Skip to content

Commit 76662dd

Browse files
authored
Merge pull request #92 from delphi-hub/feature/updateReadme
Added additional configuration steps for macOS to README
2 parents 317c575 + 3f117ba commit 76662dd

File tree

6 files changed

+66
-42
lines changed

6 files changed

+66
-42
lines changed

README.md

Lines changed: 59 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -40,37 +40,6 @@ sudo bash ./Delphi_install.sh
4040
inside the registry's root directory. This installation script will create the required repositories, build the docker images, and register them directly at the local docker registry.
4141
The registry requires an initial instance of ElasticSearch to be running.
4242

43-
## Authorization
44-
This application relies on *JSON Web Tokens* (JWTs) using the *HMAC with SHA-256* (HS256) algorithm for authorization purposes. A valid, base64-encoded token must be put into the ```Authorization``` header of every HTTP request that is being issued to the registry. The HTTP header must look like this:
45-
```
46-
Authorization: Bearer <JWT>
47-
```
48-
You can find more about JWTs [here](https://jwt.io). To create valid JWTs for this application, the following fields have to be specified:
49-
50-
|Attribute | Type | Explanation |
51-
| :---: | :---: | :--- |
52-
|```iat``` (Issued at) | ```Int``` | Time this token was issued at. Specified in seconds since Jan 01 1970.|
53-
|```nbf``` (Not valid before) | ```Int``` | Time this token becomes valid at. Specified in seconds since Jan 01 1970.|
54-
|```exp``` (Expiration time) | ```Int``` | Time this token expires at. Specified in seconds since Jan 01 1970.|
55-
|```user_id``` | ```String``` | Id of the user this token was issued to.|
56-
|```user_type``` | ```String``` | Type of user that this token was issued to. Valid values are ```Admin``` (full access), ```User``` (read access) and ```Component``` (access to report operations).|
57-
58-
Please note that values of type ```Int``` must **not** be surrounded by quotation marks.
59-
60-
The secret key that is used for validating the tokens can either be set in the configuration file (see section below), or by setting the envirnment variable ```JWT_SECRET```. The default value is ```changeme``` and **has to be replaced for productive use!**
61-
62-
You can create tokens for development purposes using the JWT debugger at [jwt.io](https://jwt.io). The following token is valid for the default key ```changeme``` until end of march, and belongs to a user called ```DebugUser``` of user type ```Admin```. **Only use it for development purposes!**
63-
64-
```
65-
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDcxMDYzOTksIm5iZiI6MTU0NzEwNjM5OSwiZXhwIjoxNTU0MDE0Nzk5LCJ1c2VyX2lkIjoiRGVidWdVc2VyIiwidXNlcl90eXBlIjoiQWRtaW4ifQ.TeDa8JkFANVEufPaxXv3AXSojcaiKdOlBKeU5cLaHpg
66-
```
67-
68-
Using the above token, a valid call to the registry at ```localhost:8087``` using *curl* looks like this:
69-
70-
```
71-
curl -X POST -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDcxMDYzOTksIm5iZiI6MTU0NzEwNjM5OSwiZXhwIjoxNTU0MDE0Nzk5LCJ1c2VyX2lkIjoiRGVidWdVc2VyIiwidXNlcl90eXBlIjoiQWRtaW4ifQ.TeDa8JkFANVEufPaxXv3AXSojcaiKdOlBKeU5cLaHpg" localhost:8087/deploy?ComponentType=WebApi
72-
```
73-
7443
## Adapt the configuration file
7544
Before you can start the application, you have to make sure your configuration file contains valid data. The file can be found at *src/main/scala/de/upb/cs/swt/delphi/instanceregistry/Configuration.scala*, and most of its attributes are string or integer values. The following table describes the attributes in more detail.
7645

@@ -86,9 +55,10 @@ Before you can start the application, you have to make sure your configuration f
8655
|```webAppDockerImageName``` | ```String``` | ```"delphi-webapp:1.0.0-SNAPSHOT"``` | Name of the Docker image for Delphi WebApps. May only be changed if you manually specified a different name when creating the image.|
8756
|```defaultElasticSearchInstanceHost``` | ```String``` | ```"elasticsearch://172.17.0.1"``` | Host that the default ElasticSearch instance is located at.|
8857
|```defaultElasticSearchInstancePort``` | ```Int``` | ```9200``` | Port that the default ElasticSearch instance is reachable at.|
89-
|```uriInLocalNetwork``` | ```String``` | ```"http://172.17.0.1:8087"``` | URI that the registry is reachable at for all docker containers. In most of the use-cases this is going to be the gateway of the default docker bridge.|
58+
|```uriInLocalNetwork``` | ```String``` | ```"http://172.17.0.1:8087"``` | URI that the registry is reachable at for all docker containers. In most of the use-cases this is going to be the gateway of the default docker bridge.<br>**Note:** For OSX you have to set this value to the DNS name of the docker host, which is ```http://host.docker.internal:8087``` (If the registry is running on the host).|
9059
|```maxLabelLength``` | ```Int``` | ```50``` | Maximum number of characters for instance labels. Longer labels will be rejected.|
9160
|```dockerOperationTimeout``` | ```Timeout``` | ```Timeout(20 seconds)``` | Default timeout for docker operations. If any of the async Docker operations (deploy, stop, pause, ..) takes longer than this, it will be aborted.|
61+
|```defaultDockerUri``` | ```String``` | ```http://localhost:9095``` | Default uri to connect to docker. It will be used if the environment variable ```DELPHI_DOCKER_HOST``` is not specified.|
9262
|```jwtSecretKey``` | ```String``` | ```changeme``` | Secret key to use for JWT signature (HS256). This setting can be overridden by specifying the ```JWT_SECRET``` environment variable.|
9363
|```useInMemoryDB``` | ```Boolean``` | ```true``` | If set to true, all instance data will be kept in memory instead of using a MySQL database.|
9464
|```databaseHost``` | ```String``` | ```"jdbc:mysql://localhost/"``` | Host that the MySQL database is reachable at (only necessary if *useInMemoryDB* is false).|
@@ -100,27 +70,79 @@ Before you can start the application, you have to make sure your configuration f
10070
|```maxIndividualIpReq``` | ```Int``` | ```200``` | Maximum number of requests that are allowed to be executed during the current refresh period for one specific origin ip.|
10171
|```ipLogRefreshRate``` | ```FiniteDuration``` | ```2.minutes``` | Duration of the log refresh period.|
10272

103-
By default, Docker is expected to be reachable at *http://localhost:9095*, but you can override this setting by specifying the docker host URI in the environment variable *DELPHI_DOCKER_HOST*.
104-
To change the port of your http docker API to 9095, execute
73+
74+
## Docker configuration
75+
By default, Docker is expected to be reachable at ```http://localhost:9095``` (see configuration attribute ```defaultDockerUri``` above), but you can override this setting by specifying the docker host URI in the environment variable *DELPHI_DOCKER_HOST*. You can also change the port that your Docker HTTP service is hosted on by executing the steps below on the Docker host machine.
76+
77+
### Linux
78+
To change the port to 9095, go to the docker service file:
79+
80+
```
81+
sudo nano /lib/systemd/system/docker.service
82+
```
83+
84+
Change the line that starts with ```ExecStart``` to look like this:
85+
10586
```
106-
edit /lib/systemd/system/docker.service
10787
ExecStart=/usr/bin/dockerd -H fd:// -H=tcp://0.0.0.0:9095
88+
```
89+
90+
Save your changes, close the editor and execute
91+
92+
```
10893
systemctl daemon-reload
10994
sudo service docker restart
11095
```
11196

97+
### OSX
98+
Docker does not expose it's HTTP api on OSX for security reasons (as described [here](https://github.com/docker/for-mac/issues/770#issuecomment-252560286)), but you can run a docker container to redirect the API calls. To accept calls on your local machine's port 9095, execute:
11299

100+
```
101+
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:9095:1234 bobrik/socat TCP-LISTEN:1234,fork UNIX-CONNECT:/var/run/docker.sock
102+
```
113103

104+
## Run the application
105+
There are two ways of running the registry application. You can either run the application directly, or build a docker image defined by the *build.sbt* file, and run a container based on this image. Either way, you have to set the correct configuration values before starting the application (see section **Adapt the configuration file** above for more information). Make sure the Docker images of all Delphi components are present at the host's registry, as described in the **Requirements** section.
114106

107+
**Note:** For OSX you have to set Java's ```prefereIPv4Stack``` option to ```true``` before executing any of the steps below. In order to do so, execute ```export JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true"``` in the terminal before calling ```sbt```.
115108

116-
## Run the application
117-
There are two ways of running the registry application. You can either run the application directly, or build a docker image defined by the *build.sbt* file, and run a container based on this image. Either way, you have to set the correct configuration values before starting the application (see section **Adapt the configuration file** above for more information). We are currently working on a setup script that will prepare all images that need to be present on your docker host. Until its finished, you have to register the images manually, as described in the **Requirements** section.
118109
### Run the registry directly
119110
If you want to execute the registry directly on your local machine, simply go to the root folder of the repository and execute ```sbt run```. The application will stream all logging output to the terminal. You can terminate any time by pressing *RETURN*.
120111
### Run the registry in Docker
121112
For Windows users, to build a docker image containing the registry, go to the root folder of the repository and execute ```sbt docker:publishLocal```. This will build the application, create a docker image named ```delphi-registry:1.0.0-SNAPSHOT```, and register the image at your local docker registry.<br />
122113
For Linux users, the installation script mentioned in **Requirements** section will create docker image for registry named ```delphi-registry:1.0.0-SNAPSHOT```, and registers the image at your local docker registry.
123114

115+
## Authorization
116+
This application relies on *JSON Web Tokens* (JWTs) using the *HMAC with SHA-256* (HS256) algorithm for authorization purposes. A valid, base64-encoded token must be put into the ```Authorization``` header of every HTTP request that is being issued to the registry. The HTTP header must look like this:
117+
```
118+
Authorization: Bearer <JWT>
119+
```
120+
You can find more about JWTs [here](https://jwt.io). To create valid JWTs for this application, the following fields have to be specified:
121+
122+
|Attribute | Type | Explanation |
123+
| :---: | :---: | :--- |
124+
|```iat``` (Issued at) | ```Int``` | Time this token was issued at. Specified in seconds since Jan 01 1970.|
125+
|```nbf``` (Not valid before) | ```Int``` | Time this token becomes valid at. Specified in seconds since Jan 01 1970.|
126+
|```exp``` (Expiration time) | ```Int``` | Time this token expires at. Specified in seconds since Jan 01 1970.|
127+
|```user_id``` | ```String``` | Id of the user this token was issued to.|
128+
|```user_type``` | ```String``` | Type of user that this token was issued to. Valid values are ```Admin``` (full access), ```User``` (read access) and ```Component``` (access to report operations).|
129+
130+
Please note that values of type ```Int``` must **not** be surrounded by quotation marks.
131+
132+
The secret key that is used for validating the tokens can either be set in the configuration file (see section below), or by setting the envirnment variable ```JWT_SECRET```. The default value is ```changeme``` and **has to be replaced for productive use!**
133+
134+
You can create tokens for development purposes using the JWT debugger at [jwt.io](https://jwt.io). The following token is valid for the default key ```changeme``` until end of march, and belongs to a user called ```DebugUser``` of user type ```Admin```. **Only use it for development purposes!**
135+
136+
```
137+
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDcxMDYzOTksIm5iZiI6MTU0NzEwNjM5OSwiZXhwIjoxNTU0MDE0Nzk5LCJ1c2VyX2lkIjoiRGVidWdVc2VyIiwidXNlcl90eXBlIjoiQWRtaW4ifQ.TeDa8JkFANVEufPaxXv3AXSojcaiKdOlBKeU5cLaHpg
138+
```
139+
140+
Using the above token, a valid call to the registry at ```localhost:8087``` using *curl* looks like this:
141+
142+
```
143+
curl -X POST -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDcxMDYzOTksIm5iZiI6MTU0NzEwNjM5OSwiZXhwIjoxNTU0MDE0Nzk5LCJ1c2VyX2lkIjoiRGVidWdVc2VyIiwidXNlcl90eXBlIjoiQWRtaW4ifQ.TeDa8JkFANVEufPaxXv3AXSojcaiKdOlBKeU5cLaHpg" localhost:8087/deploy?ComponentType=WebApi
144+
```
145+
124146
## Contributing
125147

126148
Contributions are *very* welcome!

src/main/scala/de/upb/cs/swt/delphi/instanceregistry/Configuration.scala

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ class Configuration( ) {
3232
val maxLabelLength: Int = 50
3333

3434
val dockerOperationTimeout: Timeout = Timeout(20 seconds)
35+
val defaultDockerUri: String = "http://localhost:9095"
3536

3637
val jwtSecretKey: String = sys.env.getOrElse("JWT_SECRET", "changeme")
3738

src/main/scala/de/upb/cs/swt/delphi/instanceregistry/Docker/DockerConnection.scala

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,18 @@ import akka.http.scaladsl.Http
55
import akka.http.scaladsl.model.Uri.{Path, Query}
66
import akka.http.scaladsl.model.{HttpRequest, HttpResponse, Uri}
77
import akka.stream.Materializer
8+
import de.upb.cs.swt.delphi.instanceregistry.Configuration
89

910
import scala.concurrent.Future
1011

1112
object DockerConnection {
1213

1314

14-
def fromEnvironment()(implicit system: ActorSystem, materializer: Materializer): DockerConnection = {
15+
def fromEnvironment(configuration: Configuration)(implicit system: ActorSystem, materializer: Materializer): DockerConnection = {
1516
def env(key: String): Option[String] = sys.env.get(key).filter(_.nonEmpty)
1617

1718
val host = env("DELPHI_DOCKER_HOST").getOrElse {
18-
"http://localhost:9095"
19+
configuration.defaultDockerUri
1920
}
2021
DockerHttpConnection(host)
2122
}

src/main/scala/de/upb/cs/swt/delphi/instanceregistry/Registry.scala

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ object Registry extends AppLogging {
2525
}
2626
}
2727

28-
private val requestHandler = new RequestHandler(configuration, dao, DockerConnection.fromEnvironment())
28+
private val requestHandler = new RequestHandler(configuration, dao, DockerConnection.fromEnvironment(configuration))
2929

3030
private val server: Server = new Server(requestHandler)
3131

src/test/scala/de/upb/cs/swt/delphi/instanceregistry/RequestHandlerTest.scala

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ class RequestHandlerTest extends FlatSpec with Matchers with BeforeAndAfterEach
2020

2121
val configuration: Configuration = new Configuration()
2222
val dao: InstanceDAO = new DynamicInstanceDAO(configuration)
23-
val handler: RequestHandler = new RequestHandler(configuration, dao, DockerConnection.fromEnvironment())
23+
val handler: RequestHandler = new RequestHandler(configuration, dao, DockerConnection.fromEnvironment(configuration))
2424

2525
private def buildInstance(id: Long, componentType: ComponentType = ComponentType.ElasticSearch, dockerId: Option[String] = None, state: InstanceState.Value = InstanceState.Stopped, labels: List[String] = List.empty[String]): Instance = {
2626
Instance(Some(id), "https://localhost", 12345, "TestInstance", componentType, dockerId, state, labels, List.empty[InstanceLink], List.empty[InstanceLink])

src/test/scala/de/upb/cs/swt/delphi/instanceregistry/connection/ServerTest.scala

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ class ServerTest
4747

4848
private val configuration: Configuration = new Configuration()
4949
private val dao: InstanceDAO = new DynamicInstanceDAO(configuration)
50-
private val requestHandler: RequestHandler = new RequestHandler(configuration, dao, DockerConnection.fromEnvironment())
50+
private val requestHandler: RequestHandler = new RequestHandler(configuration, dao, DockerConnection.fromEnvironment(configuration))
5151
private val server: Server = new Server(requestHandler)
5252

5353
//JSON CONSTANTS

0 commit comments

Comments
 (0)