diff --git a/docker-compose.yml b/docker-compose.yml index bd6c6f6d..0454d948 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,15 +1,13 @@ version: "3.9" services: - devicehub: + devicehub-id-server: init: true - # TODO - image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__eafcac09 - #build . + image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__54511e1b environment: - DB_USER=${DB_USER} - DB_PASSWORD=${DB_PASSWORD} - - DB_HOST=postgres + - DB_HOST=postgres-id-server - DB_DATABASE=${DB_DATABASE} - HOST=${HOST} - EMAIL_DEMO=${EMAIL_DEMO} @@ -19,15 +17,18 @@ services: - API_DLT=${API_DLT} - API_RESOLVER=${API_RESOLVER} - API_DLT_TOKEN=${API_DLT_TOKEN} - - DEVICEHUB_HOST=${DEVICEHUB_HOST} - - ID_FEDERATED=${ID_FEDERATED} + - DEVICEHUB_HOST=${SERVER_ID_DEVICEHUB_HOST} + - ID_FEDERATED=${SERVER_ID_FEDERATED} - URL_MANUALS=${URL_MANUALS} + - ID_SERVICE=${SERVER_ID_SERVICE} + - AUTHORIZED_CLIENT_URL=${CLIENT_ID_DEVICEHUB_HOST} ports: - 5000:5000 volumes: - ${SNAPSHOTS_PATH}:/mnt/snapshots:ro + - shared:/shared:rw - postgres: + postgres-id-server: image: dkr-dsg.ac.upc.edu/devicehub/postgres:dpp_docker__eafcac09 # 4. To create the database. # 5. Give permissions to the corresponding users in the database. @@ -36,12 +37,59 @@ services: - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_USER=${DB_USER} - POSTGRES_DB=${DB_DATABASE} + # DEBUG + #ports: + # - 5432:5432 + # TODO persistence + #volumes: + # - pg_data:/var/lib/postgresql/data + + devicehub-id-client: + init: true + image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__54511e1b + environment: + - DB_USER=${DB_USER} + - DB_PASSWORD=${DB_PASSWORD} + - DB_HOST=postgres-id-client + - DB_DATABASE=${DB_DATABASE} + - HOST=${HOST} + - EMAIL_DEMO=${EMAIL_DEMO} + - PASSWORD_DEMO=${PASSWORD_DEMO} + - JWT_PASS=${JWT_PASS} + - SECRET_KEY=${SECRET_KEY} + - API_DLT=${API_DLT} + - API_RESOLVER=${API_RESOLVER} + - API_DLT_TOKEN=${API_DLT_TOKEN} + - DEVICEHUB_HOST=${CLIENT_ID_DEVICEHUB_HOST} + - SERVER_ID_HOST=${SERVER_ID_DEVICEHUB_HOST} + - ID_FEDERATED=${CLIENT_ID_FEDERATED} + - URL_MANUALS=${URL_MANUALS} + - ID_SERVICE=${CLIENT_ID_SERVICE} ports: - - 5432:5432 + - 5001:5001 + volumes: + - ${SNAPSHOTS_PATH}:/mnt/snapshots:ro + - shared:/shared:ro + + postgres-id-client: + image: dkr-dsg.ac.upc.edu/devicehub/postgres:dpp_docker__eafcac09 + # 4. To create the database. + # 5. Give permissions to the corresponding users in the database. + # extra src https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables + environment: + - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_USER=${DB_USER} + - POSTGRES_DB=${DB_DATABASE} + # DEBUG + #ports: + # - 5432:5432 # TODO persistence #volumes: # - pg_data:/var/lib/postgresql/data - # TODO https://testdriven.io/blog/dockerizing-django-with-postgres-gunicorn-and-nginx/ - #nginx + # TODO https://testdriven.io/blog/dockerizing-django-with-postgres-gunicorn-and-nginx/ + #nginx + +volumes: + shared: diff --git a/docker/devicehub.entrypoint.sh b/docker/devicehub.entrypoint.sh index e8c89a6b..9783b367 100755 --- a/docker/devicehub.entrypoint.sh +++ b/docker/devicehub.entrypoint.sh @@ -102,15 +102,48 @@ handle_federated_id() { } -main() { +config_oidc() { + # TODO test allowing more than 1 client + if [ "${ID_SERVICE}" = "server_id" ]; then - gen_env_vars + client_description="client identity from docker compose demo" - wait_for_postgres + # in AUTHORIZED_CLIENT_URL we remove anything before :// + flask add_contract_oidc \ + "${EMAIL_DEMO}" \ + "${client_description}" \ + "${AUTHORIZED_CLIENT_URL}" \ + > /shared/client_id_${AUTHORIZED_CLIENT_URL#*://} - init_flagfile='/container_initialized' + elif [ "${ID_SERVICE}" = "client_id" ]; then + + # in DEVICEHUB_HOST we remove anything before :// + CLIENT_ID_CONFIG="/shared/client_id_${DEVICEHUB_HOST#*://}" + + # wait that the file generated by the server_id is readable + while true; do + if [ -f "${CLIENT_ID_CONFIG}" ]; then + break + fi + sleep 1 + done + + client_id="$(cat "${CLIENT_ID_CONFIG}" | jq -r '.client_id')" + client_secret="$(cat "${CLIENT_ID_CONFIG}" | jq -r '.client_secret')" + + flask add_client_oidc \ + "${SERVER_ID_HOST}" \ + "${client_id}" \ + "${client_secret}" + + else + big_error "Something went wrong ${ID_SERVICE} is not server_id nor client_id" + fi +} + +config_phase() { + init_flagfile='/already_configured' if [ ! -f "${init_flagfile}" ]; then - # 7, 8, 9, 11 init_data @@ -133,9 +166,21 @@ main() { # # 16. flask check_install "${EMAIL_DEMO}" ${PASSWORD_DEMO} + # config server or client ID + config_oidc + # remain next command as the last operation for this if conditional touch "${init_flagfile}" fi +} + +main() { + + gen_env_vars + + wait_for_postgres + + config_phase # 17. Use gunicorn # thanks https://akira3030.github.io/formacion/articulos/python-flask-gunicorn-docker.html diff --git a/examples/env.example b/examples/env.example index 8b6d62d2..476f5941 100644 --- a/examples/env.example +++ b/examples/env.example @@ -9,7 +9,10 @@ API_RESOLVER='http://$IP_API_RESOLVER' ID_FEDERATED='$ID' URL_MANUALS='http://$IP_MANUALS' -DEVICEHUB_HOST='http://devicehub.example.com' +SERVER_ID_DEVICEHUB_HOST='http://devicehub-server-id.example.com' +CLIENT_ID_DEVICEHUB_HOST='http://devicehub-client-id.example.com' +SERVER_ID_SERVICE='server_id' +CLIENT_ID_SERVICE='client_id' HOST='localhost' SCHEMA='dbtest'