Store records in their own repository contexts

db-server/Dockerfile

@@ -0,0 +1,18 @@
+FROM ontotext/graphdb:10.2.0
+
+# Override parent entrypoint
+ENTRYPOINT []
+
+ENV GRAPHDB_HOME=/opt/graphdb/home
+ENV GRAPHDB_INSTALL_DIR=/opt/graphdb/dist
+
+WORKDIR ${GRAPHDB_HOME}
+
+# Copy repository config
+COPY repo-config /repo-config
+COPY repo-init.sh ${GRAPHDB_INSTALL_DIR}/repo-init.sh
+
+EXPOSE 7200
+
+CMD ${GRAPHDB_INSTALL_DIR}/repo-init.sh /repo-config ${GRAPHDB_HOME} & ${GRAPHDB_INSTALL_DIR}/bin/graphdb -Dgraphdb.home=${GRAPHDB_HOME}
+

db-server/repo-config/config-record-manager-formgen.ttl

@@ -0,0 +1,33 @@
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix rep: <http://www.openrdf.org/config/repository#> .
+@prefix sail: <http://www.openrdf.org/config/sail#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix graphdb: <http://www.ontotext.com/config/graphdb#>.
+
+<#termit> a rep:Repository;
+  rep:repositoryID "record-manager-formgen";
+  rep:repositoryImpl [
+      rep:repositoryType "graphdb:SailRepository";
+      <http://www.openrdf.org/config/repository/sail#sailImpl> [
+          graphdb:base-URL "http://example.org/owlim#";
+          graphdb:check-for-inconsistencies "false";
+          graphdb:defaultNS "";
+          graphdb:disable-sameAs "true";
+          graphdb:enable-context-index "true";
+          graphdb:enable-literal-index "true";
+          graphdb:enablePredicateList "true";
+          graphdb:entity-id-size "32";
+          graphdb:entity-index-size "10000000";
+          graphdb:imports "";
+          graphdb:in-memory-literal-properties "true";
+          graphdb:owlim-license "";
+          graphdb:query-limit-results "0";
+          graphdb:query-timeout "0";
+          graphdb:read-only "false";
+          graphdb:repository-type "file-repository";
+          graphdb:storage-folder "storage";
+          graphdb:throw-QueryEvaluationException-on-timeout "false";
+          sail:sailType "graphdb:Sail"
+        ]
+    ];
+  rdfs:label "Record Manager Form generator Repository" .

db-server/repo-config/config-record-manager.ttl

@@ -0,0 +1,33 @@
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix rep: <http://www.openrdf.org/config/repository#> .
+@prefix sail: <http://www.openrdf.org/config/sail#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix graphdb: <http://www.ontotext.com/config/graphdb#>.
+
+<#termit> a rep:Repository;
+  rep:repositoryID "record-manager";
+  rep:repositoryImpl [
+      rep:repositoryType "graphdb:SailRepository";
+      <http://www.openrdf.org/config/repository/sail#sailImpl> [
+          graphdb:base-URL "http://example.org/owlim#";
+          graphdb:check-for-inconsistencies "false";
+          graphdb:defaultNS "";
+          graphdb:disable-sameAs "true";
+          graphdb:enable-context-index "true";
+          graphdb:enable-literal-index "true";
+          graphdb:enablePredicateList "true";
+          graphdb:entity-id-size "32";
+          graphdb:entity-index-size "10000000";
+          graphdb:imports "";
+          graphdb:in-memory-literal-properties "true";
+          graphdb:owlim-license "";
+          graphdb:query-limit-results "0";
+          graphdb:query-timeout "0";
+          graphdb:read-only "false";
+          graphdb:repository-type "file-repository";
+          graphdb:storage-folder "storage";
+          graphdb:throw-QueryEvaluationException-on-timeout "false";
+          sail:sailType "graphdb:Sail"
+        ]
+    ];
+  rdfs:label "Record Manager Repository" .

db-server/repo-init.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+#
+# Initializes Record Manager GraphDB repositories if they do not already exist
+#
+
+SOURCE_DIR=$1
+GRAPHDB_HOME=$2
+REPOSITORIES=("record-manager" "record-manager-formgen")
+SHOULD_WAIT=true
+
+echo "Running repository initializer..."
+
+for REPO_NAME in ${REPOSITORIES[@]}
+do
+  echo "Checking existence of repository '${REPO_NAME}'"
+  if [ ! -d ${GRAPHDB_HOME}/data/repositories/${REPO_NAME} ] || [ -z "$(ls -A ${GRAPHDB_HOME})/data/repositories/${REPO_NAME}" ];
+  then
+    if [ "${SHOULD_WAIT}" = "true" ];
+    then
+      # Wait for GraphDB to start up
+      echo "Waiting for GraphDB to start up..."
+      sleep 15s
+      SHOULD_WAIT=false
+    fi
+
+        # Create repository based on configuration
+    echo "Creating repository '${REPO_NAME}'..."
+    curl -X POST --header "Content-Type: multipart/form-data" -F "config=@${SOURCE_DIR}/config-${REPO_NAME}.ttl" "http://localhost:7200/rest/repositories"
+    echo "Repository '${REPO_NAME}' successfully initialized."
+  else
+    echo "Repository '${REPO_NAME}' already exists. Skipping initialization..."
+  fi
+done

doc/development.md

@@ -1,4 +1,4 @@
-Development Notes
+# Development Notes
 
 Frontend of the application is developed separately.
 

doc/setup.md

@@ -65,4 +65,28 @@ default role mapping in Keycloak. Record Manager will assign `ROLE_USER` to auth
 must be available in the token.
 
 Note also that it is expected that user metadata corresponding to the user extracted from the access token exist in the
-repository. They are paired via the `prefferred_username` claim value (see `SecurityUtils`).
+repository. They are paired via the `preferred_username` claim value (see `SecurityUtils`).
+
+## Docker Compose Deployment
+
+This repo contains an example Docker Compose configuration that can be used to quickly spin up Record Manager with its frontend,
+a GraphDB repository, S-pipes form generator and Keycloak as the authentication service. The configuration uses the Record Manager
+code from this repository. Published frontend image is used.
+
+The deployment is pretty much self-contained, it sets up the corresponding repositories, imports a realm where clients
+are configured for both the Record Manager backend and frontend. All the services (except PostgreSQL used by Keycloak) 
+in the deployment export their ports to the host system, so ensure the following ports are available on your system: 
+3000, 8080, 8081, 8088.
+
+To run the deployment for the first time, follow these steps:
+
+1. Create the `.env` file and set the following variables in it: `KC_ADMIN_USER`, `KC_ADMIN_PASSWORD`.
+2. Run `docker compose up -d db-server` first. It uses a script that creates GraphDB repositories needed by the system.
+3. Wait approximately 20s (check the log and wait for GraphDB to be fully up).
+4. Start the rest of the system by running `docker compose up -d --build` (`--build` is used because Record Manager backend needs to be build)
+5. Go to [http://localhost:8088](http://localhost:8088), login to the Keycloak admin console using `KC_ADMIN_USER` and `KC_ADMIN_PASSWORD`.
+6. Select realm `record-manager`.
+7. Add user accounts as necessary. Do not forget to assign them one of `ROLE_ADMIN` or `ROLE_USER` roles.
+8. Go to [http://localhost:3000](http://localhost:3000) and log in using one of the created user accounts.
+
+When running the deployment next time, just execute `docker compose up -d --build` and go to [http://localhost:3000](http://localhost:3000).

docker-compose.yml

@@ -1,53 +1,102 @@
 version: '3.9'
 
 services:
-  dm-record-manager:
-    image: 'ofn-record-manager:latest'
-    container_name: dm-record-manager
+  record-manager-ui:
+    image: 'ghcr.io/kbss-cvut/kbss-cvut/record-manager-ui:latest'
     ports:
-      - '4000:80'
+      - "127.0.0.1:3000:80"
     depends_on:
-      - dm-record-manager-server
+      - record-manager
     environment:
-      API_URL: "http://localhost:3000/ofn-record-manager"
+      APP_TITLE: "Record Manager"
+      BASENAME: "./"
+      LANGUAGE: "cs"
+      NAVIGATOR_LANGUAGE: "true"
+      API_URL: "http://localhost:8080/record-manager"
+      APP_INFO: "<a href=\"https://github.com/kbss-cvut\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"KBSS CVUT v Praze\">© KBSS CVUT v Praze, 2023</a>"
+      AUTHENTICATION: "oidc"
+      AUTH_SERVER_URL: "http://localhost:8088/realms/record-manager"
+      AUTH_CLIENT_ID: "record-manager-ui"
+      FORCE_BASENAME: "true"
 
-  dm-record-manager-server:
+  record-manager:
     build: .
-    image: record-manager-server
-    container_name: dm-record-manager-server
+    image: record-manager
+    container_name: record-manager
     ports:
-      - '3000:8080'
+      - "127.0.0.1:8080:8080"
     depends_on:
-      - dm-s-pipes-engine
-      - dm-rdf4j
+      - s-pipes-engine
+      - db-server
+      - auth-server
     environment:
-      repositoryUrl: "http://dm-rdf4j:8080/rdf4j-server/repositories/ofn-form-manager-app"
-      formGenRepositoryUrl: "http://dm-rdf4j:8080/rdf4j-server/repositories/ofn-form-manager-formgen"
-      formGenServiceUrl: "http://dm-s-pipes-engine:8080/s-pipes/service?_pId=clone&sgovRepositoryUrl=https%3A%2F%2Fgraphdb.onto.fel.cvut.cz%2Frepositories%2Fkodi-slovnik-gov-cz"
+      REPOSITORYURL: "http://db-server:7200/repositories/record-manager"
+      FORMGENREPOSITORYURL: "http://db-server:7200/repositories/record-manager-formgen"
+      FORMGENSERVICEURL: "http://s-pipes-engine:8080/s-pipes/service?_pId=clone&sgovRepositoryUrl=https%3A%2F%2Fgraphdb.onto.fel.cvut.cz%2Frepositories%2Fkodi-slovnik-gov-cz"
+      SECURITY_PROVIDER: "oidc"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI: "http://localhost:8088/realms/record-manager"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWKSETURI: "http://auth-server:8080/realms/record-manager/protocol/openid-connect/certs"
 
-  dm-s-pipes-engine:
-    image: 's-pipes-engine:latest'
-    container_name: dm-s-pipes-engine
+  s-pipes-engine:
+    image: "ghcr.io/kbss-cvut/s-pipes/s-pipes-engine:latest"
     ports:
-      - "8081:8080"
+      - "127.0.0.1:8081:8080"
     depends_on:
-      - dm-rdf4j
+      - db-server
+  db-server:
+    build:
+      context: db-server
     environment:
-      - CONTEXTS_SCRIPTPATHS=/scripts
-    volumes:
-      - ./scripts:/scripts
-
-  dm-rdf4j:
-    image: 'eclipse/rdf4j-workbench:4.3.7'
-    container_name: dm-rdf4j
+      GDB_JAVA_OPTS: "-Ddefault.min.distinct.threshold=67108864"
     ports:
-      - "8080:8080"
+      - "127.0.0.1:7200:7200"
+    volumes:
+      - data:/opt/graphdb/home
+  auth-server-db:
+    image: postgres:13
     environment:
-      - JAVA_OPTS=-Xms1g -Xmx4g
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: keycloak
     volumes:
-      - data:/var/rdf4j
-      - logs:/usr/local/tomcat/logs
+      - auth-server-db:/var/lib/postgresql/data
+  auth-server:
+    image: "ghcr.io/kbss-cvut/keycloak-graphdb-user-replicator/keycloak-graphdb:latest"
+    command:
+      - start --import-realm
+    environment:
+      KC_IMPORT: realm-export.json
+      KC_HOSTNAME_URL: "http://localhost:8088"
+      KC_HOSTNAME_ADMIN_URL: "http://localhost:8088"
+      KC_HOSTNAME_STRICT_BACKCHANNEL: false
+      KC_HTTP_ENABLED: true
+      KEYCLOAK_ADMIN: ${KC_ADMIN_USER}
+      KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD}
+      DB_VENDOR: POSTGRES
+      DB_ADDR: auth-server-db
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: keycloak
+      DB_SCHEMA: "public"
+      DB_SERVER_URL: "http://db-server:7200"
+      DB_SERVER_REPOSITORY_ID: "record-manager"
+      REPOSITORY_LANGUAGE: "en"
+      VOCABULARY_USER_TYPE: "http://onto.fel.cvut.cz/ontologies/record-manager/user"
+      VOCABULARY_USER_FIRST_NAME: "http://xmlns.com/foaf/0.1/firstName"
+      VOCABULARY_USER_LAST_NAME: "http://xmlns.com/foaf/0.1/lastName"
+      VOCABULARY_USER_USERNAME: "http://xmlns.com/foaf/0.1/accountName"
+      VOCABULARY_USER_EMAIL: "http://xmlns.com/foaf/0.1/mbox"
+      ADD_ACCOUNTS: false
+      REALM_ID: "record-manager"
+    ports:
+      - "127.0.0.1:8088:8080"
+    volumes:
+      - auth-server:/opt/keycloak/data
+      - ./keycloak:/opt/keycloak/data/import
+    depends_on:
+      - auth-server-db
 
 volumes:
   data:
-  logs:
+  auth-server:
+  auth-server-db: