deployment for demo 12D (not tested)

This commit is contained in:
pedro 2023-12-12 11:09:39 +01:00
parent df05735979
commit 553bc3efe1
4 changed files with 145 additions and 2 deletions

View file

@ -0,0 +1,67 @@
version: "3.9"
services:
idhub1:
container_name: idhub1
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
environment:
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['MembershipCard']
ports:
- 9001:9001
volumes:
- ./idhub1:/opt/idhub
- sharedsecret:/sharedsecret:rw
idhub2:
container_name: idhub2
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
environment:
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9002}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['MembershipCard']
ports:
- 9002:9002
volumes:
- ./idhub2:/opt/idhub
- sharedsecret:/sharedsecret:rw
volumes:
sharedsecret:

View file

@ -4,7 +4,10 @@ RUN apt update && apt-get install -y \
python3-minimal \
python3-pip \
python3-dev \
python-is-python3
python-is-python3 \
git \
sqlite3 \
jq
WORKDIR /opt/idhub

View file

@ -4,6 +4,40 @@ set -e
set -u
set -x
_set() {
key="${1}"
value="${2}"
response_uri="${3}"
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
}
_get() {
sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
}
config_oidc4vp() {
# populate your config
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
data="$(_get)"
echo "${data}" | jq --arg uri "${R_URI_CLEAN}" '{ ($uri): .}' > /sharedsecret/${file}
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
sleep 2
# get other configs
for host in /sharedsecret/*; do
# we are flexible on querying for RESPONSE_URI: the first one based on regex
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
filtered_data="$(cat "${host}" | jq --arg uri "${target_uri}" 'first(.[][] | select(.response_uri | test ($uri)))')"
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
_set my_client_id ${client_id} ${response_uri}
_set my_client_secret ${client_secret} ${response_uri}
done
}
main() {
idhub_dir='/opt/idhub'
cd "${idhub_dir}"
@ -19,7 +53,7 @@ END
exit 1
fi
# detect if existing deployment
# detect if existing deployment (TODO only works with sqlite)
if [ -f "${idhub_dir}/db.sqlite3" ]; then
echo "INFO: detected EXISTING deployment"
./manage.py makemigrations
@ -33,6 +67,10 @@ END
if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
./manage.py initial_datas
if [ "${RESPONSE_URI}" ]; then
config_oidc4vp
fi
else
printf "creating superuser \n user: ${DJANGO_SUPERUSER_USERNAME}\n password: ${DJANGO_SUPERUSER_PASSWORD}\n email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533

35
idhub_build_demo_12d.sh Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh
set -e
set -u
# DEBUG
set -x
# wallet and verifier idhub demo
main() {
deployment="${1:-}"
# detach on production deployment
if [ "${deployment}" = 'prod' ]; then
detach='-d'
fi
# force recreate
rm -rf ./idhub1 ./idhub2
# detect if is new
if [ ! -f "./idhub1" ] && [ ! -f "./idhub2" ]; then
echo 'Detected new deployment, recreating git repos idhub1 and idhub2'
cp -rp IdHub idhub1
rm -f idhub1/db.sqlite3
cp -rp IdHub idhub2
rm -f idhub2/db.sqlite3
fi
idhub_dc_f='docker-compose_idhub-demo-12d.yml'
docker compose -f ${idhub_dc_f} down -v || true
make idhub_build \
&& docker compose -f ${idhub_dc_f} up ${detach:-}
}
main "${@}"