deployment for demo 12D (not tested)
This commit is contained in:
parent
df05735979
commit
a156c1e167
67
docker-compose_idhub-demo-12d.yml
Normal file
67
docker-compose_idhub-demo-12d.yml
Normal file
|
@ -0,0 +1,67 @@
|
|||
version: "3.9"
|
||||
services:
|
||||
|
||||
idhub1:
|
||||
container_name: idhub1
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9001}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/
|
||||
- ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code
|
||||
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
||||
ports:
|
||||
- 9001:9001
|
||||
volumes:
|
||||
- ./idhub1:/opt/idhub
|
||||
- sharedsecret:/sharedsecret:rw
|
||||
|
||||
idhub2:
|
||||
container_name: idhub2
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||
environment:
|
||||
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9002}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/
|
||||
- ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code
|
||||
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
||||
ports:
|
||||
- 9002:9002
|
||||
volumes:
|
||||
- ./idhub2:/opt/idhub
|
||||
- sharedsecret:/sharedsecret:rw
|
||||
|
||||
volumes:
|
||||
sharedsecret:
|
|
@ -4,7 +4,10 @@ RUN apt update && apt-get install -y \
|
|||
python3-minimal \
|
||||
python3-pip \
|
||||
python3-dev \
|
||||
python-is-python3
|
||||
python-is-python3 \
|
||||
git \
|
||||
sqlite3 \
|
||||
jq
|
||||
|
||||
WORKDIR /opt/idhub
|
||||
|
||||
|
|
|
@ -4,6 +4,40 @@ set -e
|
|||
set -u
|
||||
set -x
|
||||
|
||||
_set() {
|
||||
key="${1}"
|
||||
value="${2}"
|
||||
response_uri="${3}"
|
||||
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
|
||||
}
|
||||
|
||||
_get() {
|
||||
sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
|
||||
}
|
||||
|
||||
config_oidc4vp() {
|
||||
# populate your config
|
||||
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
|
||||
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
|
||||
data="$(_get)"
|
||||
echo "${data}" | jq --arg uri "${R_URI_CLEAN}" '{ ($uri): .}' > /sharedsecret/${file}
|
||||
|
||||
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
|
||||
sleep 2
|
||||
# get other configs
|
||||
for host in /sharedsecret/*; do
|
||||
# we are flexible on querying for RESPONSE_URI: the first one based on regex
|
||||
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
|
||||
filtered_data="$(cat "${host}" | jq --arg uri "${target_uri}" 'first(.[][] | select(.response_uri | test ($uri)))')"
|
||||
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
|
||||
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
|
||||
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
|
||||
|
||||
_set my_client_id ${client_id} ${response_uri}
|
||||
_set my_client_secret ${client_secret} ${response_uri}
|
||||
done
|
||||
}
|
||||
|
||||
main() {
|
||||
idhub_dir='/opt/idhub'
|
||||
cd "${idhub_dir}"
|
||||
|
@ -19,7 +53,7 @@ END
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# detect if existing deployment
|
||||
# detect if existing deployment (TODO only works with sqlite)
|
||||
if [ -f "${idhub_dir}/db.sqlite3" ]; then
|
||||
echo "INFO: detected EXISTING deployment"
|
||||
./manage.py makemigrations
|
||||
|
@ -33,6 +67,8 @@ END
|
|||
if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
|
||||
printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
||||
./manage.py initial_datas
|
||||
|
||||
config_oidc4vp
|
||||
else
|
||||
printf "creating superuser \n user: ${DJANGO_SUPERUSER_USERNAME}\n password: ${DJANGO_SUPERUSER_PASSWORD}\n email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
|
||||
## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
|
||||
|
|
35
idhub_build_demo_12d.sh
Executable file
35
idhub_build_demo_12d.sh
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
set -u
|
||||
# DEBUG
|
||||
set -x
|
||||
|
||||
# wallet and verifier idhub demo
|
||||
main() {
|
||||
deployment="${1:-}"
|
||||
|
||||
# detach on production deployment
|
||||
if [ "${deployment}" = 'prod' ]; then
|
||||
detach='-d'
|
||||
fi
|
||||
|
||||
# force recreate
|
||||
rm -rf ./idhub1 ./idhub2
|
||||
|
||||
# detect if is new
|
||||
if [ ! -f "./idhub1" ] && [ ! -f "./idhub2" ]; then
|
||||
echo 'Detected new deployment, recreating git repos idhub1 and idhub2'
|
||||
cp -rp IdHub idhub1
|
||||
rm -f idhub1/db.sqlite3
|
||||
cp -rp IdHub idhub2
|
||||
rm -f idhub2/db.sqlite3
|
||||
fi
|
||||
|
||||
idhub_dc_f='docker-compose_idhub-demo-12d.yml'
|
||||
docker compose -f ${idhub_dc_f} down -v || true
|
||||
make idhub_build \
|
||||
&& docker compose -f ${idhub_dc_f} up ${detach:-}
|
||||
}
|
||||
|
||||
main "${@}"
|
Reference in a new issue