Unverified Commit bf8cad90 authored by Martin Lowe's avatar Martin Lowe 🇨🇦 Committed by GitHub
Browse files

Update to integrate API into docker stack for local dev (#75)

* Update to integrate API into docker stack for local dev

* Fix ports on docker compose

* Remove extra yarn file and update make file

* Update to yarn commadns to be cleaner w/o cd

* Update README for makefile and docker-compose

* Fix OIDC endpoint target to be set as part of secret config

The OIDC public auth endpoint needs to be set for each machine and will likely be unique for every machine. This is due to the docker instance not accepting localhost as a proper binding address for the API.

* Update docker secrets and update readme

* Fix API docker container name
parent 7d6b9a3b
......@@ -72,6 +72,7 @@ nb-configuration.xml
# Ignore built resources to display in package
src/main/resources/META-INF/resources/*
secret.properties
docker.secret.properties
#environment variables
.env
compile-java: validate-spec;
mvn clean compile package
compile-react: install-react;
yarn --cwd src/main/www build
compile: clean compile-react compile-java;
docker build -f src/main/docker/Dockerfile.jvm -t eclipsefdn/membership-rest-api .
clean:;
mvn clean
rm -rf src/main/resources/META-INF/*
install-react:;
yarn --cwd src/main/www install --frozen-lockfile
validate-spec: install-react;
yarn --cwd src/main/www test-spec
......@@ -26,8 +26,7 @@ You will also see any lint errors in the console.
### Dependencies to run
- MariaDB
- Keycloak
- Docker-compose
- Maven
- Java version 11
......@@ -35,7 +34,7 @@ You will also see any lint errors in the console.
As part of the set up, you will need to create a `secret.properties` file within the `./config` folder and set up the secrets that are required to run the application. If named `secret.properties`, the file should be ignored by Github automatically, making it less risky that credentials are accidentally uploaded to a branch.
The fields required to run are the datasource and OIDC properties. The datasource properties should be a set of user credentials that can write to a local mariadb instance. Within that mariadb instance, a database should be created to contain the data used in development. Once created, a JDBC URL can now be formed for the new database. This URL should follow the pattern below, with port not always required (depending on your local setup and proxy settings).
The fields required to run are the datasource and OIDC properties. The datasource properties should be a set of user credentials that can write to a local mariadb instance. Within that mariadb instance, a database should be created to contain the data used in development. Once created, a JDBC URL can now be formed for the new database. This URL should follow the pattern below, with port not always required (depending on your local setup and proxy settings). This will be set in the `secret.properties` file.
```
quarkus.datasource.jdbc.url = jdbc:mariadb://<host><:port?>/<databaseName>
......@@ -43,7 +42,9 @@ quarkus.datasource.jdbc.url = jdbc:mariadb://<host><:port?>/<databaseName>
Once this is set, set the `quarkus.datasource.username` and `quarkus.datasource.password` fields to the user with access to the given database in the `secret.properties` file.
The other half of secret configuration is setting up the OIDC credentials for connecting to a keycloak server. This server will require a realm to be set up for access. Using the name `rem_realm` is easiest as it requires no changes to the configuration to work. If the realm is named differently or the Keycloak server is not running locally, the `quarkus.oidc.auth-server-url` property in the `src/main/resources/application.properties` file will need to be updated. The value set should be the public realm address for your server and realm. The rest of the endpoints will be taken care of by the wellknown endpoint available in Keycloak, and don't need to be configured.
The other half of secret configuration is setting up the OIDC credentials for connecting to a keycloak server. This server will require a realm to be set up for access. Using the name `rem_realm` is easiest as it requires no changes to the configuration to work.
The `quarkus.oidc.auth-server-url` property in the `secret.properties` file will need to be updated. The value set should be the public realm address for your server and realm. The rest of the endpoints will be taken care of by the wellknown endpoint available in Keycloak, and don't need to be configured. For the dockerized service, this should be set to your local IP address (note, not your public address). This can be retrieved from your IP configuration application and added in the format displayed in the `sample.secret.properties` file.
Inside that realm, create a client and update the `quarkus.oidc.client-id` property within the `secret.properties` file. Inside that client, open the settings and go to the credentials tab. The secret will need to be copied and set into the `secret.properties` file in the `quarkus.oidc.credentials.client-secret.value` property. For proper reading and usage of development data, 3 users should be created and added to the realm with the usernames `user1`, `user2`, and `user3`.
......@@ -56,7 +57,7 @@ As a side note, regeneration of the database on start along with the insertion o
### Running
To run the server as a local instance as a stack, first run `yarn --cwd src/main/www`, this will install all the required package for the react app. Then run `yarn --cwd src/main/www build`. This will package the React app and copy it into the static web resources of the server source. To run as a development application, which is the fastest way with the least dependencies, run the following command: `mvn compile quarkus:dev -Dconfig.secret.path=$(pwd)/config/secret.properties` or `mvn compile quarkus:dev "-Dconfig.secret.path=$pwd/config/secret.properties"` when running in a Windows PowerShell.
To run the server as a local instance as a stack, you will need to compile the application first, which can be done through `make compile`. This takes care of all of the steps needed to cleanly build and rebuild the application from scratch. To run the stack with the packaged application, use `docker-compose up -d`.
### Docker
......
quarkus.datasource.username=sample
quarkus.datasource.password=sample
quarkus.oidc.auth-server-url=http://host.docker.internal:8080/auth/realms/rem_realm
quarkus.datasource.jdbc.url = jdbc:mariadb://host.docker.internal/rem_quarkus_api
quarkus.oidc.client-id=sample
quarkus.oidc.credentials.client-secret.value=sample
security.token.salt=somesaltvalue
\ No newline at end of file
......@@ -57,4 +57,12 @@ services:
ports:
- 8083:443
environment:
- PHPLDAPADMIN_LDAP_HOSTS=ldap
\ No newline at end of file
- PHPLDAPADMIN_LDAP_HOSTS=ldap
api:
image: eclipsefdn/membership-rest-api:latest
ports:
- 8090:8090
environment:
- CONFIG_SECRET_PATH=/var/run/secrets/secret.properties
volumes:
- ./config:/var/run/secrets
......@@ -47,6 +47,13 @@
<groupId>org.eclipsefoundation</groupId>
<artifactId>quarkus-core</artifactId>
<version>${eclipse-api-version}</version>
<!-- Can be removed once dependency is removed from base package https://stackoverflow.com/questions/67510802/logging-in-quarkus-works-in-dev-mode-but-doesnt-output-in-jvm-docker-image -->
<exclusions>
<exclusion>
<groupId>org.jboss.logmanager</groupId>
<artifactId>jboss-logmanager</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipsefoundation</groupId>
......
......@@ -48,7 +48,7 @@ ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jb
COPY target/lib/* /deployments/lib/
COPY target/*-runner.jar /deployments/app.jar
EXPOSE 8080
EXPOSE 8090
USER 1001
ENTRYPOINT [ "/deployments/run-java.sh" ]
\ No newline at end of file
quarkus.log.level=INFO
quarkus.http.port=8080
quarkus.http.port=8090
## DATASOURCE CONFIG
quarkus.datasource.jdbc.url = jdbc:mariadb://127.0.0.1/rem_quarkus_api
quarkus.datasource.db-kind=mariadb
quarkus.datasource.jdbc.min-size = 5
quarkus.datasource.jdbc.max-size = 15
......@@ -12,7 +11,6 @@ eclipse.db.default.limit.max=100
## OIDC Connection/Authentication Info
quarkus.oauth2.enabled=false
quarkus.oidc.application-type=web-app
quarkus.oidc.auth-server-url=http://localhost:8080/auth/realms/rem_realm
quarkus.oidc.discovery-enabled=true
quarkus.oidc.roles.source=accesstoken
quarkus.oidc.authentication.redirect-path=/
......@@ -21,8 +19,6 @@ quarkus.oidc.logout.path=/logout
## DEV SETTINGS
%dev.quarkus.http.port=8090
%dev.quarkus.oidc.auth-server-url=http://localhost:8080/auth/realms/rem_realm
%dev.quarkus.oidc.client-id=poc-server
%dev.quarkus.oidc.credentials.client-secret.value=4d596003-2cfe-49ba-a7cb-ea3d40bf5538
%dev.security.csrf.enabled = false
# %dev.quarkus.hibernate-orm.database.generation=drop-and-create
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment