Skip to content
Snippets Groups Projects
Commit 6f1ec845 authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

y1 baseline

parent 53f4cd09
Branches
Tags y1
No related merge requests found
Pipeline #87392 failed
Stage: build
Stage: deploy
Stage: stop
Show whitespace changes
Inline Side-by-side
Showing
with 862 additions and 92 deletions
.env 0 → 100644
+ 29
0
View file @ 6f1ec845
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
#### development related ####
TZ=Madrid
DOCKER_REGISTRY_PREFIX=optima-piacere-docker.artifact.tecnalia.com/
PROJECT_NAME=piacere-sh
COMPOSE_PROJECT_VERSION=master
HTTPS_PORT=443
SERVER_HOST=
ADMIN_PASSWORD=
BUILD_PROFILE=prod
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-sh-master
COMPOSE_FILE=docker-compose.yaml:docker-compose-traefik-selfsigned.yaml:docker-compose-expose.yaml:docker-compose-redirect-http.yaml
#### Buiding related
DOCKER_REGISTRY_CACHE_PREFIX=piacerebuild.tri.lan:5000/
DOCKER_REGISTRY_CACHE_VERSION=latest
#### Development related, useful when docker-compose-dev.yaml is included ####
#### when using docker-compose-traefik-tecnalia-selfsigned.yaml
CERTIFICATE_SIGNING_KEY_PASSPHRASE=
\ No newline at end of file
.env.build 0 → 100644
+ 27
0
View file @ 6f1ec845
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
DEVSVC_BASE_PATH=development-services/
#### Production related ####
DOCKER_REGISTRY_PREFIX=optima-piacere-docker-dev.artifact.tecnalia.com
PROJECT_NAME=
COMPOSE_PROJECT_VERSION=y1
TZ=Madrid
ADMIN_PASSWORD=piacerePassword
HTTPS_PORT=8443
SERVER_HOST=192.168.56.1.nip.io
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-production
#### Build related ####
DOCKER_BUILDKIT=1
COMPOSE_DOCKER_CLI_BUILD=1
COMPOSE_FILE=docker-compose-sh.yaml:build/docker-compose-sh.yaml:docker-compose-traefik-selfsigned.yaml:docker-compose-jhipster-registry.yaml:development-services/build/docker-compose-keycloak-setup.yaml
EXTRA_CA_URL=https://git.code.tecnalia.com/smartdatalab/ca/-/raw/master/ca.crt.pem
.env.int 0 → 100644
+ 32
0
View file @ 6f1ec845
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
DEVSVC_BASE_PATH=development-services/
DEVSVC_SETUP_BASE_PATH=
#### Production related ####
DOCKER_REGISTRY_PREFIX=optima-piacere-docker-dev.artifact.tecnalia.com
PROJECT_NAME=
COMPOSE_PROJECT_VERSION=y1
TZ=Madrid
ADMIN_PASSWORD=piacerePassword
HTTPS_PORT=8443
SERVER_HOST=192.168.56.1.nip.io
KEYCLOAK_URL=https://auth.192.168.56.1.nip.io:8443
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-production
#### Build related ####
DOCKER_BUILDKIT=1
COMPOSE_DOCKER_CLI_BUILD=1
EXTRA_CA_URL=https://git.code.tecnalia.com/smartdatalab/ca/-/raw/master/ca.crt.pem
#### Development related ####
# CERTIFICATE_SIGNING_KEY_PASSPHRASE=
COMPOSE_FILE=docker-compose-sh.yaml:build/docker-compose-sh.yaml:docker-compose-jhipster-registry.yaml:docker-compose-dev.yaml:development-services/docker-compose-traefik-tecnalia-selfsigned.yaml:docker-compose-expose.yaml:docker-compose-redirect-http.yaml:development-services/build/docker-compose-traefik-tecnalia-selfsigned.yaml:development-services/docker-compose.yaml:development-services/docker-compose-expose.yaml:development-services/docker-compose-redirect-http.yaml:development-services/build/docker-compose.yaml
.gitlab-ci.yml 0 → 100644
+ 87
0
View file @ 6f1ec845
stages:
- build
- deploy
- stop
# - debug
variables:
GIT_SUBMODULE_STRATEGY: normal
.common_variables:
variables:
TZ: Madrid
SERVER_HOST: sh.piacere.esilab.org
HTTPS_PORT: 8445
SMTP_USER_EMAIL: piacere@esilab.org
PROJECT_NAME: piacere-sh
GIT_SUBMODULES: init
COMPOSE_FILE: "docker-compose.yaml:docker-compose-dev.yaml:docker-compose-traefik-tecnalia-selfsigned.yaml:docker-compose-expose.yaml"
.main:
extends:
- .common_variables
variables:
# these variables take precedence over .env
# CERTIFICATE_SIGNING_KEY_PASSPHRASE and ADMIN_PASSWORD defined in variables at settings/ci_cd
COMPOSE_PROJECT_NAME: piacere-sh
COMPOSE_PROJECT_VERSION: main
ADD_DEFAULT_CA: "true"
only:
- main
tags:
- docker
- docker-compose
- integration
- piacere-sh
- shell
.build:
script:
- echo "build images"
- docker-compose build --parallel
.deploy:
script:
- echo "Deploy to the environment"
- docker-compose up -d --remove-orphans
.stop:
variables:
GIT_STRATEGY: none
script:
- echo "Stops the environment"
- docker-compose down --remove-orphans
build_main:
stage: build
extends:
- .main
- .build
deploy_main:
stage: deploy
extends:
- .main
- .deploy
environment:
name: main
url: https://$SERVER_HOST:$HTTPS_PORT
on_stop: stop_main
stop_main:
stage: stop
extends:
- .main
- .stop
environment:
name: main
action: stop
when: manual
# job-docker-compose-config:
# stage: debug
# extends:
# - .main
# when: manual
# script:
# - docker-compose config
\ No newline at end of file
.gitmodules 0 → 100644
+ 3
0
View file @ 6f1ec845
[submodule "development-services"]
path = development-services
url = ../../../../smartdatalab/libraries/docker-compose/development-services.git
README.md
+ 134
92
View file @ 6f1ec845
# Self-Healing
## Getting started
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
## Add your files
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
```
cd existing_repo
git remote add origin https://git.code.tecnalia.com/piacere/public/the-platform/self-healing.git
git branch -M main
git push -uf origin main
```
## Integrate with your tools
- [ ] [Set up project integrations](https://git.code.tecnalia.com/piacere/public/the-platform/self-healing/-/settings/integrations)
## Collaborate with your team
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
<!-- Gitlab Specific Markdown guide https://docs.gitlab.com/ee/user/markdown.html -->
# T64-self-healing
This is a docker compose project that aim to instantiate the selfhealing piacere components for different purposes:
* production
* develop
* debug
* integration
## Prerequisites
In order to use this vagrantfile you need virtualbox and vagrant.
* https://www.docker.com/ (latest tested version 20.10.8, build 3967b7d)
* https://docs.docker.com/compose/ (latest tested version 1.29.0, build 07737305)
## How to use
The docker-compose can be started in different ways depending your purpose. But in all the cases the first step is to download the repo.
```bash
git clone https://git.code.tecnalia.com/piacere/private/t64-self-healing.git
cd t64-self-healing
````
NOTE: For develop and debug scenarios the repo relays in git submodules and therefore if we need to build the component images (the typical case) we need to user the "--recurse-submodules" option to download the submodules. Or issuing a "git submodule update --init --recursive" statement latter on.
After that we may need to change some of the variables at .env to secure the deployment or customize to our needs. Examples of variables that could be subject to change are:
```bash
export SERVER_HOST=somedomain
export HTTPS_PORT=8443
export ADMIN_PASSWORD=somestrongpassword
````
NOTE: Another posibility could be to edit the .env file directly, but beware of uploading secrets to git
### For production
By default the project is configured to support the production scenario where we relay in previously uploaded images to the artifactory. The file containing the default variables for this scenario is .env
```bash
git clone https://git.code.tecnalia.com/piacere/private/t64-self-healing.git
cd t64-self-healing
export SERVER_HOST=basedomain.org
export HTTPS_PORT=8443
export ADMIN_PASSWORD=somestrongpassword
docker login optima-piacere-docker-dev.artifact.tecnalia.com -u user@domain.net -p repositoryToken
docker-compose pull
docker-compose up -d --no-build --remove-orphans
echo to stop
docker-compose down --remove-orphans
echo if we what to remove also the persistent information
docker-compose down --volumes --remove-orphans
````
### For building
Another tipical scenario is to run the docker-compose for building the images after some updates. The file containing the default variables for this scenario is .env.build.
```bash
git clone --recurse-submodules https://git.code.tecnalia.com/piacere/private/t64-self-healing.git
cd t64-self-healing
docker-compose --env-file .env.build build
docker login optima-piacere-docker-dev.artifact.tecnalia.com -u user@domain.net -p repositoryToken
docker-compose --env-file .env.build push
````
NOTE: For this task as metioned before it is necessary to download the submodules
### For integration debug
Another tipical scenario is to run the docker-compose to test the whole solution during development or debug activities inside a development computer. The file containing the default variables for this scenario is .env.int.
```bash
git clone --recurse-submodules https://git.code.tecnalia.com/piacere/private/t64-self-healing.git
cd t64-self-healing
export CERTIFICATE_SIGNING_KEY_PASSPHRASE=thesecretkeytodecryptthecaprivatekey
docker-compose --env-file .env.int build
docker-compose --env-file .env.int up -d --no-build --remove-orphans
docker-compose --env-file .env.int down --remove-orphans
echo if we what to remove also the persistent information
docker-compose down --env-file .env.int --volumes --remove-orphans
````
### For local development support
Another tipical scenario is to run the docker-compose to use some of the components to support the local development. ie.e databases, identity management systems, etc. The file containing the default variables for this scenario is .env.dev.
```bash
git clone --recurse-submodules https://git.code.tecnalia.com/piacere/private/t64-self-healing.git
cd t64-self-healing
export CERTIFICATE_SIGNING_KEY_PASSPHRASE=thesecretkeytodecryptthecaprivatekey
docker-compose --env-file .env.dev build
docker-compose --env-file .env.dev up -d --no-build --remove-orphans
docker-compose --env-file .env.dev down --remove-orphans
echo if we what to remove also the persistent information
docker-compose down --env-file .env.dev --volumes --remove-orphans
````
## How to access
Once we sucessfully deploy the docker-compose, we will be able to access the services at (supposing SERVER_HOST=192.168.56.1.nip.io and HTTPS_PORT=8443):
* https://sh.192.168.56.1.nip.io:8443/ to access sh gateway for development support
Appart from those in case we are using the ".env.int" we will have access to aditional endpoints
* https://jhipster-registry.192.168.56.1.nip.io:8443/ to access jhipster registry
And to those generic described at [development-services](git/deploy/development-services/README.md)
* https://traefik.192.168.56.1.nip.io:8443/ to access traefik dashboard
* https://traefik.192.168.56.1.nip.io:8443/api/http/routers to access traefik api
* https://portainer.192.168.56.1.nip.io:8443/ to access portainer
* https://ca.192.168.56.1.nip.io:8443/ to access the tecnalia ca in case we use the tecnalia traefik
* https://auth.192.168.56.1.nip.io:8443/ to access keycloak
* ...
# Development
## import jhipster data model
jhipster import-jdl selfHealingService.jdl
## How to develop in local environment
deploy the docker-compose from root folder with "docker-compose -f docker-compose-local-dev.yaml up --build -d"
deploy service from selfHealingService folder "./mvnw -Pdev,api-docs,no-liquibase -Dskip-tests"
deploy gateway from selfHealingGateway folder "./mvnw -Pdev,webapp,api-docs -Dskip-tests"
#export mysql data
get container id with
"docker ps"
get script
"docker exec -it 6a1 mysqldump -uroot --databases <databaseName> --tables <table1Name> <table2Name> <...> --skip-comments > /tmp/export.sql"
update startupscripts with data from export.sql
## Liquibase
To regenerate the code and database like the first time:
- Delete json model in ".jhipster" folder
- Delete changelog xmls except initial_schema
- Set empty array in entities from ".yo-rc.json" file
- Delete lastLiquibaseTimestamp property from .yo-rc.json file
- Execute in microservice folder, "jhipster import selfHealingService.jdl"
After starting mysql service (docker-compose):
- Access mysql database and remove it.
- Deploy service with liquibase profile active
"./mvnw -Pdev,api-docs -Dskip-tests"
# API usage
https://sh.piacere.esilab.org:8445/services/shbackend/api/self-healing/notify
build/docker-compose-sh.yaml 0 → 100644
+ 26
0
View file @ 6f1ec845
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
sh-mysql:
build:
context: ${SH_BUILD_RELATIVE_FOLDER}git/sh-mysql
dockerfile: Dockerfile
sh-gateway:
build:
context: ${SH_BUILD_RELATIVE_FOLDER}git/sh-gateway
dockerfile: Dockerfile
args:
BUILDKIT_INLINE_CACHE: 1
EXTRA_CA_URL: ${EXTRA_CA_URL:?err}
sh-backend:
build:
context: ${SH_BUILD_RELATIVE_FOLDER}git/sh-backend
dockerfile: Dockerfile
args:
BUILDKIT_INLINE_CACHE: 1
EXTRA_CA_URL: ${EXTRA_CA_URL:?err}
\ No newline at end of file
central-config/jhipster/application.yml 0 → 100644
+ 41
0
View file @ 6f1ec845
# Common configuration shared between all applications
global:
password: ${GLOBAL_PASSWORD:admin}
registry:
url: ${GLOBAL_REGISTRY_URL:http://admin:${global.password}@jhipster-registry:8761}
configserver:
name: Docker JHipster Registry
status: Connected to the JHipster Registry running in Docker using confiserver at jhipster registry ${global.registry.url}
jhipster:
registry:
password: ${global.password}
security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
# As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
# - In the JHipster Registry (which includes a Spring Cloud Config server)
# - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
# - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
base64-secret: MjFhOTY5YjFiYjZjZGM0YTlhZjM1OGYwZmU2MjE1ZTJiNTNmM2Q0OTdiMDhmNDQzNjRjZWQyZDM0YmI0YjkwMGI4ZDc0ZGE0MGM3Yzg0M2U2Y2Q0ZDE4MDcwNzc4ODQyMjczOWYyODNlY2RmOTQzNGQzOTc3NDc0MDdkNjlkN2I=
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
spring:
security:
user:
password: ${global.password}
eureka:
instance:
# not sure the reason for this
prefer-ip-address: true
client:
service-url:
defaultZone: ${global.registry.url}/eureka/
server:
forward-headers-strategy: framework
\ No newline at end of file
central-config/jhipster/registry.yml 0 → 100644
+ 9
0
View file @ 6f1ec845
jhipster:
cors:
# allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:https://jhipster-registry.192.168.56.1.nip.io:8443}" this is valid expression
allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:*}"
allowed-methods: "*"
allowed-headers: "*"
exposed-headers: "Authorization,Link,X-Total-Count"
allow-credentials: "true"
max-age: 1800
central-config/sh/application.yml 0 → 100644
+ 41
0
View file @ 6f1ec845
# Common configuration shared between all applications
global:
password: ${GLOBAL_PASSWORD:admin}
registry:
url: ${GLOBAL_REGISTRY_URL:http://admin:${global.password}@jhipster-registry:8761}
configserver:
name: Docker JHipster Registry
status: Connected to the JHipster Registry running in Docker using confiserver at jhipster registry ${global.registry.url}
jhipster:
registry:
password: ${global.password}
security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
# As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
# - In the JHipster Registry (which includes a Spring Cloud Config server)
# - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
# - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
base64-secret: MjFhOTY5YjFiYjZjZGM0YTlhZjM1OGYwZmU2MjE1ZTJiNTNmM2Q0OTdiMDhmNDQzNjRjZWQyZDM0YmI0YjkwMGI4ZDc0ZGE0MGM3Yzg0M2U2Y2Q0ZDE4MDcwNzc4ODQyMjczOWYyODNlY2RmOTQzNGQzOTc3NDc0MDdkNjlkN2I=
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
spring:
security:
user:
password: ${global.password}
eureka:
instance:
# not sure the reason for this
prefer-ip-address: true
client:
service-url:
defaultZone: ${global.registry.url}/eureka/
server:
forward-headers-strategy: framework
\ No newline at end of file
central-config/sh/shBackend.yml 0 → 100644
+ 138
0
View file @ 6f1ec845
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
global:
mysql:
url: ${GLOBAL_MYSQL_URL:mysql://sh-mysql:3306/shBackend?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true}
management:
metrics:
export:
prometheus:
enabled: false
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:${global.mysql.url}
username: root
password:
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
# Replace by 'prod, faker' to add the faker context and have sample data loaded in production
liquibase:
contexts: prod
thymeleaf:
cache: true
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
# ===================================================================
# To enable TLS in production, generate a certificate using:
# keytool -genkey -alias shbackend -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
# port: 443
# ssl:
# key-store: classpath:config/tls/keystore.p12
# key-store-password: password
# key-store-type: PKCS12
# key-alias: selfsigned
# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/)
# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# ===================================================================
server:
port: 8081
shutdown: graceful # see https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-graceful-shutdown
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
cache: # Cache configuration
hazelcast: # Hazelcast distributed cache
time-to-live-seconds: 3600
backup-count: 1
logging:
use-json-format: false # By default, logs are not in Json format
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
kafka:
bootstrap.servers: sh-kafka:9092
polling.timeout: 10000
consumer:
selfHealingMessage:
enabled: true
'[key.deserializer]': org.apache.kafka.common.serialization.StringDeserializer
'[value.deserializer]': com.piacere.selfhealing.backend.serde.SelfHealingMessageDeserializer
'[group.id]': sh-self-healing
'[auto.offset.reset]': earliest
producer:
selfHealingMessage:
enabled: true
'[key.serializer]': org.apache.kafka.common.serialization.StringSerializer
'[value.serializer]': com.piacere.selfhealing.backend.serde.SelfHealingMessageSerializer
topic:
selfHealingMessage: queuing.sh_self_healing.self_healing_message
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================
# application:
central-config/sh/shGateway.yml 0 → 100644
+ 111
0
View file @ 6f1ec845
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
#logging:
# file:
# name: logs/iec-backend.log
# level:
# ROOT: TRACE
global:
mysql:
url: ${GLOBAL_MYSQL_URL:mysql://sh-mysql:3306/shFrontend?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true}
management:
metrics:
export:
prometheus:
enabled: false
#spring:
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
liquibase:
contexts: prod
url: jdbc:${global.mysql.url}
mail:
host: localhost
port: 25
username:
password:
r2dbc:
url: r2dbc:${global.mysql.url}
username: root
password:
thymeleaf:
cache: true
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
server:
port: 8080
shutdown: graceful # see https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-graceful-shutdown
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
gateway:
authorized-microservices-endpoints: # Access Control Policy, if left empty for a route, all endpoints will be accessible
shbackend: /api,/v3/api-docs
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
cors:
# allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:https://sh.192.168.56.1.nip.io:8443}" this is valid expression
allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:*}"
allowed-methods: "*"
allowed-headers: "*"
exposed-headers: "Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params"
allow-credentials: "true"
max-age: 1800
mail: # specific JHipster mail property, for standard properties see MailProperties
base-url: http://my-server-url-to-change # Modify according to your server's URL
logging:
use-json-format: false # By default, logs are not in Json format
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================
# application:
docker-compose-dev.yaml 0 → 100644
+ 14
0
View file @ 6f1ec845
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- jhipster-registry.${SERVER_HOST}
jhipster-registry:
labels:
- "traefik.enable=true"
- "traefik.http.routers.jhipster-registry.entrypoints=websecure"
- "traefik.http.routers.jhipster-registry.rule=Host(`jhipster-registry.${SERVER_HOST:?err}`)"
docker-compose-expose.yaml 0 → 100644
+ 7
0
View file @ 6f1ec845
version: "3.8"
services:
## Common structure
traefik:
ports:
- ${HTTPS_PORT:?err}:${HTTPS_PORT:?err}
docker-compose-jhipster-registry.yaml 0 → 100644
+ 26
0
View file @ 6f1ec845
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- jhipster-registry.${SERVER_HOST}
jhipster-registry:
image: jhipster/jhipster-registry:v6.8.0
restart: always
environment:
SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE: native
# usually LOCATION use to point to file:./central-config, but, looking forward to the possibility to use a unique jhipster-registry for all the project we use the label feature that allow us to contain multiple configurations organized in folders sh, sh, iop
SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS: file:./central-config/{label}
# if we migrate to a single jhipster-registry for all project we will need create a new folder global to hold the jhipster-registry configuration and assing global as LABEL
SPRING_CLOUD_CONFIG_LABEL: jhipster
SPRING_CLOUD_CONFIG_NAME: registry
GLOBAL_PASSWORD: ${ADMIN_PASSWORD}
JHIPSTER_CORS_ALLOWEDORIGINS: "https://jhipster-registry.${SERVER_HOST:?err}:${HTTPS_PORT}"
volumes:
- ./central-config/jhipster:/central-config/jhipster
- ./central-config/sh:/central-config/sh
docker-compose-redirect-http.yaml 0 → 100644
+ 14
0
View file @ 6f1ec845
version: "3.8"
services:
traefik:
labels:
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.routers.http-catchall.service=api@internal"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.port=${HTTPS_PORT:?err}"
ports:
- 80:80
docker-compose-sh.yaml 0 → 100644
+ 67
0
View file @ 6f1ec845
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- sh.${SERVER_HOST}
sh-mysql:
image: ${DOCKER_REGISTRY_PREFIX}${PROJECT_NAME}/wp5/sh-mysql:${COMPOSE_PROJECT_VERSION:?err}
restart: always
volumes:
- sh-mysql_data:/var/lib/mysql
sh-gateway:
image: ${DOCKER_REGISTRY_PREFIX}${PROJECT_NAME}/wp5/sh-gateway:${COMPOSE_PROJECT_VERSION:?err}
restart: always
depends_on:
- jhipster-registry
environment:
GLOBAL_PASSWORD: ${ADMIN_PASSWORD}
# GLOBAL_REGISTRY_URL: http://admin:${ADMIN_PASSWORD}@jhipster-registry:8761
JHIPSTER_CORS_ALLOWEDORIGINS: "https://sh.${SERVER_HOST:?err}:${HTTPS_PORT}"
# Unlike the Jhipster registry, for some reason it cannot work without oidc info
labels:
- "traefik.enable=true"
- "traefik.http.routers.sh-gateway.rule=Host(`sh.${SERVER_HOST:?err}`)"
- "traefik.http.routers.sh-gateway.entrypoints=websecure"
sh-backend:
image: ${DOCKER_REGISTRY_PREFIX}${PROJECT_NAME}/sh-backend:${COMPOSE_PROJECT_VERSION:?err}
restart: always
depends_on:
- jhipster-registry
environment:
GLOBAL_PASSWORD: ${ADMIN_PASSWORD}
SPRING_PROFILES_ACTIVE: prod,api-docs
# GLOBAL_REGISTRY_URL: http://admin:${ADMIN_PASSWORD}@jhipster-registry:8761
# Unlike the Jhipster registry, for some reason it cannot work without oidc info
# SPRING_PROFILES_ACTIVE: prod,api-docs,no-liquibase
# MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED: "true"
sh-kafka:
image: confluentinc/cp-kafka:5.5.5
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
restart: always
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: sh-zookeeper:2181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://sh-kafka:29092,PLAINTEXT_HOST://sh-kafka:9092 # based on this https://rmoff.net/2018/08/02/kafka-listeners-explained/ as we are not going to externalize in principle it seems that there is no need for this. but the docker requires them to run.
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT # also required to run the docker
# KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 # the docker defaults to 3
KAFKA_ADVERTISED_HOST_NAME: sh-kafka
sh-zookeeper:
image: confluentinc/cp-zookeeper:5.5.5
restart: always
environment:
ZOOKEEPER_CLIENT_PORT: 2181 # this is the default it is not needed, but it is required in the docker
# ZOOKEEPER_TICK_TIME: 2000 this is the default it is not needed
volumes:
sh-mysql_data:
\ No newline at end of file
docker-compose-traefik-selfsigned.yaml 0 → 100644
+ 30
0
View file @ 6f1ec845
version: "3.8"
services:
## Common structure
traefik:
image: traefik:v2.5.2
restart: always
hostname: ${SERVER_HOST}
command:
--api=true
--api.insecure=true
--serverstransport.insecureskipverify=true
--ping=true
--providers.docker=true
--providers.docker.constraints="Label(`com.docker.compose.project`, `${COMPOSE_PROJECT_NAME}`)"
--providers.docker.exposedbydefault=false
--entrypoints.web.address=:80
--entrypoints.websecure.address=:${HTTPS_PORT:?err}
--entrypoints.websecure.http.tls=true
# --log.level=DEBUG
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
default:
aliases:
- ${SERVER_HOST:?err}
networks:
default:
\ No newline at end of file
git/sh-backend/.dockerignore 0 → 100644
+ 3
0
View file @ 6f1ec845
target
node_modules
Dockerfile
\ No newline at end of file
git/sh-backend/.editorconfig 0 → 100644
+ 23
0
View file @ 6f1ec845
# EditorConfig helps developers define and maintain consistent
# coding styles between different editors and IDEs
# editorconfig.org
root = true
[*]
# We recommend you to keep these unchanged
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
# Change these settings to your own preference
indent_style = space
indent_size = 4
[*.{ts,tsx,js,jsx,json,css,scss,yml,html,vue}]
indent_size = 2
[*.md]
trim_trailing_whitespace = false
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment