Merge pull request #87 from xmidt-org/docker

fix docker compose

deploy/docker-compose-new/README.md

@@ -1,9 +1,5 @@
 # Deploying XMiDT
 
-## Docker/awscli
-
-In order to deploy into Docker, make sure [Docker is installed](https://docs.docker.com/install/). Additionally for goaws, make sure that awscli is intalled.
-
 #### Deploy
 _**Note**_: While Tr1d1um is not part of XMiDT(it is WebPA), it is recommended to be
 brought up for current ease of use. Future releases will deprecate Tr1d1um.
@@ -12,7 +8,9 @@ brought up for current ease of use. Future releases will deprecate Tr1d1um.
 
 2. Run `deploy/docker-compose-new/deploy.sh`  
 
-    This will build `goaws` locally. It will then run `docker-compose up` which uses images of `talaria`, `scytale`, `petasos`, `caduceus`, `xmidt-agent` (device simulator) and `tr1d1um` from dockerhub. 
+    It will then run `docker-compose up` which uses images of `talaria`, `scytale`, `petasos`, `caduceus`, `xmidt-agent` (device simulator) and `tr1d1um` from dockerhub. 
+
+    It will also automatically build a dynamo db resource. 
 
     To pull specific versions of the images, just set the `<SERVICE>_VERSION` env variables when running the shell script.
 
@@ -40,10 +38,10 @@ deal with just one datacenter. Since all ports are exposed, the names might seem
 
 #### Connection
 ##### Inside Docker
-If the Parodus instance is inside of docker, life is easy! Just connect to the cluster with `petasos:6400`.
+If the Xmidt-Agent instance is inside of docker, life is easy! Just connect to the cluster with `petasos:6400`.
 
 ##### Outside Docker
-if the Parodus instance is outside of docker and the ports are exposed correctly, life
+if the Xmidt-Agent instance is outside of docker and the ports are exposed correctly, life
 will be hard since you will need to handle the redirect.
 You can initially connect to 'localhost:6400' but on the redirect change `talaria-1:6210` to `localhost:6210`
 

deploy/docker-compose-new/deploy.sh

@@ -3,12 +3,12 @@
 DIR=$( cd "$(dirname "$0")" || exit; pwd -P )
 ROOT_DIR=$DIR/../../
 
-pushd "$ROOT_DIR" || exit
-echo "Building Simulator..."
-if [[ "$(docker images -q xmidt/simulator:latest 2> /dev/null)" == "" ]]; then
-  docker build -t xmidt/simulator:latest $ROOT_DIR/simulator
-fi
-popd
+# pushd "$ROOT_DIR" || exit
+# # echo "Building Simulator..."
+# # if [[ "$(docker images -q xmidt/simulator:latest 2> /dev/null)" == "" ]]; then
+# #   docker build -t xmidt/simulator:latest $ROOT_DIR/simulator
+# # fi
+# popd
 
 echo "Running services..."
 CONSUL_VERSION=${CONSUL_VERSION:-1.12.6} \
@@ -23,31 +23,4 @@ SIMULATOR_VERSION=${SIMULATOR_VERSION:-latest-amd64} \
 docker compose -f $ROOT_DIR/deploy/docker-compose-new/docker-compose.yml up -d $@
 if [[ $? -ne 0 ]]; then
   exit 1
-fi
-
-sleep 10
-AWS_ACCESS_KEY_ID=accessKey AWS_SECRET_ACCESS_KEY=secretKey aws dynamodb  --endpoint-url http://localhost:8000 describe-table --table-name gifnoc --region us-east-2 --output text > /dev/null 2> /dev/null
-if [[ $? -ne 0 ]]; then
-  AWS_ACCESS_KEY_ID=accessKey AWS_SECRET_ACCESS_KEY=secretKey aws dynamodb  --endpoint-url http://localhost:8000 create-table \
-      --table-name gifnoc \
-      --attribute-definitions \
-          AttributeName=bucket,AttributeType=S \
-          AttributeName=expires,AttributeType=N \
-          AttributeName=id,AttributeType=S \
-      --key-schema \
-          AttributeName=bucket,KeyType=HASH \
-          AttributeName=id,KeyType=RANGE \
-    --global-secondary-indexes \
-        "[{\"IndexName\": \"Expires-index\",\"KeySchema\":[{\"AttributeName\":\"bucket\",\"KeyType\":\"HASH\"}, {\"AttributeName\":\"expires\",\"KeyType\":\"RANGE\"}], \
-        \"ProvisionedThroughput\": {\"ReadCapacityUnits\": 10, \"WriteCapacityUnits\": 5      },\"Projection\":{\"ProjectionType\":\"ALL\"}}]" \
-      --provisioned-throughput \
-          ReadCapacityUnits=10,WriteCapacityUnits=5 \
-      --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES \
-      --region us-east-2 \
-      --output text
-
-  AWS_ACCESS_KEY_ID=accessKey AWS_SECRET_ACCESS_KEY=secretKey aws dynamodb \
-    --endpoint-url http://localhost:8000 --region us-east-2 update-time-to-live \
-    --table-name gifnoc --time-to-live-specification "Enabled=true, AttributeName=expires" \
-    --output text
-fi
+fi

deploy/docker-compose-new/docFiles/themis.yaml

@@ -0,0 +1,122 @@
+# SPDX-FileCopyrightText: 2022 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+---
+# The unique fully-qualified-domain-name of the server.  It is provided to
+# the X-Scytale-Server header for showing what server fulfilled the request
+# sent.
+# (Optional)
+server: themis
+
+########################################
+#   Labeling/Tracing via HTTP Headers Configuration
+########################################
+
+# Provides this build number to the X-Scytale-Build header for
+# showing machine version information.  The build number SHOULD
+# match the scheme `version-build` but there is not a strict requirement.
+# (Optional)
+build: unknown
+
+# stage is used for doing complex spruce manipulation
+# change this will only effect spruce and the vars referencing it
+stage: "development"
+
+servers:
+  key:
+    address: :6500
+    disableHTTPKeepAlives: true
+    header:
+      X-Midt-Server:
+        - themis
+      X-Midt-Version:
+        - unknown
+  issuer:
+    address: :6501
+    disableHTTPKeepAlives: true
+    header:
+      X-Midt-Server:
+        - themis
+      X-Midt-Version:
+        - unknown
+  claims:
+    address: :6502
+    disableHTTPKeepAlives: true
+    header:
+      X-Midt-Server:
+        - themis
+      X-Midt-Version:
+        - unknown
+  metrics:
+    address: :6503
+    disableHTTPKeepAlives: true
+
+  health:
+    address: :6504
+    disableHTTPKeepAlives: true
+    header:
+      X-Midt-Server:
+        - themis
+      X-Midt-Version:
+        - unknown
+health:
+  disableLogging: false
+  custom:
+    server: themis
+
+prometheus:
+  defaultNamespace: xmidt
+  defaultSubsystem: themis
+
+token:
+  alg: RS256
+  nonce: true
+  notBeforeDelta: -15s
+  duration: 24h
+  claims:
+    - key: mac
+      header: X-Midt-Mac-Address
+      parameter: mac
+    - key: serial
+      header: X-Midt-Serial-Number
+      parameter: serial
+    - key: uuid
+      header: X-Midt-Uuid
+      parameter: uuid
+    - key: iss
+      value: "themis"
+    - key: trust
+      value: 1000
+    - key: sub
+      value: "client-supplied"
+    - key: aud
+      value: "XMiDT"
+    - key: capabilities
+      value:
+        - x1:issuer:test:.*:all
+  metadata:
+    - key: mac
+      header: X-Midt-Mac-Address
+      parameter: mac
+    - key: serial
+      header: X-Midt-Serial-Number
+      parameter: serial
+    - key: uuid
+      header: X-Midt-Uuid
+      parameter: uuid
+  partnerID:
+    claim: partner-id
+    header: X-Midt-Partner-ID
+    parameter: pid
+    default: comcast
+
+  key:
+    kid: docker
+    type: rsa
+    bits: 2048
+
+log:
+  outputPaths:
+    - "stdout"
+  errorOutputPaths:
+    - "stdout"
+  level: debug

deploy/docker-compose-new/docFiles/xmidt-agent.yaml

@@ -31,3 +31,6 @@ mock_tr_181:
   file_path: /mock_tr181.json
 lib_parodus:
   parodus_service_url: "tcp://127.0.0.1:6666"
+logger:
+  level: debug
+  development: true

deploy/docker-compose-new/docker-compose.yml

@@ -7,7 +7,7 @@ services:
     depends_on: 
       - dynamodb
     environment: 
-      - "AWS_ENDPOINT=http://dynamodb:8000"
+      - "AWS_ENDPOINT=http://dynamodb:4566"
       - "TRACING_PROVIDER_NAME=zipkin"
       - "TRACING_PROVIDER_ENDPOINT=http://zipkin:9411/api/v2/spans"
       - "ACCESS_LEVEL_CAPABILITY=x1:issuer:test:.*:all"
@@ -62,10 +62,22 @@ services:
     container_name: dynamo-xmidt
     hostname: dynamodb
     image: amazon/dynamodb-local
+    environment:
+      AWS_ACCESS_KEY_ID: accessKey
+      AWS_SECRET_ACCESS_KEY: secretKey
+      AWS_REGION: local
+    command: -jar DynamoDBLocal.jar -inMemory -sharedDb -port 4566
     networks: 
       - xmidt
     ports: 
-      - "9000:9000"
+      - "4566:4566"
+    healthcheck:
+     test:
+       ["CMD-SHELL",'if [ "$(curl -s -o /dev/null -I -w ''%{http_code}'' http://localhost:4566)" == "400" ]; then exit 0; else exit 1; fi',]
+     interval: 5s
+     timeout: 30s
+     retries: 3
+     start_period: 5s
   petasos: 
     container_name: petasos
     depends_on: 
@@ -172,6 +184,8 @@ services:
       - xmidt
     ports: 
       - "6500-6504:6500-6504"
+    volumes: 
+      - "./docFiles/themis.yaml:/etc/themis/themis.yaml"
   tr1d1um: 
     container_name: tr1d1um
     depends_on: 
@@ -187,10 +201,31 @@ services:
       - xmidt
     ports: 
       - "6100-6103:6100-6103"
+  awscli-dynamo:
+    image: amazon/aws-cli
+    networks:
+      - xmidt
+    depends_on:
+      dynamodb:
+        condition: service_healthy
+    ports: 
+      - "4577:4577"
+    environment:
+      AWS_ACCESS_KEY_ID: accessKey
+      AWS_SECRET_ACCESS_KEY: secretKey
+      AWS_REGION: local
+    command: "dynamodb  --endpoint-url http://dynamodb:4566 create-table \
+       --table-name gifnoc \
+       --attribute-definitions \
+          AttributeName=bucket,AttributeType=S \
+          AttributeName=expires,AttributeType=N \
+          AttributeName=id,AttributeType=S \
+       --key-schema \
+          AttributeName=bucket,KeyType=HASH \
+          AttributeName=id,KeyType=RANGE"   
   zipkin: 
     image: openzipkin/zipkin
     networks: 
       - xmidt
     ports: 
       - "9411:9411"
-version: "3.8"