more bugfix namespace problm and pangeapilot files
This commit is contained in:
parent
3af59e9423
commit
d2c63de37b
77
.env.example
77
.env.example
|
@ -10,6 +10,58 @@
|
|||
# specially useful if you want to deploy in a specific domain
|
||||
#MUSICIAN_API_BASE_URL='https://orchestra.example.org'
|
||||
#MUSICIAN_ALLOWED_HOSTS='musician.example.org'
|
||||
|
||||
# DEVICEHUB
|
||||
####
|
||||
|
||||
# Please fill in these three variables
|
||||
DEVICEHUB_API_DLT='http://$FIXME_IP_API_DLT'
|
||||
DEVICEHUB_API_DLT_TOKEN=$FIXME_TOKEN
|
||||
DEVICEHUB_API_RESOLVER='http://$FIXME_IP_API_RESOLVER'
|
||||
# you might change or register ID_FEDERATED if you change DEVICEHUB_HOST
|
||||
DEVICEHUB_ID_FEDERATED='DH12'
|
||||
# TODO this should be guessed by DEVICEHUB_HOST, and avoid hardcode of ID_FEDERATED
|
||||
DEVICEHUB_SERVER_ID_FEDERATED='DH12'
|
||||
DEVICEHUB_CLIENT_ID_FEDERATED='DH20'
|
||||
|
||||
# Database Variables
|
||||
DEVICEHUB_DB_USER='dhub'
|
||||
DEVICEHUB_DB_PASSWORD='ereuse'
|
||||
DEVICEHUB_DB_HOST='localhost'
|
||||
DEVICEHUB_DB_DATABASE='dpp'
|
||||
DEVICEHUB_SCHEMA='dbtest'
|
||||
DEVICEHUB_DB_SCHEMA='dbtest'
|
||||
|
||||
#DEVICEHUB_SERVER_ID_DEVICEHUB_HOST='http://devicehub-server-id.example.com'
|
||||
DEVICEHUB_SERVER_ID_DEVICEHUB_HOST='http://localhost:5000'
|
||||
#DEVICEHUB_CLIENT_ID_DEVICEHUB_HOST='http://devicehub-client-id.example.com'
|
||||
DEVICEHUB_CLIENT_ID_DEVICEHUB_HOST='http://localhost:5001'
|
||||
DEVICEHUB_SERVER_ID_SERVICE='server_id'
|
||||
DEVICEHUB_CLIENT_ID_SERVICE='client_id'
|
||||
DEVICEHUB_HOST='localhost'
|
||||
|
||||
DEVICEHUB_EMAIL_DEMO='user@example.com'
|
||||
DEVICEHUB_SERVER_ID_EMAIL_DEMO='user5000@example.com'
|
||||
DEVICEHUB_CLIENT_ID_EMAIL_DEMO='user5001@example.com'
|
||||
DEVICEHUB_PASSWORD_DEMO='1234'
|
||||
|
||||
DEVICEHUB_JWT_PASS='uncomment-it-and-fill-this'
|
||||
DEVICEHUB_SECRET_KEY='uncomment-it-and-fill-this'
|
||||
|
||||
# important to import snapshots (step 15)
|
||||
# rel path starts with ./
|
||||
DEVICEHUB_SNAPSHOTS_PATH='./examples/snapshots'
|
||||
# full path starts with /
|
||||
#DEVICEHUB_SNAPSHOTS_PATH='/tmp/dhub_docker/snapshots'
|
||||
DEVICEHUB_IMPORT_SNAPSHOTS='n'
|
||||
|
||||
# If you have a URL_MANUALS implementation, please change this url
|
||||
DEVICEHUB_URL_MANUALS='http://localhost:4000'
|
||||
|
||||
# on devicehub without dpp case, uncomment for a production deployment.
|
||||
# That is, use of gunicorn instead of a debug python server
|
||||
#DEVICEHUB_DEPLOYMENT='PROD'
|
||||
|
||||
# IDHUB
|
||||
####
|
||||
|
||||
|
@ -17,6 +69,7 @@ IDHUB_TIME_ZONE='Europe/Madrid'
|
|||
#IDHUB_SECRET_KEY='uncomment-it-and-fill-this'
|
||||
# enable dev flags when DEVELOPMENT deployment
|
||||
IDHUB_DEPLOYMENT='DEVELOPMENT'
|
||||
#IDHUB_DEPLOYMENT='PROD'
|
||||
# adapt to your domain in a production/reverse proxy env
|
||||
IDHUB_CSRF_TRUSTED_ORIGINS='https://idhub.example.org'
|
||||
|
||||
|
@ -34,3 +87,27 @@ IDHUB_EMAIL_BACKEND="django.core.mail.backends.smtp.EmailBackend"
|
|||
IDHUB_USER='admin'
|
||||
IDHUB_PASSWD='admin'
|
||||
IDHUB_EMAIL='admin@example.org'
|
||||
|
||||
# AUTHENTIK aka goauthentik
|
||||
####
|
||||
|
||||
AUTHENTIK_PG_PASS=goauthentik
|
||||
AUTHENTIK_PG_USER=goauthentik
|
||||
AUTHENTIK_PG_DB=goauthentik
|
||||
AUTHENTIK_SECRET_KEY=fixme_EMeeeT-$DEzm{4%=qo2L8!A=b3H-8HV>ycCs2vP+C
|
||||
|
||||
# SMTP Host Emails are sent to
|
||||
AUTHENTIK_EMAIL__HOST='smtp.pangea.org'
|
||||
AUTHENTIK_EMAIL__PORT=587
|
||||
# Optionally authenticate (don't add quotation marks to your password)
|
||||
AUTHENTIK_EMAIL__USERNAME='fixme_H6v<MIBmni23=uuc@y'
|
||||
AUTHENTIK_EMAIL__PASSWORD=fixme_T?Q|19r{P<e_cGq29E
|
||||
AUTHENTIK_EMAIL__USE_TLS=true
|
||||
AUTHENTIK_EMAIL__USE_SSL=false
|
||||
AUTHENTIK_EMAIL__TIMEOUT=10
|
||||
# Email address authentik will send from, should have a correct @domain
|
||||
AUTHENTIK_EMAIL__FROM='noreply@example.org'
|
||||
|
||||
AUTHENTIK_BOOTSTRAP_EMAIL='admin@example.org'
|
||||
AUTHENTIK_BOOTSTRAP_TOKEN='fixme_!dN94KJ%Uz%f?+NES'
|
||||
AUTHENTIK_BOOTSTRAP_PASSWORD='fixme_<1|-@4-yDsat@p>XES'
|
||||
|
|
|
@ -7,5 +7,5 @@ django-orchestra
|
|||
django-musician
|
||||
IdHub
|
||||
|
||||
idhub1__pilot-xo9b/
|
||||
idhub2__pilot-xo9b/
|
||||
idhub1__*
|
||||
idhub2__*
|
||||
|
|
19
Makefile
19
Makefile
|
@ -9,6 +9,7 @@ project := dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral
|
|||
orchestra_branch := `git -C django-orchestra branch --show-current`
|
||||
orchestra_commit := `git -C django-orchestra log -1 --format=%h`
|
||||
orchestra_tag := ${orchestra_branch}__${orchestra_commit}
|
||||
orchestra_tag := latest
|
||||
orchestra_image := ${project}/orchestra:${orchestra_tag}
|
||||
|
||||
####
|
||||
|
@ -18,8 +19,21 @@ orchestra_image := ${project}/orchestra:${orchestra_tag}
|
|||
musician_branch := `git -C django-musician branch --show-current`
|
||||
musician_commit := `git -C django-musician log -1 --format=%h`
|
||||
musician_tag := ${musician_branch}__${musician_commit}
|
||||
musician_tag := latest
|
||||
musician_image := ${project}/musician:${musician_tag}
|
||||
|
||||
####
|
||||
# devicehub image tag
|
||||
####
|
||||
|
||||
# TODO
|
||||
|
||||
devicehub_branch := `git -C devicehub-teal branch --show-current`
|
||||
devicehub_commit := `git -C devicehub-teal log -1 --format=%h`
|
||||
devicehub_tag := ${devicehub_branch}__${devicehub_commit}
|
||||
devicehub_tag := latest
|
||||
devicehub_image := ${project}/devicehub:${devicehub_tag}
|
||||
|
||||
####
|
||||
# idhub image tag
|
||||
####
|
||||
|
@ -27,15 +41,16 @@ musician_image := ${project}/musician:${musician_tag}
|
|||
idhub_branch := `git -C IdHub branch --show-current`
|
||||
idhub_commit := `git -C IdHub log -1 --format=%h`
|
||||
idhub_tag := ${idhub_branch}__${idhub_commit}
|
||||
idhub_tag := latest
|
||||
idhub_image := ${project}/idhub:${idhub_tag}
|
||||
|
||||
.PHONY: idhub_build
|
||||
idhub_build:
|
||||
docker build -f docker/idhub.Dockerfile -t ${idhub_image} -t ${project}/idhub:latest .
|
||||
docker build -f docker/idhub.Dockerfile -t ${idhub_image} -t ${project}/idhub:${idhub_branch}__latest .
|
||||
|
||||
docker_build:
|
||||
docker build -f docker/orchestra.Dockerfile -t ${orchestra_image} -t ${project}/orchestra:latest .
|
||||
#docker build -f docker/musician.Dockerfile -t ${musician_image} -t ${project}/musician:latest .
|
||||
docker build -f docker/musician.Dockerfile -t ${musician_image} -t ${project}/musician:latest .
|
||||
$(MAKE) idhub_build
|
||||
@printf "\n##########################\n"
|
||||
@printf "\nimage: ${orchestra_image}\n"
|
||||
|
|
|
@ -2,7 +2,6 @@ version: "3.9"
|
|||
services:
|
||||
|
||||
idhub1:
|
||||
container_name: idhub1
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
|
|
|
@ -0,0 +1,159 @@
|
|||
version: "3.9"
|
||||
services:
|
||||
|
||||
orchestra:
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/orchestra:latest
|
||||
environment:
|
||||
- SECRET_KEY=${ORCHESTRA_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
ports:
|
||||
- "9080:9080"
|
||||
# TODO configure volumes
|
||||
#volumes:
|
||||
# - .:/home
|
||||
|
||||
musician:
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/musician:latest
|
||||
ports:
|
||||
- "8080:8080"
|
||||
environment:
|
||||
- SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000}
|
||||
- ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*}
|
||||
# TODO configure volumes
|
||||
#volumes:
|
||||
# - .:/home
|
||||
|
||||
# WARNING: this containers is hardcoded and is only useful in localhost deployments
|
||||
# and as a reference for reachable deployments
|
||||
nginx-orchestra-api:
|
||||
image: nginx
|
||||
ports:
|
||||
- 3000:3000
|
||||
volumes:
|
||||
# src https://hub.docker.com/_/nginx
|
||||
# src https://github.com/docker-library/docs/tree/master/nginx#complex-configuration
|
||||
- ./docker/nginx-orchestra-api.nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
|
||||
idhub:
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9001}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- CSRF_TRUSTED_ORIGINS=https://idhub1-xo9b.demo.pangea.org
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- RESPONSE_URI=https://idhub1-xo9b.demo.pangea.org/oidc4vp/
|
||||
- ALLOW_CODE_URI=https://idhub1-xo9b.demo.pangea.org/oidc4vp/allow_code
|
||||
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
||||
ports:
|
||||
- 9021:9001
|
||||
|
||||
# from https://goauthentik.io/docs/installation/docker-compose
|
||||
# https://goauthentik.io/docker-compose.yml
|
||||
ga_postgresql:
|
||||
image: docker.io/library/postgres:12-alpine
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 5s
|
||||
volumes:
|
||||
- ga_database:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ${AUTHENTIK_PG_PASS:?database password required}
|
||||
POSTGRES_USER: ${AUTHENTIK_PG_USER:-authentik}
|
||||
POSTGRES_DB: ${AUTHENTIK_PG_DB:-authentik}
|
||||
env_file:
|
||||
- .env
|
||||
ga_redis:
|
||||
image: docker.io/library/redis:alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 3s
|
||||
volumes:
|
||||
- ga_redis:/data
|
||||
ga_server:
|
||||
image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: ga_redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
|
||||
AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST}
|
||||
AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT}
|
||||
AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME}
|
||||
AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD}
|
||||
AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS}
|
||||
AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL}
|
||||
AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT}
|
||||
AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM}
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./custom-templates:/templates
|
||||
env_file:
|
||||
- .env
|
||||
ports:
|
||||
- "${COMPOSE_PORT_HTTP:-9000}:9000"
|
||||
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
|
||||
depends_on:
|
||||
- ga_postgresql
|
||||
- ga_redis
|
||||
ga_worker:
|
||||
image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: ga_redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
|
||||
# `user: root` and the docker socket volume are optional.
|
||||
# See more for the docker socket integration here:
|
||||
# https://goauthentik.io/docs/outposts/integrations/docker
|
||||
# Removing `user: root` also prevents the worker from fixing the permissions
|
||||
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
||||
# (1000:1000 by default)
|
||||
user: root
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./media:/media
|
||||
- ./certs:/certs
|
||||
- ./custom-templates:/templates
|
||||
env_file:
|
||||
- .env
|
||||
depends_on:
|
||||
- ga_postgresql
|
||||
- ga_redis
|
||||
|
||||
volumes:
|
||||
shared:
|
||||
ga_database:
|
||||
driver: local
|
||||
ga_redis:
|
||||
driver: local
|
|
@ -2,7 +2,6 @@ version: "3.9"
|
|||
services:
|
||||
|
||||
idhub1:
|
||||
container_name: idhub1
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
|
@ -33,7 +32,6 @@ services:
|
|||
- sharedsecret:/sharedsecret:rw
|
||||
|
||||
idhub2:
|
||||
container_name: idhub2
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
|
|
|
@ -2,7 +2,6 @@ version: "3.9"
|
|||
services:
|
||||
|
||||
idhub1:
|
||||
container_name: idhub1
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
|
@ -33,7 +32,6 @@ services:
|
|||
- sharedsecret:/sharedsecret:rw
|
||||
|
||||
idhub2:
|
||||
container_name: idhub2
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
|
|
Reference in New Issue