[Docker] Provide working Docker Compose configuration.

Also add setup guide for the Docker Compose deployment.
kbss-cvut · Nov 13, 2023 · 4a4af81 · 4a4af81
1 parent 6d32ac4
commit 4a4af81
Show file tree

Hide file tree

Showing 5 changed files with 2,395 additions and 11 deletions.
diff --git a/doc/development.md b/doc/development.md
@@ -1,4 +1,4 @@
-Development Notes
+# Development Notes
 
 Frontend of the application is developed separately.
 

diff --git a/doc/setup.md b/doc/setup.md
@@ -65,4 +65,28 @@ default role mapping in Keycloak. Record Manager will assign `ROLE_USER` to auth
 must be available in the token.
 
 Note also that it is expected that user metadata corresponding to the user extracted from the access token exist in the
-repository. They are paired via the `prefferred_username` claim value (see `SecurityUtils`).
+repository. They are paired via the `preferred_username` claim value (see `SecurityUtils`).
+
+## Docker Compose Deployment
+
+This repo contains an example Docker Compose configuration that can be used to quickly spin up Record Manager with its frontend,
+a GraphDB repository, S-pipes form generator and Keycloak as the authentication service. The configuration uses the Record Manager
+code from this repository. Published frontend image is used.
+
+The deployment is pretty much self-contained, it sets up the corresponding repositories, imports a realm where clients
+are configured for both the Record Manager backend and frontend. All the services (except PostgreSQL used by Keycloak) 
+in the deployment export their ports to the host system, so ensure the following ports are available on your system: 
+3000, 8080, 8081, 8088.
+
+To run the deployment for the first time, follow these steps:
+
+1. Create the `.env` file and set the following variables in it: `KC_ADMIN_USER`, `KC_ADMIN_PASSWORD`.
+2. Run `docker compose up -d db-server` first. It uses a script that creates GraphDB repositories needed by the system.
+3. Wait approximately 20s (check the log and wait for GraphDB to be fully up).
+4. Start the rest of the system by running `docker compose up -d --build` (`--build` is used because Record Manager backend needs to be build)
+5. Go to [http://localhost:8088](http://localhost:8088), login to the Keycloak admin console using `KC_ADMIN_USER` and `KC_ADMIN_PASSWORD`.
+6. Select realm `record-manager`.
+7. Add user accounts as necessary. Do not forget to assign them one of `ROLE_ADMIN` or `ROLE_USER` roles.
+8. Go to [http://localhost:3000](http://localhost:3000) and log in using one of the created user accounts.
+
+When running the deployment next time, just execute `docker compose up -d --build` and go to [http://localhost:3000](http://localhost:3000).
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,50 +4,99 @@ services:
   record-manager-ui:
     image: 'ghcr.io/kbss-cvut/kbss-cvut/record-manager-ui:latest'
     ports:
-      - '127.0.0.1:3000:80'
+      - "127.0.0.1:3000:80"
     depends_on:
       - record-manager
     environment:
       APP_TITLE: "Record Manager"
       BASENAME: "./"
-      LANGUAGE: "en"
+      LANGUAGE: "cs"
       NAVIGATOR_LANGUAGE: "true"
       API_URL: "http://localhost:8080/record-manager"
       APP_INFO: "<a href=\"https://github.com/kbss-cvut\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"KBSS CVUT v Praze\">© KBSS CVUT v Praze, 2023</a>"
+      AUTHENTICATION: "oidc"
+      AUTH_SERVER_URL: "http://localhost:8088/realms/record-manager"
+      AUTH_CLIENT_ID: "record-manager-ui"
+      FORCE_BASENAME: "true"
 
   record-manager:
     build: .
     image: record-manager
     container_name: record-manager
     ports:
-      - '127.0.0.1:8080:8080'
+      - "127.0.0.1:8080:8080"
     depends_on:
       - s-pipes-engine
       - db-server
+      - auth-server
     environment:
       REPOSITORYURL: "http://db-server:7200/repositories/record-manager"
       FORMGENREPOSITORYURL: "http://db-server:7200/repositories/record-manager-formgen"
       FORMGENSERVICEURL: "http://s-pipes-engine:8080/s-pipes/service?_pId=clone&sgovRepositoryUrl=https%3A%2F%2Fgraphdb.onto.fel.cvut.cz%2Frepositories%2Fkodi-slovnik-gov-cz"
+      SECURITY_PROVIDER: "oidc"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI: "http://localhost:8088/realms/record-manager"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWKSETURI: "http://auth-server:8080/realms/record-manager/protocol/openid-connect/certs"
 
   s-pipes-engine:
-    image: 'ghcr.io/kbss-cvut/s-pipes/s-pipes-engine:latest'
+    image: "ghcr.io/kbss-cvut/s-pipes/s-pipes-engine:latest"
     ports:
       - "127.0.0.1:8081:8080"
     depends_on:
       - db-server
-    environment:
-      - CONTEXTS_SCRIPTPATHS=/scripts
-
   db-server:
     build:
       context: db-server
     environment:
-      GDB_JAVA_OPTS: -Ddefault.min.distinct.threshold=67108864
+      GDB_JAVA_OPTS: "-Ddefault.min.distinct.threshold=67108864"
     ports:
       - "127.0.0.1:7200:7200"
     volumes:
       - data:/opt/graphdb/home
+  auth-server-db:
+    image: postgres:13
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: keycloak
+    volumes:
+      - auth-server-db:/var/lib/postgresql/data
+  auth-server:
+    image: "ghcr.io/kbss-cvut/keycloak-graphdb-user-replicator/keycloak-graphdb:latest"
+    command:
+      - start --import-realm
+    environment:
+      KC_IMPORT: realm-export.json
+      KC_HOSTNAME_URL: "http://localhost:8088"
+      KC_HOSTNAME_ADMIN_URL: "http://localhost:8088"
+      KC_HOSTNAME_STRICT_BACKCHANNEL: false
+      KC_HTTP_ENABLED: true
+      KEYCLOAK_ADMIN: ${KC_ADMIN_USER}
+      KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD}
+      DB_VENDOR: POSTGRES
+      DB_ADDR: auth-server-db
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: keycloak
+      DB_SCHEMA: "public"
+      DB_SERVER_URL: "http://db-server:7200"
+      DB_SERVER_REPOSITORY_ID: "record-manager"
+      REPOSITORY_LANGUAGE: "en"
+      VOCABULARY_USER_TYPE: "http://onto.fel.cvut.cz/ontologies/record-manager/user"
+      VOCABULARY_USER_FIRST_NAME: "http://xmlns.com/foaf/0.1/firstName"
+      VOCABULARY_USER_LAST_NAME: "http://xmlns.com/foaf/0.1/lastName"
+      VOCABULARY_USER_USERNAME: "http://xmlns.com/foaf/0.1/accountName"
+      VOCABULARY_USER_EMAIL: "http://xmlns.com/foaf/0.1/mbox"
+      ADD_ACCOUNTS: false
+      REALM_ID: "record-manager"
+    ports:
+      - "127.0.0.1:8088:8080"
+    volumes:
+      - auth-server:/opt/keycloak/data
+      - ./keycloak:/opt/keycloak/data/import
+    depends_on:
+      - auth-server-db
 
 volumes:
   data:
-  logs:
+  auth-server:
+  auth-server-db: