...
It is now time to create the local Docker containers
Installation
...
Local Docker repository
Start your own local Docker repository with the following command:
Code Block |
---|
docker run -d -p 5000:5000 --restart=always --name registry registry:2 |
You can change the port number. If you do, please update the Configuration.conf files accordingly (see Secure Backend - Configuration)
Build and run
Note |
---|
Version 1.0.x |
Go to the SAMDistImages directory and run the following commands:
Code Block |
---|
make images make pushtorepository |
...
Go to the SAMDeployment directory and run the following commands:
Code Block |
---|
make initstorage make initdatabase make images |
...
Still in the SAMDeployment directory, simple run the followoing command:
Code Block |
---|
make run |
Note |
---|
Version 1.1.x |
Go to the SAMDistImages directory and run the following command:
Code Block |
---|
make install |
Note |
---|
Version 1.1.x + JFrog |
Once you pulled the images from JFrog (see: Amadis One - JFrog repository), you need to create a docker-compose file to setup the network and components as well as an environment file to set some variables.
Create a docker-compose-prod.yml
file with similar information (can be updated according to your needs):
Code Block |
---|
version: '3.8' services: database: container_name: database image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-database:${VERSION} command: --default-authentication-plugin=mysql_native_password platform: linux/amd64 env_file: - .env environment: MYSQL_ROOT_PASSWORD: ${ROOT_DATABASE_PASSWORD} DATABASE_IMAGE: ${DATABASE_IMAGE} ports: - ${DATABASE_PORT}:3306 networks: - sambackendnet restart: always php: container_name: php image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-php:${VERSION} depends_on: - database restart: unless-stopped volumes: - php_socket:/var/run/php env_file: - .env healthcheck: interval: 10s timeout: 3s retries: 3 start_period: 30s networks: - sambackendnet http: container_name: http image: ${IMAGE_DEPLOYMENT_REPOSITORY}/secbkd-http:${VERSION} depends_on: - php environment: SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80} restart: unless-stopped volumes: - php_socket:/var/run/php ports: # HTTP - target: 80 published: 80 protocol: tcp # HTTPS 443 - target: 443 published: ${API_PORT} protocol: tcp networks: sambackendnet: external: true volumes: php_socket: |
Then create a .env
file with the following data (can be updated according to your system):
Code Block |
---|
# Version of the SAM backend
VERSION=1.1.4-rc1
SERVER_NAME=dev.amadis.com
# Docker repository
IMAGE_DEPLOYMENT_REPOSITORY=amadis.jfrog.io/aone-secbkd-local
# Permanent storage base directory
STORAGE_BASE_DIRECTORY=./Storage
# Database server address
DATABASE_SERVER=database
# Database server address
DATABASE_PORT=3306
# MUST be sambackend as set in the distribution images
DATABASE_NAME=sambackend
# Database username to use
DATABASE_USER=sambackend
# Database user's password to use
DATABASE_PASSWORD=sambackendpw
# Database root's password for database updates
ROOT_DATABASE_PASSWORD=tryphon1
# arm64v8/mysql:oracle or mysql:8.0-debian
DATABASE_IMAGE=mysql:8.0-debian
# Port the server will listen to.
API_PORT=443 |
Then create the network (if not already existing):
Code Block |
---|
docker network create sambackendnet |
And start the images:
Code Block |
---|
docker-compose -f docker-compose-prod.yml up --build -d http |
Additionally, it might be required to run a few more steps within the php
container (docker exec -it php /bin/sh
):
Code Block |
---|
php artisan db:seed (if the databse needs to be seeded with Amadis defaults)
php artisan passport:keys (macos only?) |
KeyEmbeddingTool
To export the device transport key securely, the server will leverage a tool from Zimperium called KeyEmbeddingTool
. That tools comes in two flavors: development and production.
The server will look for a /var/www/html/app/tools/KeyEmbeddingTool
in the PHP Docker container.
By default, the development version is used. To switch between development and production versions, two additional binaries will be provided in the container: /var/www/html/app/tools/KeyEmbeddingToolDev
and /var/www/html/app/tools/KeyEmbeddingToolProd
. Simply replace /var/www/html/app/tools/KeyEmbeddingTool
by the one to be used.
Update
Note |
---|
Version 1.0.x |
Warning |
---|
This method only works when there is no database table format or element update between 2 versions. |
Assuming there is a folder called secbkd-1.0.x on the server (the currently running version) and that the new package (secbkd-1.0.y) is already present on the same path.
e.g.:
Code Block |
---|
<some_directory>/
|_ secbkd-1.0.x/
|_ secbkd-1.0.10.4/ |
Stop all running containers and remove them:
Code Block |
---|
docker stop samserver_1.0.x samphpmyadmin_1.0.x samdatabase_1.0.x
docker rm samserver_1.0.x samphpmyadmin_1.0.x samdatabase_1.0.x |
If you can, clean the docker registry:
Code Block |
---|
docker system prune |
Note |
---|
Careful, if you have other containers running, you need to delete them manually, this command will remove all existing containers and networks. |
Go to the new package and build the images:
Code Block |
---|
cd secbkd-1.0.y/SAMDistImages
make images && make pushtorepository |
Copy the old 'Storage' dir into the new package (we are still in SAMDistImages directory)
Code Block |
---|
sudo cp -R ../../secbkd-1.0.x/SAMDeployment/Storage ../SAMDeployment/ |
Run the new containers:
Code Block |
---|
cd ../SAMDeployment
make run |
And that should do the trick.