Merge branch 'develop' of github.com:Sphereon-Opensource/OpenID-Feder…

…ation into develop
Sphereon-Opensource · Dec 9, 2024 · 14f4746 · 14f4746
2 parents b154f31 + 135705a
commit 14f4746
Show file tree

Hide file tree

Showing 7 changed files with 147 additions and 19 deletions.
diff --git a/.docker/admin-server/Dockerfile b/.docker/admin-server/Dockerfile
@@ -13,6 +13,6 @@ FROM openjdk:21-jdk as runner
 
 WORKDIR /app
 
-COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.1.1-SNAPSHOT.jar ./admin-server-0.1.1.jar
+COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.1.2-SNAPSHOT.jar ./admin-server-0.1.2.jar
 
-ENTRYPOINT ["java", "-jar", "admin-server-0.1.1.jar"]
+ENTRYPOINT ["java", "-jar", "admin-server-0.1.2.jar"]
diff --git a/.docker/federation-server/Dockerfile b/.docker/federation-server/Dockerfile
@@ -13,6 +13,6 @@ FROM openjdk:21-jdk as runner
 
 WORKDIR /app
 
-COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.1.1-SNAPSHOT.jar ./federation-server-0.1.1.jar
+COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.1.2-SNAPSHOT.jar ./federation-server-0.1.2.jar
 
-ENTRYPOINT ["java", "-jar", "federation-server-0.1.1.jar"]
+ENTRYPOINT ["java", "-jar", "federation-server-0.1.2.jar"]
diff --git a/.docker/prod-deployment/README.md b/.docker/prod-deployment/README.md
@@ -0,0 +1,128 @@
+# OpenID Federation Server Deployment
+
+This repository contains scripts and configuration files for deploying the OpenID Federation Server and Admin Server using Docker.
+
+## Repository Contents
+
+### Deployment Scripts (Local Use Only)
+```
+├── build.sh          # Build script for local development
+├── push.sh           # Script to push images to registry
+└── setup-env.sh      # Environment setup script
+```
+
+### Deployment Files (To Be Deployed)
+```
+├── docker-compose.yaml
+└── config/
+    ├── federation-server/
+    │   └── application.properties
+    └── admin-server/
+        └── application.properties
+```
+
+## Prerequisites
+
+- Docker and Docker Compose (version 3.9 or higher)
+- Access to a Docker Container Registry
+- Traefik as reverse proxy (configured with HTTPS and acme resolver)
+
+## Environment Variables
+
+Before running the deployment, ensure the following environment variables are properly configured:
+
+### Database Configuration
+- `DATASOURCE_USER` - PostgreSQL user for the main database
+- `DATASOURCE_PASSWORD` - PostgreSQL password for the main database
+- `DATASOURCE_DB` - Main database name
+
+### Local KMS Configuration
+- `LOCAL_KMS_DATASOURCE_USER` - PostgreSQL user for the KMS database
+- `LOCAL_KMS_DATASOURCE_PASSWORD` - PostgreSQL password for the KMS database
+- `LOCAL_KMS_DATASOURCE_DB` - KMS database name
+
+### Application Configuration
+- `APP_KEY` - Application key for encryption
+- `KMS_PROVIDER` - Key Management Service provider configuration
+- `ROOT_IDENTIFIER` - Root identifier for the federation
+- `FEDERATION_HOSTS` - Host rules for the federation server
+- `FEDERATION_ADMIN_HOSTS` - Host rules for the admin server
+- `ADMIN_IP_WHITELIST` - Comma-separated list of IP ranges allowed to access the admin server
+
+## Deployment Steps
+
+1. Create required directories for persistent storage:
+```bash
+sudo mkdir -p /mnt/openid-federation/volumes/{postgres,local-kms}
+```
+
+2. Copy deployment files to target system:
+```bash
+docker-compose.yaml
+config/
+```
+
+3. Start the services using Docker Compose:
+```bash
+docker-compose up -d
+```
+
+## Service Architecture
+
+The deployment consists of the following services:
+
+- **db**: Main PostgreSQL database
+- **local-kms-db**: PostgreSQL database for the Key Management Service
+- **federation-server**: Main federation server service
+- **admin-server**: Administrative interface for the federation server
+
+### Networking
+
+The deployment uses two Docker networks:
+- `frontend`: For external communication (must be created manually)
+- `backend`: For internal service communication (automatically created)
+
+### Security
+
+- The admin server is protected by IP whitelisting through Traefik middleware
+- All services use TLS encryption through Traefik's ACME resolver
+- Database credentials are managed through environment variables
+- Persistent data is stored in volume mounts
+
+## Maintenance
+
+### Updating Services
+
+To update to the latest version of the services:
+
+```bash
+docker-compose pull
+docker-compose up -d
+```
+
+### Logs
+
+To view service logs:
+```bash
+docker-compose logs -f [service-name]
+```
+
+## Troubleshooting
+
+1. If database services fail to start, check:
+    - Volume permissions
+    - Available disk space
+    - PostgreSQL port conflicts
+
+2. If servers fail to start, verify:
+    - Database connectivity
+    - Environment variable configuration
+    - Network connectivity
+
+3. For admin server access issues:
+    - Verify IP whitelist configuration
+    - Check Traefik logs for middleware issues
+
+## Support
+
+For additional support or questions, please contact the Sphereon support team.
diff --git a/.docker/prod-deployment/build.sh b/.docker/prod-deployment/build.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-if ! source ./version-config.sh; then
-    echo "Error: Failed to source version-config.sh"
+if ! source ./setup-env.sh; then
+    echo "Error: Failed to source setup-env.sh"
     exit 1
 fi
 

diff --git a/.docker/prod-deployment/push.sh b/.docker/prod-deployment/push.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-source ./version-config.sh
+source ./setup-env.sh
 
 # Push federation server images
-docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:${FED_VERSION}
-docker push ${REGISTRY}/${FED_IMAGE}:${FED_VERSION}
-docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:latest
-docker push ${REGISTRY}/${FED_IMAGE}:latest
+docker tag ${FED_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${FED_IMAGE}:${FED_VERSION}
+docker push ${DOCKER_REGISTRY}/${FED_IMAGE}:${FED_VERSION}
+docker tag ${FED_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${FED_IMAGE}:latest
+docker push ${DOCKER_REGISTRY}/${FED_IMAGE}:latest
 
 # Push admin server images
-docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION}
-docker push ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION}
-docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:latest
-docker push ${REGISTRY}/${ADMIN_IMAGE}:latest
+docker tag ${ADMIN_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:${FED_VERSION}
+docker push ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:${FED_VERSION}
+docker tag ${ADMIN_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:latest
+docker push ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:latest
diff --git a/.docker/prod-deployment/version-config.sh → .docker/prod-deployment/setup-env.sh b/.docker/prod-deployment/version-config.sh → .docker/prod-deployment/setup-env.sh
@@ -18,14 +18,14 @@ get_version() {
 
 # Base paths
 MODULES_PATH="../../"
-REGISTRY="sphereonregistry.azurecr.io"
+DOCKER_REGISTRY="${DOCKER_REGISTRY:-sphereonregistry.azurecr.io}"
 
 # Get versions with error handling
 FED_VERSION=$(get_version "${MODULES_PATH}/build.gradle.kts") || exit 1
 
 # Image names
-FED_IMAGE="${REGISTRY}/federation-server"
-ADMIN_IMAGE="${REGISTRY}/federation-admin-server"
+FED_IMAGE="federation-server"
+ADMIN_IMAGE="federation-admin-server"
 
 # Export variables
 export FED_VERSION

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -39,7 +39,7 @@ fun getNpmVersion(): String {
 
 allprojects {
     group = "com.sphereon.oid.fed"
-    version = "0.1.1-SNAPSHOT"
+    version = "0.1.2-SNAPSHOT"
     val npmVersion by extra { getNpmVersion() }
 
     // Common repository configuration for all projects