diff --git a/.docker/admin-server/Dockerfile b/.docker/admin-server/Dockerfile index 11fd9f3..45c78c0 100644 --- a/.docker/admin-server/Dockerfile +++ b/.docker/admin-server/Dockerfile @@ -13,6 +13,6 @@ FROM openjdk:21-jdk as runner WORKDIR /app -COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.1.1-SNAPSHOT.jar ./admin-server-0.1.1.jar +COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.1.2-SNAPSHOT.jar ./admin-server-0.1.2.jar -ENTRYPOINT ["java", "-jar", "admin-server-0.1.1.jar"] +ENTRYPOINT ["java", "-jar", "admin-server-0.1.2.jar"] diff --git a/.docker/federation-server/Dockerfile b/.docker/federation-server/Dockerfile index d6e6195..f814368 100644 --- a/.docker/federation-server/Dockerfile +++ b/.docker/federation-server/Dockerfile @@ -13,6 +13,6 @@ FROM openjdk:21-jdk as runner WORKDIR /app -COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.1.1-SNAPSHOT.jar ./federation-server-0.1.1.jar +COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.1.2-SNAPSHOT.jar ./federation-server-0.1.2.jar -ENTRYPOINT ["java", "-jar", "federation-server-0.1.1.jar"] +ENTRYPOINT ["java", "-jar", "federation-server-0.1.2.jar"] diff --git a/.docker/prod-deployment/README.md b/.docker/prod-deployment/README.md new file mode 100644 index 0000000..512725f --- /dev/null +++ b/.docker/prod-deployment/README.md @@ -0,0 +1,128 @@ +# OpenID Federation Server Deployment + +This repository contains scripts and configuration files for deploying the OpenID Federation Server and Admin Server using Docker. + +## Repository Contents + +### Deployment Scripts (Local Use Only) +``` +├── build.sh # Build script for local development +├── push.sh # Script to push images to registry +└── setup-env.sh # Environment setup script +``` + +### Deployment Files (To Be Deployed) +``` +├── docker-compose.yaml +└── config/ + ├── federation-server/ + │ └── application.properties + └── admin-server/ + └── application.properties +``` + +## Prerequisites + +- Docker and Docker Compose (version 3.9 or higher) +- Access to a Docker Container Registry +- Traefik as reverse proxy (configured with HTTPS and acme resolver) + +## Environment Variables + +Before running the deployment, ensure the following environment variables are properly configured: + +### Database Configuration +- `DATASOURCE_USER` - PostgreSQL user for the main database +- `DATASOURCE_PASSWORD` - PostgreSQL password for the main database +- `DATASOURCE_DB` - Main database name + +### Local KMS Configuration +- `LOCAL_KMS_DATASOURCE_USER` - PostgreSQL user for the KMS database +- `LOCAL_KMS_DATASOURCE_PASSWORD` - PostgreSQL password for the KMS database +- `LOCAL_KMS_DATASOURCE_DB` - KMS database name + +### Application Configuration +- `APP_KEY` - Application key for encryption +- `KMS_PROVIDER` - Key Management Service provider configuration +- `ROOT_IDENTIFIER` - Root identifier for the federation +- `FEDERATION_HOSTS` - Host rules for the federation server +- `FEDERATION_ADMIN_HOSTS` - Host rules for the admin server +- `ADMIN_IP_WHITELIST` - Comma-separated list of IP ranges allowed to access the admin server + +## Deployment Steps + +1. Create required directories for persistent storage: +```bash +sudo mkdir -p /mnt/openid-federation/volumes/{postgres,local-kms} +``` + +2. Copy deployment files to target system: +```bash +docker-compose.yaml +config/ +``` + +3. Start the services using Docker Compose: +```bash +docker-compose up -d +``` + +## Service Architecture + +The deployment consists of the following services: + +- **db**: Main PostgreSQL database +- **local-kms-db**: PostgreSQL database for the Key Management Service +- **federation-server**: Main federation server service +- **admin-server**: Administrative interface for the federation server + +### Networking + +The deployment uses two Docker networks: +- `frontend`: For external communication (must be created manually) +- `backend`: For internal service communication (automatically created) + +### Security + +- The admin server is protected by IP whitelisting through Traefik middleware +- All services use TLS encryption through Traefik's ACME resolver +- Database credentials are managed through environment variables +- Persistent data is stored in volume mounts + +## Maintenance + +### Updating Services + +To update to the latest version of the services: + +```bash +docker-compose pull +docker-compose up -d +``` + +### Logs + +To view service logs: +```bash +docker-compose logs -f [service-name] +``` + +## Troubleshooting + +1. If database services fail to start, check: + - Volume permissions + - Available disk space + - PostgreSQL port conflicts + +2. If servers fail to start, verify: + - Database connectivity + - Environment variable configuration + - Network connectivity + +3. For admin server access issues: + - Verify IP whitelist configuration + - Check Traefik logs for middleware issues + +## Support + +For additional support or questions, please contact the Sphereon support team. diff --git a/.docker/prod-deployment/build.sh b/.docker/prod-deployment/build.sh index 6c32244..9d18021 100644 --- a/.docker/prod-deployment/build.sh +++ b/.docker/prod-deployment/build.sh @@ -1,7 +1,7 @@ #!/bin/bash -if ! source ./version-config.sh; then - echo "Error: Failed to source version-config.sh" +if ! source ./setup-env.sh; then + echo "Error: Failed to source setup-env.sh" exit 1 fi diff --git a/.docker/prod-deployment/push.sh b/.docker/prod-deployment/push.sh index 77d2726..17521ed 100644 --- a/.docker/prod-deployment/push.sh +++ b/.docker/prod-deployment/push.sh @@ -1,15 +1,15 @@ #!/bin/bash -source ./version-config.sh +source ./setup-env.sh # Push federation server images -docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:${FED_VERSION} -docker push ${REGISTRY}/${FED_IMAGE}:${FED_VERSION} -docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:latest -docker push ${REGISTRY}/${FED_IMAGE}:latest +docker tag ${FED_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${FED_IMAGE}:${FED_VERSION} +docker push ${DOCKER_REGISTRY}/${FED_IMAGE}:${FED_VERSION} +docker tag ${FED_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${FED_IMAGE}:latest +docker push ${DOCKER_REGISTRY}/${FED_IMAGE}:latest # Push admin server images -docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION} -docker push ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION} -docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:latest -docker push ${REGISTRY}/${ADMIN_IMAGE}:latest +docker tag ${ADMIN_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:${FED_VERSION} +docker push ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:${FED_VERSION} +docker tag ${ADMIN_IMAGE}:${FED_VERSION} ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:latest +docker push ${DOCKER_REGISTRY}/${ADMIN_IMAGE}:latest diff --git a/.docker/prod-deployment/version-config.sh b/.docker/prod-deployment/setup-env.sh similarity index 83% rename from .docker/prod-deployment/version-config.sh rename to .docker/prod-deployment/setup-env.sh index 595ce4c..d0be8a8 100644 --- a/.docker/prod-deployment/version-config.sh +++ b/.docker/prod-deployment/setup-env.sh @@ -18,14 +18,14 @@ get_version() { # Base paths MODULES_PATH="../../" -REGISTRY="sphereonregistry.azurecr.io" +DOCKER_REGISTRY="${DOCKER_REGISTRY:-sphereonregistry.azurecr.io}" # Get versions with error handling FED_VERSION=$(get_version "${MODULES_PATH}/build.gradle.kts") || exit 1 # Image names -FED_IMAGE="${REGISTRY}/federation-server" -ADMIN_IMAGE="${REGISTRY}/federation-admin-server" +FED_IMAGE="federation-server" +ADMIN_IMAGE="federation-admin-server" # Export variables export FED_VERSION diff --git a/build.gradle.kts b/build.gradle.kts index a21c23b..80cc70b 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -39,7 +39,7 @@ fun getNpmVersion(): String { allprojects { group = "com.sphereon.oid.fed" - version = "0.1.1-SNAPSHOT" + version = "0.1.2-SNAPSHOT" val npmVersion by extra { getNpmVersion() } // Common repository configuration for all projects