Add clinic@windows setup instructions

bin/tls/Makefile

@@ -13,10 +13,10 @@ clean:
 	@find . -type f \( -name '*.pem' -o -name '*.csr' \) -not -name "ca*" -delete
 
 ca.pem:
-	$(DOCKER) ./createCert.sh
+	$(DOCKER) /bin/bash createCert.sh
 
 %.pem: %.json
-	$(DOCKER) ./createProfileCert.sh $(TYPE) $*
+	$(DOCKER) /bin/bash createProfileCert.sh $(TYPE) $*
 
 certs/%.pem:
 	mkdir -p $(CDIR)/certs

bin/tls/createCert.sh

@@ -1,3 +1,2 @@
 #!/bin/bash
-
 cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

bin/tls/createProfileCert.sh

@@ -1,4 +1,2 @@
 #!/bin/bash
-
-cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json \
-    -profile=$1 $2.json | cfssljson -bare $2
+cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=$1 $2.json | cfssljson -bare $2

docker-compose.yml

@@ -322,6 +322,12 @@ services:
     - ./services/symmetric/samples:/opt/symmetric/samples:ro
     - ./services/symmetric/bin:/root/bin:ro
     - ./services/symmetric/log4j.xml:/opt/symmetric/conf/log4j.xml:ro
+    environment:
+    - LOCATION_ID=2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa
+    - DB_URL=jdbc:postgresql://postgres/localdiscovery
+    - DB_USER=localsymmetric
+    - DB_PASSWORD=symmetric
+    - REGISTRATION_URL=http://cloudSymmetric:31415/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326
     depends_on:
     - postgres
 

docs/k8s/cloud-development-values.yaml

@@ -70,7 +70,8 @@ cloudSymmetric:
   dbUser: cloudsymmetric
   dbPassword: symmetric
   dbRole: clouddiscoveryservice
-  cloudSymmetricHost: cloudsymmetric.cloud.svc.cluster.local
+  cloudSymmetricProtocol: http
+  cloudSymmetricPublicHost: cloudsymmetric.cloud.svc.cluster.local
   nodePassword: jtpmff6bfm9lm51vykn3hz8dor053833
   localNodes:
     - id: 2d04b22e-1cc3-46b4-96dd-2bee5bad9ffa

docs/k8s/local-development-values.yaml

@@ -48,4 +48,5 @@ localSymmetric:
     dbUser: localsymmetric
     dbPassword: symmetric
     dbRole: localdiscoveryservice
-    cloudSymmetricHost: cloudsymmetric.cloud.svc.cluster.local
+    cloudSymmetricProtocol: http
+    cloudSymmetricPublicHost: cloudsymmetric.cloud.svc.cluster.local

docs/windowsClinic.md

@@ -0,0 +1,94 @@
+# Running full clinic deployment on Windows
+
+### Requirements
+
+Setup was tested on Windows 10 Home & Pro Editions.
+
+## 1. Initial setup.
+
+### Windows 10 Pro
+
+*   Install Git for Windows to be able to checkout the project.
+*   Install and setup Docker for Windows. Choose default options to use Linux Containers on Windows.
+*   Install Bonjour for Windows to get support for mDNS.
+    *   The easiest way to get latest Bonjour for Windows is to install iTunes. It is possible to extract Bonjour-only _\*.msi_ installer by unzipping iTunes installer file.
+*   Checkout IRYO WWM repo:
+    Before checkout, while configuring git you should disable auto conversion to CRLF line endings.
+
+        ```
+        git config --global core.autocrlf false
+        ```
+
+    You should checkout IRYO WWM to `C:\iryo\wwm` not to have to change default `IRYO_WWM_DIR` docker-compose file environment variable
+
+*   Go to Docker for Windows settings. In tab `Shared Drives` add the drive on which you checked out IRYO WWM repo to list of drives that can be available to Docker containers.
+
+### Windows 10 Home
+
+*   Download Docker Toolbox for Windows.
+*   Unless you have them already installed choose to install Virtual Box and Git for Windows.
+*   Run Docker Toolbox QuickStart Shell to create and setup docker machine.
+*   Install Bonjour for Windows to get support for mDNS.
+    *   The easiest way to get latest Bonjour for Windows is to install iTunes. It is possible to extract Bonjour-only _\*.msi_ installer by unzipping iTunes installer file.
+*   Checkout IRYO WWM repo:
+    Before checkout, while configuring git you should disable auto conversion to CRLF line endings.
+
+    ```
+    git config --global core.autocrlf false
+    ```
+
+*   Add IRYO WWM dir to shared folders for docker machine VM.
+    The easiest way to do it currently is to open Virtual Box GUI and add path to WWM dir to visible there docker machine VM. You should mount WWM dir under `/iryo` in the VM not to have to change default `IRYO_WWM_DIR` docker-compose file environment variable.
+
+## 2. Generate certificates and import root certificate to Windows root truststore.
+
+*   Set IRYO_WWM_DIR environment variable to the directory to which you checked out IRYO WWM repo. You can set it in Powershell following way
+    ```
+    $env:IRYO_WWM_DIR = "<PATH>"
+    ```
+*   Enter `docs/windowsClinic` directory in the admin-mode powershell.
+*   Run `generateAndImportCerts.ps1` script:
+
+```
+powershell -ExecutionPolicy ByPass -File .\generateAndImportCerts.ps1
+```
+
+## 3. Setup location, clinic on cloud and import certificates.
+
+1.  Setup location and clinic on cloud deployment that you intend to connect clinic to. Write down location ID and clinic ID.
+2.  Configure certificates for authSync, storageSync and batchStorageSync generated in previous step so they will be accepted as valid by `cloudAuth`.
+
+## 4. Set configuration values.
+
+1.  Edit `frontendConfig.json` to include correct `clinicId` and `locationId`.
+2.  Edit `.env` environment variables file for `docker-compose` it's included together with `docker-compose` in folders speciifc for Windows edition.
+    The .env files contain default values for test Windows clinic deployment that is connecting to stagingcloud deployment.
+    The values that are not filled in and has to be added before running the clinic are:
+    *   `CLOUDSYMMETRIC_BASIC_AUTH_USERNAME` and `CLOUDSYMMETRIC_BASIC_AUTH_PASSWORD`.
+        It needs to be set to correct username and password setup for `cloudSymmetric` server endpoints at the chosen cloud deployment.
+    *   `AUTH_STORAGE_ENCRYPTION_KEY`
+        It needs to be the same as at the chosen cloud deployment's `cloudAuth`. Otherwise `locatAuth` won't be able to decrypt received auth DB file.
+
+## 6. Start clinic
+
+While being in `docs/windowsClinic/home` (for Windows 10 Home) or `docs/windowsClinic/home` (for Windows 10 Pro) run in powershell:
+
+```
+docker-compose up -d
+```
+
+Now you should be able to access clinic web interface at `https://iryo.local`.
+
+## Known issues
+
+### Windows 10 Pro
+
+1.  Clinic site is not accessible from Microsoft Edge browser due to Microsoft Edge not being able to correctly resolve local domains.
+
+### Windows 10 Home
+
+1.  Clinic site is not accessible from Microsoft Edge browser.
+2.  `locaNats` often does not start on the first try. When `docker-compose up` is called once again it finally works. The issue needs to be investigated.
+3.  `localDiscovery` often does not start on the first try due to `postgres` not being online yet. Waiting script needs to be implemented.
+4.  `localPrometheus` container is forced to run as root as on default it's run as user `nobody` and cannot access data volume.
+5.  `localPrometheus` expression browser is not easily accessible at the moment.

docs/windowsClinic/Dockerfile.traefik

@@ -0,0 +1,4 @@
+FROM traefik:1.4-alpine
+
+ADD ../../bin/tls/certs /usr/local/share/ca-certificates/
+RUN update-ca-certificates

docs/windowsClinic/frontendConfig.json

@@ -0,0 +1,12 @@
+{
+    "locale": "en",
+    "baseUrl": "https://iryo.local",
+    "apiUrl": "https://iryo.local/api/v1",
+    "clinicId": "c14b34ce-c855-40e6-99fd-87c360546714",
+    "locationId": "499d7014-7318-4b8d-8388-092a7d81fcee",
+    "babyMaxAge": 1,
+    "childMaxAge": 7,
+    "waitlistId": "22afd921-0630-49f4-89a8-d1ad7639ee83",
+    "advancedRoleIDs": ["338fae76-9859-4803-8441-c5c441319cfd", "d91ff466-125b-4250-9dde-bbc282489430", "3720198b-74ed-40de-a45e-8756f22e67d2"],
+    “readOnlyKeys”: [“readOnlyKeys”, “baseUrl”, “apiUrl”, “clinicId”, “locationId”, “babyMaxAge”, “childMaxAge”]
+}

docs/windowsClinic/generateAndImportCerts.ps1

@@ -0,0 +1,49 @@
+Write-Output "Generating certificate for local CA..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl /bin/bash createCert.sh
+
+Write-Output "Generating certificate for localMinio..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh server localMinio
+
+Write-Output "Generating certificate for localNats..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh server localNats
+
+Write-Output "Generating certificate for localStatusReporter..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh server localStatusReporter
+
+Write-Output "Generating certificate for postgres..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh server postgres
+
+Write-Output "Generating certificate for localAuth..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer localAuth
+
+Write-Output "Generating certificate for traefik..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer traefik
+
+Write-Output "Generating certificate for localStorage..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer localStorage
+
+Write-Output "Generating certificate for waitlist..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer waitlist
+
+Write-Output "Generating certificate for storageSync..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer storageSync
+
+Write-Output "Generating certificate for localDiscovery..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer localDiscovery
+
+Write-Output "Generating certificate for localAuthSync..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh client localAuthSync
+
+Write-Output "Generating certificate for localNatsStreaming..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer localNatsStreaming
+
+Write-Output "Generating certificate for localPrometheus..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer localPrometheus
+
+Write-Output "Generating certificate for batchStorageSync..."
+docker run --rm -it -v ${env:IRYO_WWM_DIR}/bin/tls:/certs --entrypoint='' -w /certs cfssl/cfssl  /bin/bash createProfileCert.sh peer batchStorageSync
+
+md ${env:IRYO_WWM_DIR}/bin/tls/certs/ -Force
+cp ${env:IRYO_WWM_DIR}/bin/tls/*.pem ${env:IRYO_WWM_DIR}/bin/tls/certs/
+
+Import-Certificate -Filepath ${env:IRYO_WWM_DIR}/bin/tls/ca.pem -CertStoreLocation cert:\CurrentUser\Root

docs/windowsClinic/home/.env

@@ -0,0 +1,25 @@
+COMPOSE_CONVERT_WINDOWS_PATHS=1
+IRYO_WWM_DIR=/iryo
+IRYO_TAG=v0.4.2
+CLINIC_ID=c14b34ce-c855-40e6-99fd-87c360546714
+LOCATION_ID=499d7014-7318-4b8d-8388-092a7d81fcee
+CLOUD_AUTH_HOST=cloud.stg.iryo.io/api/v1
+CLOUD_STORAGE_HOST=cloud.stg.iryo.io/api/v1
+SYMMETRIC_REGISTRATION_URL=https://cloudsymmetric.stg.iryo.io/sync/cloud-f7e41e48-ec79-4c78-9db6-37c0c4f78326
+LOCAL_POSTGRES_USER=root
+LOCAL_POSTGRES_PASSWORD=root
+LOCAL_DISCOVERY_DB_USERNAME=localdiscovery
+LOCAL_DISCOVERY_DB_PASSWORD=localdiscovery
+LOCAL_SYMMETRIC_DB_USERNAME=localsymmetric
+LOCAL_SYMMETRIC_DB_PASSWORD=symmetric
+WAITLIST_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ=
+LOCAL_STORAGE_ENCRYPTION_KEY=6fgt+cQUwUHbhzEalXkFv3ESMNMti1mdJxP6hFVjZGQ=
+LOCAL_STORAGE_S3_SECRET=localminio
+LOCAL_NATS_SECRET=secret
+LOCAL_MINIO_ACCESS_KEY=local
+LOCAL_MINIO_SECRET_KEY=localminio
+AUTH_STORAGE_ENCRYPTION_KEY=
+CLOUD_SYMMETRIC_BASIC_AUTH_ENABLED=true
+CLOUD_SYMMETRIC_BASIC_AUTH_USERNAME=
+CLOUD_SYMMETRIC_BASIC_AUTH_PASSWORD=
+AUTH_STORAGE_ENCRYPTION_KEY=