You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+59-37Lines changed: 59 additions & 37 deletions
Original file line number
Diff line number
Diff line change
@@ -40,37 +40,6 @@ sudo bash ./Delphi_install.sh
40
40
inside the registry's root directory. This installation script will create the required repositories, build the docker images, and register them directly at the local docker registry.
41
41
The registry requires an initial instance of ElasticSearch to be running.
42
42
43
-
## Authorization
44
-
This application relies on *JSON Web Tokens* (JWTs) using the *HMAC with SHA-256* (HS256) algorithm for authorization purposes. A valid, base64-encoded token must be put into the ```Authorization``` header of every HTTP request that is being issued to the registry. The HTTP header must look like this:
45
-
```
46
-
Authorization: Bearer <JWT>
47
-
```
48
-
You can find more about JWTs [here](https://jwt.io). To create valid JWTs for this application, the following fields have to be specified:
49
-
50
-
|Attribute | Type | Explanation |
51
-
| :---: | :---: | :--- |
52
-
|```iat``` (Issued at) |```Int```| Time this token was issued at. Specified in seconds since Jan 01 1970.|
53
-
|```nbf``` (Not valid before) |```Int```| Time this token becomes valid at. Specified in seconds since Jan 01 1970.|
54
-
|```exp``` (Expiration time) |```Int```| Time this token expires at. Specified in seconds since Jan 01 1970.|
55
-
|```user_id```|```String```| Id of the user this token was issued to.|
56
-
|```user_type```|```String```| Type of user that this token was issued to. Valid values are ```Admin``` (full access), ```User``` (read access) and ```Component``` (access to report operations).|
57
-
58
-
Please note that values of type ```Int``` must **not** be surrounded by quotation marks.
59
-
60
-
The secret key that is used for validating the tokens can either be set in the configuration file (see section below), or by setting the envirnment variable ```JWT_SECRET```. The default value is ```changeme``` and **has to be replaced for productive use!**
61
-
62
-
You can create tokens for development purposes using the JWT debugger at [jwt.io](https://jwt.io). The following token is valid for the default key ```changeme``` until end of march, and belongs to a user called ```DebugUser``` of user type ```Admin```. **Only use it for development purposes!**
Using the above token, a valid call to the registry at ```localhost:8087``` using *curl* looks like this:
69
-
70
-
```
71
-
curl -X POST -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDcxMDYzOTksIm5iZiI6MTU0NzEwNjM5OSwiZXhwIjoxNTU0MDE0Nzk5LCJ1c2VyX2lkIjoiRGVidWdVc2VyIiwidXNlcl90eXBlIjoiQWRtaW4ifQ.TeDa8JkFANVEufPaxXv3AXSojcaiKdOlBKeU5cLaHpg" localhost:8087/deploy?ComponentType=WebApi
72
-
```
73
-
74
43
## Adapt the configuration file
75
44
Before you can start the application, you have to make sure your configuration file contains valid data. The file can be found at *src/main/scala/de/upb/cs/swt/delphi/instanceregistry/Configuration.scala*, and most of its attributes are string or integer values. The following table describes the attributes in more detail.
76
45
@@ -86,9 +55,10 @@ Before you can start the application, you have to make sure your configuration f
86
55
|```webAppDockerImageName```|```String```|```"delphi-webapp:1.0.0-SNAPSHOT"```| Name of the Docker image for Delphi WebApps. May only be changed if you manually specified a different name when creating the image.|
87
56
|```defaultElasticSearchInstanceHost```|```String```|```"elasticsearch://172.17.0.1"```| Host that the default ElasticSearch instance is located at.|
88
57
|```defaultElasticSearchInstancePort```|```Int```|```9200```| Port that the default ElasticSearch instance is reachable at.|
89
-
|```uriInLocalNetwork```|```String```|```"http://172.17.0.1:8087"```| URI that the registry is reachable at for all docker containers. In most of the use-cases this is going to be the gateway of the default docker bridge.|
58
+
|```uriInLocalNetwork```|```String```|```"http://172.17.0.1:8087"```| URI that the registry is reachable at for all docker containers. In most of the use-cases this is going to be the gateway of the default docker bridge.<br>**Note:** For OSX you have to set this value to the DNS name of the docker host, which is ```http://host.docker.internal:8087``` (If the registry is running on the host).|
90
59
|```maxLabelLength```|```Int```|```50```| Maximum number of characters for instance labels. Longer labels will be rejected.|
91
60
|```dockerOperationTimeout```|```Timeout```|```Timeout(20 seconds)```| Default timeout for docker operations. If any of the async Docker operations (deploy, stop, pause, ..) takes longer than this, it will be aborted.|
61
+
|```defaultDockerUri```|```String```|```http://localhost:9095```| Default uri to connect to docker. It will be used if the environment variable ```DELPHI_DOCKER_HOST``` is not specified.|
92
62
|```jwtSecretKey```|```String```|```changeme```| Secret key to use for JWT signature (HS256). This setting can be overridden by specifying the ```JWT_SECRET``` environment variable.|
93
63
|```useInMemoryDB```|```Boolean```|```true```| If set to true, all instance data will be kept in memory instead of using a MySQL database.|
94
64
|```databaseHost```|```String```|```"jdbc:mysql://localhost/"```| Host that the MySQL database is reachable at (only necessary if *useInMemoryDB* is false).|
@@ -100,27 +70,79 @@ Before you can start the application, you have to make sure your configuration f
100
70
|```maxIndividualIpReq```|```Int```|```200```| Maximum number of requests that are allowed to be executed during the current refresh period for one specific origin ip.|
101
71
|```ipLogRefreshRate```|```FiniteDuration```|```2.minutes```| Duration of the log refresh period.|
102
72
103
-
By default, Docker is expected to be reachable at *http://localhost:9095*, but you can override this setting by specifying the docker host URI in the environment variable *DELPHI_DOCKER_HOST*.
104
-
To change the port of your http docker API to 9095, execute
73
+
74
+
## Docker configuration
75
+
By default, Docker is expected to be reachable at ```http://localhost:9095``` (see configuration attribute ```defaultDockerUri``` above), but you can override this setting by specifying the docker host URI in the environment variable *DELPHI_DOCKER_HOST*. You can also change the port that your Docker HTTP service is hosted on by executing the steps below on the Docker host machine.
76
+
77
+
### Linux
78
+
To change the port to 9095, go to the docker service file:
79
+
80
+
```
81
+
sudo nano /lib/systemd/system/docker.service
82
+
```
83
+
84
+
Change the line that starts with ```ExecStart``` to look like this:
Docker does not expose it's HTTP api on OSX for security reasons (as described [here](https://github.com/docker/for-mac/issues/770#issuecomment-252560286)), but you can run a docker container to redirect the API calls. To accept calls on your local machine's port 9095, execute:
112
99
100
+
```
101
+
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:9095:1234 bobrik/socat TCP-LISTEN:1234,fork UNIX-CONNECT:/var/run/docker.sock
102
+
```
113
103
104
+
## Run the application
105
+
There are two ways of running the registry application. You can either run the application directly, or build a docker image defined by the *build.sbt* file, and run a container based on this image. Either way, you have to set the correct configuration values before starting the application (see section **Adapt the configuration file** above for more information). Make sure the Docker images of all Delphi components are present at the host's registry, as described in the **Requirements** section.
114
106
107
+
**Note:** For OSX you have to set Java's ```prefereIPv4Stack``` option to ```true``` before executing any of the steps below. In order to do so, execute ```export JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true"``` in the terminal before calling ```sbt```.
115
108
116
-
## Run the application
117
-
There are two ways of running the registry application. You can either run the application directly, or build a docker image defined by the *build.sbt* file, and run a container based on this image. Either way, you have to set the correct configuration values before starting the application (see section **Adapt the configuration file** above for more information). We are currently working on a setup script that will prepare all images that need to be present on your docker host. Until its finished, you have to register the images manually, as described in the **Requirements** section.
118
109
### Run the registry directly
119
110
If you want to execute the registry directly on your local machine, simply go to the root folder of the repository and execute ```sbt run```. The application will stream all logging output to the terminal. You can terminate any time by pressing *RETURN*.
120
111
### Run the registry in Docker
121
112
For Windows users, to build a docker image containing the registry, go to the root folder of the repository and execute ```sbt docker:publishLocal```. This will build the application, create a docker image named ```delphi-registry:1.0.0-SNAPSHOT```, and register the image at your local docker registry.<br />
122
113
For Linux users, the installation script mentioned in **Requirements** section will create docker image for registry named ```delphi-registry:1.0.0-SNAPSHOT```, and registers the image at your local docker registry.
123
114
115
+
## Authorization
116
+
This application relies on *JSON Web Tokens* (JWTs) using the *HMAC with SHA-256* (HS256) algorithm for authorization purposes. A valid, base64-encoded token must be put into the ```Authorization``` header of every HTTP request that is being issued to the registry. The HTTP header must look like this:
117
+
```
118
+
Authorization: Bearer <JWT>
119
+
```
120
+
You can find more about JWTs [here](https://jwt.io). To create valid JWTs for this application, the following fields have to be specified:
121
+
122
+
|Attribute | Type | Explanation |
123
+
| :---: | :---: | :--- |
124
+
|```iat``` (Issued at) |```Int```| Time this token was issued at. Specified in seconds since Jan 01 1970.|
125
+
|```nbf``` (Not valid before) |```Int```| Time this token becomes valid at. Specified in seconds since Jan 01 1970.|
126
+
|```exp``` (Expiration time) |```Int```| Time this token expires at. Specified in seconds since Jan 01 1970.|
127
+
|```user_id```|```String```| Id of the user this token was issued to.|
128
+
|```user_type```|```String```| Type of user that this token was issued to. Valid values are ```Admin``` (full access), ```User``` (read access) and ```Component``` (access to report operations).|
129
+
130
+
Please note that values of type ```Int``` must **not** be surrounded by quotation marks.
131
+
132
+
The secret key that is used for validating the tokens can either be set in the configuration file (see section below), or by setting the envirnment variable ```JWT_SECRET```. The default value is ```changeme``` and **has to be replaced for productive use!**
133
+
134
+
You can create tokens for development purposes using the JWT debugger at [jwt.io](https://jwt.io). The following token is valid for the default key ```changeme``` until end of march, and belongs to a user called ```DebugUser``` of user type ```Admin```. **Only use it for development purposes!**
0 commit comments