deployment for demo 12D (not tested)
This commit is contained in:
parent
df05735979
commit
16fe3a28bf
67
docker-compose_idhub-demo-12d.yml
Normal file
67
docker-compose_idhub-demo-12d.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
version: "3.9"
|
||||||
|
services:
|
||||||
|
|
||||||
|
idhub1:
|
||||||
|
container_name: idhub1
|
||||||
|
init: true
|
||||||
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||||
|
environment:
|
||||||
|
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
|
||||||
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
|
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||||
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
|
- PORT=${IDHUB_PORT:-9001}
|
||||||
|
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||||
|
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||||
|
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||||
|
- CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
|
||||||
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||||
|
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||||
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
|
- RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/
|
||||||
|
- ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code
|
||||||
|
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
||||||
|
ports:
|
||||||
|
- 9001:9001
|
||||||
|
volumes:
|
||||||
|
- ./idhub1:/opt/idhub
|
||||||
|
- sharedsecret:/sharedsecret:rw
|
||||||
|
|
||||||
|
idhub2:
|
||||||
|
container_name: idhub2
|
||||||
|
init: true
|
||||||
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||||
|
environment:
|
||||||
|
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
|
||||||
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
|
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||||
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
|
- PORT=${IDHUB_PORT:-9002}
|
||||||
|
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||||
|
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||||
|
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||||
|
- CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
|
||||||
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||||
|
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||||
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
|
- RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/
|
||||||
|
- ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code
|
||||||
|
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
||||||
|
ports:
|
||||||
|
- 9002:9002
|
||||||
|
volumes:
|
||||||
|
- ./idhub2:/opt/idhub
|
||||||
|
- sharedsecret:/sharedsecret:rw
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
sharedsecret:
|
|
@ -4,7 +4,10 @@ RUN apt update && apt-get install -y \
|
||||||
python3-minimal \
|
python3-minimal \
|
||||||
python3-pip \
|
python3-pip \
|
||||||
python3-dev \
|
python3-dev \
|
||||||
python-is-python3
|
python-is-python3 \
|
||||||
|
git \
|
||||||
|
sqlite3 \
|
||||||
|
jq
|
||||||
|
|
||||||
WORKDIR /opt/idhub
|
WORKDIR /opt/idhub
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,40 @@ set -e
|
||||||
set -u
|
set -u
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
|
_set() {
|
||||||
|
key="${1}"
|
||||||
|
value="${2}"
|
||||||
|
response_uri="${3}"
|
||||||
|
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
|
||||||
|
}
|
||||||
|
|
||||||
|
_get() {
|
||||||
|
sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
|
||||||
|
}
|
||||||
|
|
||||||
|
config_oidc4vp() {
|
||||||
|
# populate your config
|
||||||
|
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
|
||||||
|
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
|
||||||
|
data="$(_get)"
|
||||||
|
echo "${data}" | jq --arg uri "${R_URI_CLEAN}" '{ ($uri): .}' > /sharedsecret/${file}
|
||||||
|
|
||||||
|
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
|
||||||
|
sleep 2
|
||||||
|
# get other configs
|
||||||
|
for host in /sharedsecret/*; do
|
||||||
|
# we are flexible on querying for RESPONSE_URI: the first one based on regex
|
||||||
|
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
|
||||||
|
filtered_data="$(cat "${host}" | jq --arg uri "${target_uri}" 'first(.[][] | select(.response_uri | test ($uri)))')"
|
||||||
|
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
|
||||||
|
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
|
||||||
|
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
|
||||||
|
|
||||||
|
_set my_client_id ${client_id} ${response_uri}
|
||||||
|
_set my_client_secret ${client_secret} ${response_uri}
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
idhub_dir='/opt/idhub'
|
idhub_dir='/opt/idhub'
|
||||||
cd "${idhub_dir}"
|
cd "${idhub_dir}"
|
||||||
|
@ -19,7 +53,7 @@ END
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# detect if existing deployment
|
# detect if existing deployment (TODO only works with sqlite)
|
||||||
if [ -f "${idhub_dir}/db.sqlite3" ]; then
|
if [ -f "${idhub_dir}/db.sqlite3" ]; then
|
||||||
echo "INFO: detected EXISTING deployment"
|
echo "INFO: detected EXISTING deployment"
|
||||||
./manage.py makemigrations
|
./manage.py makemigrations
|
||||||
|
@ -33,6 +67,8 @@ END
|
||||||
if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
|
if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
|
||||||
printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
||||||
./manage.py initial_datas
|
./manage.py initial_datas
|
||||||
|
|
||||||
|
config_oidc4vp
|
||||||
else
|
else
|
||||||
printf "creating superuser \n user: ${DJANGO_SUPERUSER_USERNAME}\n password: ${DJANGO_SUPERUSER_PASSWORD}\n email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
|
printf "creating superuser \n user: ${DJANGO_SUPERUSER_USERNAME}\n password: ${DJANGO_SUPERUSER_PASSWORD}\n email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
|
||||||
## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
|
## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
|
||||||
|
|
35
idhub_build_demo_12d.sh
Executable file
35
idhub_build_demo_12d.sh
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -u
|
||||||
|
# DEBUG
|
||||||
|
set -x
|
||||||
|
|
||||||
|
# wallet and verifier idhub demo
|
||||||
|
main() {
|
||||||
|
deployment="${1:-}"
|
||||||
|
|
||||||
|
# detach on production deployment
|
||||||
|
if [ "${deployment}" = 'prod' ]; then
|
||||||
|
detach='-d'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# force recreate
|
||||||
|
rm -rf ./idhub1 ./idhub2
|
||||||
|
|
||||||
|
# detect if is new
|
||||||
|
if [ ! -f "./idhub1" ] && [ ! -f "./idhub2" ]; then
|
||||||
|
echo 'Detected new deployment, recreating git repos idhub1 and idhub2'
|
||||||
|
cp -rp IdHub idhub1
|
||||||
|
rm -f idhub1/db.sqlite3
|
||||||
|
cp -rp IdHub idhub2
|
||||||
|
rm -f idhub2/db.sqlite3
|
||||||
|
fi
|
||||||
|
|
||||||
|
idhub_dc_f='docker-compose_idhub-demo-12d.yml'
|
||||||
|
docker compose -f ${idhub_dc_f} down -v || true
|
||||||
|
make idhub_build \
|
||||||
|
&& docker compose -f ${idhub_dc_f} up ${detach:-}
|
||||||
|
}
|
||||||
|
|
||||||
|
main "${@}"
|
Reference in a new issue