From 0b9c154061278fef6c99adac2cd89481b23c08fd Mon Sep 17 00:00:00 2001 From: Joel Unzain Date: Fri, 20 Dec 2019 13:24:50 -0800 Subject: [PATCH] add themis to docker-compose cluster (#24) --- deploy/docker-compose/deploy.sh | 1 + deploy/docker-compose/docFiles/talaria-0.yaml | 8 ++ deploy/docker-compose/docFiles/talaria-1.yaml | 8 ++ deploy/docker-compose/docFiles/talaria-2.yaml | 8 ++ deploy/docker-compose/docFiles/themis.yaml | 46 +++++++ deploy/docker-compose/docker-compose.yml | 117 ++++++++++-------- simulator/simulate | 18 ++- 7 files changed, 152 insertions(+), 54 deletions(-) create mode 100644 deploy/docker-compose/docFiles/themis.yaml diff --git a/deploy/docker-compose/deploy.sh b/deploy/docker-compose/deploy.sh index 29b6357..74fe2ea 100755 --- a/deploy/docker-compose/deploy.sh +++ b/deploy/docker-compose/deploy.sh @@ -21,6 +21,7 @@ TR1D1UM_VERSION=${TR1D1UM_VERSION:-0.1.5} \ SCYTALE_VERSION=${SCYTALE_VERSION:-0.1.5} \ PETASOS_VERSION=${PETASOS_VERSION:-0.1.4} \ TALARIA_VERSION=${TALARIA_VERSION:-0.1.3} \ +THEMIS_VERSION=${THEMIS_VERSION:-0.4.0} \ SIMULATOR_VERSION=${SIMULATOR_VERSION:-local} \ docker-compose -f $ROOT_DIR/deploy/docker-compose/docker-compose.yml up -d $@ diff --git a/deploy/docker-compose/docFiles/talaria-0.yaml b/deploy/docker-compose/docFiles/talaria-0.yaml index 65143d2..5ed753c 100644 --- a/deploy/docker-compose/docFiles/talaria-0.yaml +++ b/deploy/docker-compose/docFiles/talaria-0.yaml @@ -54,6 +54,14 @@ eventMap: default: http://caduceus:6000/api/v3/notify + jwtValidators: + - + keys: + Factory: + uri: "http://themis:6500/keys/{keyId}" + purpose: 0 + updateInterval: 604800000000000 + service: defaultScheme: http consul: diff --git a/deploy/docker-compose/docFiles/talaria-1.yaml b/deploy/docker-compose/docFiles/talaria-1.yaml index 0fb73ff..c6430de 100644 --- a/deploy/docker-compose/docFiles/talaria-1.yaml +++ b/deploy/docker-compose/docFiles/talaria-1.yaml @@ -54,6 +54,14 @@ eventMap: default: http://caduceus:6000/api/v3/notify + jwtValidators: + - + keys: + Factory: + uri: "http://themis:6500/keys/{keyId}" + purpose: 0 + updateInterval: 604800000000000 + service: defaultScheme: http consul: diff --git a/deploy/docker-compose/docFiles/talaria-2.yaml b/deploy/docker-compose/docFiles/talaria-2.yaml index 0bf0177..7bb99ad 100644 --- a/deploy/docker-compose/docFiles/talaria-2.yaml +++ b/deploy/docker-compose/docFiles/talaria-2.yaml @@ -54,6 +54,14 @@ eventMap: default: http://caduceus:6000/api/v3/notify + jwtValidators: + - + keys: + Factory: + uri: "http://themis:6500/keys/{keyId}" + purpose: 0 + updateInterval: 604800000000000 + service: defaultScheme: http consul: diff --git a/deploy/docker-compose/docFiles/themis.yaml b/deploy/docker-compose/docFiles/themis.yaml new file mode 100644 index 0000000..78bdb4c --- /dev/null +++ b/deploy/docker-compose/docFiles/themis.yaml @@ -0,0 +1,46 @@ +--- + servers: + key: + address: :6500 + + issuer: + address: :6501 + + metrics: + address: :6502 + + health: + address: :6503 + + health: + disableLogging: false + custom: + server: "themis" + + prometheus: + defaultNamespace: xmidt + defaultSubsystem: themis + + token: + alg: RS256 + nonce: true + notBeforeDelta: -15s + duration: 2h + claims: + iss: + value: "themis" + trust: + value: 1000 + partner-id: + value: "comcast" + capabilities: + value: + - xmidt:issuer:test:.*:all + key: + kid: local + type: rsa + bits: 2048 + + log: + file: "stdout" + level: "DEBUG" diff --git a/deploy/docker-compose/docker-compose.yml b/deploy/docker-compose/docker-compose.yml index 57fab35..af0f701 100644 --- a/deploy/docker-compose/docker-compose.yml +++ b/deploy/docker-compose/docker-compose.yml @@ -28,6 +28,43 @@ services: networks: - xmidt +# Mark Talaria Services + talaria-0: &talaria + image: xmidt/talaria:${TALARIA_VERSION} + ports: + - 6200:6200 + - 6201:6201 + - 6202:6202 + - 6203:6203 + - 6204:6204 + depends_on: + - consul0 + - themis + volumes: + - ./docFiles/talaria-0.yaml:/etc/talaria/talaria.yaml + networks: + - xmidt + talaria-1: + <<: *talaria + ports: + - 6210:6210 + - 6211:6211 + - 6212:6212 + - 6213:6213 + - 6214:6214 + volumes: + - ./docFiles/talaria-1.yaml:/etc/talaria/talaria.yaml + talaria-2: + <<: *talaria + ports: + - 6220:6220 + - 6221:6221 + - 6222:6222 + - 6223:6223 + - 6224:6224 + volumes: + - ./docFiles/talaria-2.yaml:/etc/talaria/talaria.yaml + scytale: image: xmidt/scytale:${SCYTALE_VERSION} ports: @@ -43,6 +80,34 @@ services: networks: - xmidt +# Mark petasos Services + petasos: &petasos + image: xmidt/petasos:${PETASOS_VERSION} + ports: + - 6400:6400 + - 6401:6401 + - 6402:6402 + - 6403:6403 + - 6404:6404 + depends_on: + - consul0 + volumes: + - ./docFiles/petasos.yaml:/etc/petasos/petasos.yaml + networks: + - xmidt + + themis: + image: xmidt/themis:${THEMIS_VERSION} + ports: + - 6500:6500 + - 6501:6501 + - 6502:6502 + - 6503:6503 + volumes: + - ./docFiles/themis.yaml:/themis.yaml + networks: + - xmidt + goaws: image: goaws:local container_name: goaws @@ -66,57 +131,6 @@ services: - ./docFiles/prometheus.yml:/prometheus-data/prometheus.yml command: --log.level=debug --config.file=/prometheus-data/prometheus.yml -# Mark petasos Services - petasos: &petasos - image: xmidt/petasos:${PETASOS_VERSION} - ports: - - 6400:6400 - - 6401:6401 - - 6402:6402 - - 6403:6403 - - 6404:6404 - depends_on: - - consul0 - volumes: - - ./docFiles/petasos.yaml:/etc/petasos/petasos.yaml - networks: - - xmidt - -# Mark Talaria Services - talaria-0: &talaria - image: xmidt/talaria:${TALARIA_VERSION} - ports: - - 6200:6200 - - 6201:6201 - - 6202:6202 - - 6203:6203 - - 6204:6204 - depends_on: - - consul0 - volumes: - - ./docFiles/talaria-0.yaml:/etc/talaria/talaria.yaml - networks: - - xmidt - talaria-1: - <<: *talaria - ports: - - 6210:6210 - - 6211:6211 - - 6212:6212 - - 6213:6213 - - 6214:6214 - volumes: - - ./docFiles/talaria-1.yaml:/etc/talaria/talaria.yaml - talaria-2: - <<: *talaria - ports: - - 6220:6220 - - 6221:6221 - - 6222:6222 - - 6223:6223 - - 6224:6224 - volumes: - - ./docFiles/talaria-2.yaml:/etc/talaria/talaria.yaml # Mark rdkb-simulator Services simulator: &simulator @@ -126,6 +140,7 @@ services: - talaria-1 - talaria-2 - petasos + - themis networks: - xmidt diff --git a/simulator/simulate b/simulator/simulate index 91f1149..b4e252e 100644 --- a/simulator/simulate +++ b/simulator/simulate @@ -27,23 +27,35 @@ if [[ -z "${SERIAL_NUMBER}" ]]; then SERIAL_NUMBER="mock-rdkb-simulator" fi +if [[ -z "${PARTNER_ID}" ]]; then + PARTNER_ID="comcast" +fi + if [[ -z "${CMAC}" ]]; then CMAC="112233445566" fi +#In this docker-compose cluster, themis has mtls disabled so +#feel free to ignore the --client-cert-path flag value +#it is required by parodus to fetch a token + parodus --hw-model=aker-testing \ + --ssl-cert-path=/etc/ssl/certs/ca-certificates.crt \ + --client-cert-path=/etc/ssl/certs/ca-certificates.crt \ --hw-serial-number=$SERIAL_NUMBER \ --hw-manufacturer=$HW_MANUFACTURER \ --hw-mac=$CMAC \ --hw-last-reboot-reason=$REBOOT_REASON \ --fw-name=$FIRMWARE \ --boot-time=$BOOT_TIME \ + --partner-id=$PARTNER_ID \ --parodus-local-url=tcp://127.0.0.1:$parodus_port \ --webpa-ping-timeout=60 \ + --token-server-url=http://themis:6501/issue \ --webpa-backoff-max=2 \ --webpa-interface-used=eth0 \ --webpa-url=$URL \ - --force-ipv4 & + --force-ipv4 & P1=$! aker -p tcp://127.0.0.1:$parodus_port \ @@ -51,12 +63,12 @@ aker -p tcp://127.0.0.1:$parodus_port \ -w echo \ -d /tmp/aker-data.msgpack \ -f /tmp/aker-data.msgpack.md5 \ - -m 128 & + -m 128 > /dev/null & P2=$! mock_tr181 -p $parodus_port \ -c $mocktr181_port \ - -d /etc/mock_tr181.json & + -d /etc/mock_tr181.json > /dev/null & P3=$! wait $P1 $P2 $P3