”, “clinicId”, “locationId”, “babyMaxAge”, “childMaxAge”] } From 8827fa5dd0f2950d1c1a774308b273001be368fb Mon Sep 17 00:00:00 2001 From: Mateusz Krasucki Date: Fri, 23 Nov 2018 10:29:20 +0100 Subject: [PATCH 14/14] FIX symmetric basic auth creds env var names --- services/symmetric/bin/local.sh | 8 ++++---- services/symmetric/engines/local.properties | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/services/symmetric/bin/local.sh b/services/symmetric/bin/local.sh index bb37c321..fb37f794 100755 --- a/services/symmetric/bin/local.sh +++ b/services/symmetric/bin/local.sh @@ -11,11 +11,11 @@ sed -i -e "s#^db.user=#db.user=${DB_USER}#" /opt/symmetric/engines/loca sed -i -e "s#^db.password=#db.password=${DB_PASSWORD}#" /opt/symmetric/engines/local.properties sed -i -e "s#^registration.url=#registration.url=${REGISTRATION_URL}#" /opt/symmetric/engines/local.properties if [ "$CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED" = true ] ; then - sed -i -e "s#^http.basic.auth.username=#http.basic.auth.username=${CLOUDSYMMETRIC_BASIC_AUTH_USERNAME}#" /opt/symmetric/engines/local.properties - sed -i -e "s#^http.basic.auth.password=#http.basic.auth.password=${CLOUDSYMMETRIC_BASIC_AUTH_PASSWORD}#" /opt/symmetric/engines/local.properties + sed -i -e "s#^http.basic.auth.username=#http.basic.auth.username=${CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME}#" /opt/symmetric/engines/local.properties + sed -i -e "s#^http.basic.auth.password=#http.basic.auth.password=${CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD}#" /opt/symmetric/engines/local.properties else - sed -i -e "s#^http.basic.auth.username=##" /opt/symmetric/engines/local.properties - sed -i -e "s#^http.basic.auth.password=##" /opt/symmetric/engines/local.properties + sed -i -e "s#^http.basic.auth.username=##" /opt/symmetric/engines/local.properties + sed -i -e "s#^http.basic.auth.password=##" /opt/symmetric/engines/local.properties fi # Create symmetric tables diff --git a/services/symmetric/engines/local.properties b/services/symmetric/engines/local.properties index d48f7f3f..c7f048ce 100755 --- a/services/symmetric/engines/local.properties +++ b/services/symmetric/engines/local.properties @@ -7,8 +7,8 @@ db.init.sql=set role localdiscoveryservice sync.url= registration.url= -http.basic.auth.username= -http.basic.auth.password= +http.basic.auth.username= +http.basic.auth.password= # Do not change these for running the demo group.id=local