diff --git a/.env.example b/.env.example index c15f2bb..d239d8d 100644 --- a/.env.example +++ b/.env.example @@ -3,7 +3,7 @@ PROJECT_NAME=demo # urls # url of openimis, FQDN -NEW_OPENIMIS_HOST=demo.openimis.org +DOMAIN=demo.openimis.org # http port for openimis HTTP_PORT=80 # https port for openimis @@ -32,15 +32,11 @@ SITE_ROOT=api # github branches to use # Database, you can use develop branch too -DB_TAG=23.04 +DB_TAG=24.04 # BE assembly image tag -BE_TAG=23.04 +BE_TAG=24.04 #FE assembly, image tag -FE_TAG=23.04 -# REST API, image tag -RESTAPI_TAG=23.04 -# rest API flavours -RESTAPI_BUILD_FLAVOR=Release +FE_TAG=24.04 #one-liner json config for the FE (to override the openimis.json from the FE assembly) #OPENIMIS_FE_CONF_JSON= diff --git a/.env.lightning b/.env.lightning new file mode 100644 index 0000000..c5e5ab9 --- /dev/null +++ b/.env.lightning @@ -0,0 +1,187 @@ +# Default values are optimized for production to avoid having to configure +# much in production. +# +# However it should be easy to get going in development too. If you see an +# uncommented option that means it's either mandatory to set or it's being +# overwritten in development to make your life easier. + +# Set this up to handle Github App configuration +# GITHUB_APP_ID=12345 +# GITHUB_CERT=Base64-encoded-private-key + +# Choose an admin email address and configure a mailer. If you don't specify +# mailer details the local test adaptor will be used and mail previews can be +# viewed at localhost:4000/dev/mailbox +EMAIL_ADMIN='admin@openfn.org' +# MAILGUN_API_KEY='some-key' +# MAILGUN_DOMAIN='some-domain' + +# You should generate a random string of 64+ characters for this value in prod. +# You can generate a secure secret by running: ./run secret +SECRET_KEY_BASE=please_generate_a_more_secure_unique_secret_value_for_your_project + +# Which environment is running? MIX_ENV should be "dev" or "prod" and NODE_ENV +# should be "production" or "development". When MIX_ENV is set to prod you'll +# automatically be set to build and run releases instead of using mix. +#MIX_ENV=prod +#NODE_ENV=production +MIX_ENV=dev +NODE_ENV=development + +# Override the default log level +# Must be a valid level, see: https://hexdocs.pm/logger/1.12.3/Logger.html#module-levels +#LOG_LEVEL=debug + +# The URL that will be generated through out your app. When you combine all 3 +# values it should be the URL that visitors access in their browser / client. +#URL_SCHEME=https +#URL_HOST= +#URL_PORT=443 +URL_SCHEME=http +URL_HOST=localhost +URL_PORT=4000 + +# If you're using a CDN you can customize which URL gets used for your static +# files. If left commented out it will fall back to using your URL_HOST. +#URL_STATIC_HOST= + +# The address and bind port for the web server. +# (See: endpoint config in runtime.exs and Cowboy.) +LISTEN_ADDRESS=0.0.0.0 +PORT=4000 + +# The origins from which you want to allow requests (comma separated) +ORIGINS=//localhost:* + +# You can configure error reporting via Sentry by providing a DSN. +# SENTRY_DSN=https://some-url.ingest.sentry.io/some-id + +# ============================================================================== +# <><><> JOB EXECUTION SETTINGS <><><> + +# You can configure the max run duration for jobs in milliseconds. This should +# be lower than the pod termination grace period if using Kubernetes. +MAX_RUN_DURATION=20000 +MAX_DATACLIP_SIZE=10000000 + +# ------------------------------------------------------------------------------ + +# ============================================================================== +# <><><> DATABASE SETTINGS <><><> + +# Disable SSL connections for Postgres +# In production mode, SSL connections are enforced by default - uncomment to +# disable this behaviour. +#DISABLE_DB_SSL=true + +# You you're using Docker for postgres, set POSTGRES_USER and POSTGRES_PASSWORD +# since the postgres Docker image uses them for its default database user and +# password. The database URL will be composed from these variables: +POSTGRES_USER=${DB_USER} +POSTGRES_PASSWORD=${DB_PASSWORD} +POSTGRES_HOST=db +#POSTGRES_PORT=5432 +POSTGRES_DB="lightning_${MIX_ENV}" +DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${POSTGRES_DB}" + +# If you're not using docker, but running postgres locally and migrating/running +# using `env $(cat .env | grep -v "#" | xargs )` set the database url directly: +# DATABASE_URL=postgres://hello:password@localhost/lightning_dev + +# ============================================================================== + +# Generate secure keys, see ./DEPLOYMENT.md +PRIMARY_ENCRYPTION_KEY=0bJ9w+hn4ebQrsCaWXuA9JY49fP9kbHmywGd5K7k+/s= +ATTEMPTS_PRIVATE_KEY="LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBeWJER3JEbFBWd05yWTA4czF3VkU5SktDSWhhditwT1ZXVSsyR2pSekFneEI5dW5CCjFrejdJQTh3SUIyZ1NseDhYWHlPZDA5QmhlMHBiRERxV2Q5YWV5OGZNb2tTMUVkcGFBT1k0YnRPYlIwbDFlM2wKazBQelBIc2lITWlFVWpTQm5yS2ZJZVJjd1VKK3NPaTQxVjYrTVV4V1FhSFBPTXRrWjRMNFdUOTVvV0paNG8wdQpQd0pXS0V0cmh3cHdoSldHeFl1Ym51TVhJdW1PTW5USFZ4cmlpdGRjODdyMDhuUTF3eDJjT3JkUkVBK25mWjVWCml6VHprUVFBTG1PNUI4V3IrS1ZYRW5HRUVHVTR2alRMYkQ5blAyclVXMXYvSFBTamgyZjlOaDlxd1RDQm04bGoKb1JBQ3BUTUhlS2VxYmpQOVgxM2V1bFp0a2hhK05kRndkeDdPZ1FJREFRQUJBb0lCQURrU2hkV2NUZ0F3WG9YMgpsSml2ekFodElOZm1sWnVSZ1pTSlF0MTlkQUhqV0JNM3FIc3N3MjhaL1NOSlh0OUw5b0U1eXRLbUljTjFEZUNvCm90Z1ZwUFB3cktKUE9YM0tTMkI4akJsc09GQVdER3ZSNnNIV1c1RUV3dTFrTEZWYXVFY2hBbmpEdHgrVTRtYkwKSStwMDZkcm5ZQTBvYll3RHVnQzBoZlF6U3diSVhaM3d6V25BVlRaZE4yTGFqRTA2UHRNSkxsSzZZZ3FyWmpObQpzeXpKSVgwRmg4WlFlOHZVMmF1U205UnIvTFhwMEN6TFpDYmxUT2RRcXlRdFQ3cHR5c2ZBUWZvZkkrMFNWcVZ2CkhqQUhaTU5ZZk9mSFJiMVBjVzFKdjZlSUJERFZiYXNCZVl5bWlQRStXVEpkOU1hbFNFSlI5NDFmaWFBQ1UwVEcKRlhLclQ4RUNnWUVBL0JaNEJvbkdONkVsQUd5akhldU42eXhka3JCUHJhUWh4am5ScEZxMGQzTjFISUdBS2pEVQpvQStEU0JzMG1NY2xRWm8yT1dHVTdZbzhwNkEzZVMyNTc2aVF6a1pndnNhS3hXcnFWTTBCRHdlOU5mdEYyVXQwCjhoczNZS1V2ek1yNEhiL1FTVFZkWldWZkR0YUdBY3kxTkFnVlRJcE9PK1FDTlk5V3p1cVVlT2tDZ1lFQXpOSVUKNm1HOGcxOUtqN1lJb3hmd1E1c3E1WGhWSk8zQ3MvVXpqSU5HKzNSRnZDWDRxd2VoTVdUY0NBVVFicnl5MGlJSApYdGpXR1B3clM5Z0JiZzdsS2VJdkdQYXRlZGhrZUNqMDJzVVp3SnZoUGowaHRXTnZWckRnb1doWG03M0xNUU1lCnRrOTdDejZta0J5RWw0VGcwMTVLL1JHK2hVLzl0aVhWRDBoUEtka0NnWUFqV0c4cDA0V0VaVWJQNFd1WmxWNkgKdStlKzJwUEJjQU1BVFRrVXgxY0liSnJlRFZaUUZCcXIrcURZcWwvY2tBZXNSQmdZUVpObEh2M1VMd1c0S3U0bwpLVVZzZHJlMzZCU3JDNHVocWtEY3Y2UUsvcGxUbDEzbFdHV1NXbmJ5U3Y4eEJLVUtycjNTcXIwQ1VwZmxock5kCmdVaWpPNzB1YnBEVXU2MWJRODdmaVFLQmdFQkhBYWRZaXNlVHBSdWFuZlZJOHU3VWlFN0JSNzh5R25OTlZTTVkKbzdNUUZ6NW5rRFZrVEpMcXV4Nk5NRTRBVEFJa0Nib2JSSDFNemUyY1dUNkgwQ1VueFc0SkpBSGtCZ3VybHNQOQpMUXJFSUpqZXFIQjdSeHFtb2FnbHpiQ2pqRnZTUmRZaTlWTmZFdmlRNm85K2RPd0FZSG94RW1CVjdTSTNsemlYCmtiaHBBb0dBYjBrVUVpanl0akZlUWJBRGYvRk92VlRVdmUxZW9PK3JuWmJ2V3NhVWhVSGRuMTdDUXc0Y1ZjK0UKbHQzWXhHVmMvNldIV3E3azB4YXBlVWJucEF4NjNIMTlNZTRjTmJFaXZSb2d4bzdHWERnRDIxbENGUHlCUmZKagpLN2g1VE1lQnRnZjhibGdrVzcxenkyWFdNWnBJRXVRT3ZCZjJqRVJuU0hYTDFrL2NObDQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg" +WORKER_SECRET="dECXNlqctXJ/a+1FI4AaeLZY4Rp+Pxo23WwmJxC2xew=" + +# Start your app with RTM=false to manage your runtime manually. You might be +# doing this so that you can run `ws-worker` by hand on a local branch, rather +# than using the NPM installed version. +# RTM=false + + +# Should Docker restart your containers if they go down in unexpected ways? +#DOCKER_RESTART_POLICY=unless-stopped +DOCKER_RESTART_POLICY=no + +# What health check test command do you want to run? In development, having it +# curl your web server will result in a lot of log spam, so setting it to +# /bin/true is an easy way to make the health check do basically nothing. +#DOCKER_WEB_HEALTHCHECK_TEST=curl localhost:4000/health_check +DOCKER_WEB_HEALTHCHECK_TEST=/bin/true + +# What ip:port should be published back to the Docker host for the app server? +# If you're using Docker Toolbox or a custom VM you can't use 127.0.0.1. This +# is being overwritten in dev to be compatible with more dev environments. +# +# If you have a port conflict because something else is using 4000 then you +# can either stop that process or change 4000 to be something else. +# +# Use the default in production to avoid having it directly accessible to +# the internet without assistance from a cloud based firewall. +#LIGHTNING_EXTERNAL_PORT=127.0.0.1:4000 +LIGHTNING_EXTERNAL_PORT=4001 + +# What volume path should be used? In dev we want to volume mount everything +# so we can develop our code without rebuilding our Docker images. +# Note that by mounting the whole project into the container, you will need to +# follow the Contributing steps in the README. +#LIGHTNING_VOLUME=.:/app + +# What CPU and memory constraints will be added to your services? When left at +# 0, they will happily use as much as needed. +#DOCKER_POSTGRES_CPUS=0 +#DOCKER_POSTGRES_MEMORY=0 +#DOCKER_WEB_CPUS=0 +#DOCKER_WEB_MEMORY=0 + +# Give this variable the value of true if you want the system to create a sample project for a new registered user +INIT_PROJECT_FOR_NEW_USER=false + +# If not provided, PURGE_DELETED_AFTER_DAYS defaults to 7. Set to 0 to never purge deleted records. +PURGE_DELETED_AFTER_DAYS=7 + +# To use https://plausible.io/ analytics, provide the SRC for your script and +# your data-domain below. +# PLAUSIBLE_SRC=https://plausible.io/js/script.js +# PLAUSIBLE_DATA_DOMAIN=openfn.org + +# If you wish to enable PromEx-driven Prometheus/Grafana monitoring use the following: +# PROMEX_ENABLED=true +# PROMEX_GRAFANA_HOST=http://localhost:3000 +# PROMEX_GRAFANA_USER=admin +# PROMEX_GRAFANA_PASSWORD=admin +# PROMEX_UPLOAD_GRAFANA_DASHBOARDS_ON_START=true +# PROMEX_DATASOURCE_ID=promex +# PROMEX_METRICS_ENDPOINT_AUTHORIZATION_REQUIRED=yes +# PROMEX_METRICS_ENDPOINT_TOKEN=foobar +# PROMEX_ENDPOINT_SCHEME=http + +# The length of time an Attempt must remain in the `available` state before it is +# considered `stalled`. +# METRICS_STALLED_ATTEMPT_THRESHOLD_SECONDS=300 + +# The maximum age of an Attempt that will be considered when measuring +# Attempt performance. +# METRICS_ATTEMPT_PERFORMANCE_AGE_SECONDS=120 + + + +# Example .env copied from Lightning repository, full description of variables can be found in +# https://github.com/OpenFn/Lightning + +# Thise secrets should be regenerated +PRIMARY_ENCRYPTION_KEY=0bJ9w+hn4ebQrsCaWXuA9JY49fP9kbHmywGd5K7k+/s= +SECRET_KEY_BASE=please_generate_a_more_secure_unique_secret_value_for_your_project + + +IMIS_USER_FIRST_NAME=IMISUser +IMIS_USER_LAST_NAME=IMISUser +IMIS_USER_PASSWORD=IMISUserPassword +IMIS_USER_EMAIL=IMISUser@openimis.com +IMIS_DB_HOST=db +IMIS_DB_PORT=5439 +IMIS_DB_DATABASE=IMIS +IMIS_DB_USER=IMISUser +IMIS_DB_PASSWORD=IMISUserPassword diff --git a/.env.lightning.example b/.env.lightning.example index 91eaf14..c5e5ab9 100644 --- a/.env.lightning.example +++ b/.env.lightning.example @@ -1,49 +1,180 @@ -# Example .env copied from Lightning repository, full description of variables can be found in -# https://github.com/OpenFn/Lightning +# Default values are optimized for production to avoid having to configure +# much in production. +# +# However it should be easy to get going in development too. If you see an +# uncommented option that means it's either mandatory to set or it's being +# overwritten in development to make your life easier. + +# Set this up to handle Github App configuration +# GITHUB_APP_ID=12345 +# GITHUB_CERT=Base64-encoded-private-key + +# Choose an admin email address and configure a mailer. If you don't specify +# mailer details the local test adaptor will be used and mail previews can be +# viewed at localhost:4000/dev/mailbox +EMAIL_ADMIN='admin@openfn.org' +# MAILGUN_API_KEY='some-key' +# MAILGUN_DOMAIN='some-domain' -# Thise secrets should be regenerated -PRIMARY_ENCRYPTION_KEY=0bJ9w+hn4ebQrsCaWXuA9JY49fP9kbHmywGd5K7k+/s= +# You should generate a random string of 64+ characters for this value in prod. +# You can generate a secure secret by running: ./run secret SECRET_KEY_BASE=please_generate_a_more_secure_unique_secret_value_for_your_project -EMAIL_ADMIN='admin@openfn.org' - +# Which environment is running? MIX_ENV should be "dev" or "prod" and NODE_ENV +# should be "production" or "development". When MIX_ENV is set to prod you'll +# automatically be set to build and run releases instead of using mix. +#MIX_ENV=prod +#NODE_ENV=production MIX_ENV=dev NODE_ENV=development +# Override the default log level +# Must be a valid level, see: https://hexdocs.pm/logger/1.12.3/Logger.html#module-levels +#LOG_LEVEL=debug + +# The URL that will be generated through out your app. When you combine all 3 +# values it should be the URL that visitors access in their browser / client. +#URL_SCHEME=https +#URL_HOST= +#URL_PORT=443 URL_SCHEME=http URL_HOST=localhost URL_PORT=4000 +# If you're using a CDN you can customize which URL gets used for your static +# files. If left commented out it will fall back to using your URL_HOST. +#URL_STATIC_HOST= + +# The address and bind port for the web server. +# (See: endpoint config in runtime.exs and Cowboy.) LISTEN_ADDRESS=0.0.0.0 PORT=4000 +# The origins from which you want to allow requests (comma separated) ORIGINS=//localhost:* +# You can configure error reporting via Sentry by providing a DSN. +# SENTRY_DSN=https://some-url.ingest.sentry.io/some-id + +# ============================================================================== +# <><><> JOB EXECUTION SETTINGS <><><> + +# You can configure the max run duration for jobs in milliseconds. This should +# be lower than the pod termination grace period if using Kubernetes. MAX_RUN_DURATION=20000 +MAX_DATACLIP_SIZE=10000000 +# ------------------------------------------------------------------------------ -# Those postgres credentials should match ones in .env for imis database -POSTGRES_USER=IMISUser -POSTGRES_PASSWORD=IMISuserP@s -POSTGRES_HOST=db +# ============================================================================== +# <><><> DATABASE SETTINGS <><><> -POSTGRES_DB="lightning_${MIX_ENV}" +# Disable SSL connections for Postgres +# In production mode, SSL connections are enforced by default - uncomment to +# disable this behaviour. +#DISABLE_DB_SSL=true -# Lightning uses DATABASE_URL to determine connection +# You you're using Docker for postgres, set POSTGRES_USER and POSTGRES_PASSWORD +# since the postgres Docker image uses them for its default database user and +# password. The database URL will be composed from these variables: +POSTGRES_USER=${DB_USER} +POSTGRES_PASSWORD=${DB_PASSWORD} +POSTGRES_HOST=db +#POSTGRES_PORT=5432 +POSTGRES_DB="lightning_${MIX_ENV}" DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${POSTGRES_DB}" +# If you're not using docker, but running postgres locally and migrating/running +# using `env $(cat .env | grep -v "#" | xargs )` set the database url directly: +# DATABASE_URL=postgres://hello:password@localhost/lightning_dev +# ============================================================================== + +# Generate secure keys, see ./DEPLOYMENT.md +PRIMARY_ENCRYPTION_KEY=0bJ9w+hn4ebQrsCaWXuA9JY49fP9kbHmywGd5K7k+/s= +ATTEMPTS_PRIVATE_KEY="LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBeWJER3JEbFBWd05yWTA4czF3VkU5SktDSWhhditwT1ZXVSsyR2pSekFneEI5dW5CCjFrejdJQTh3SUIyZ1NseDhYWHlPZDA5QmhlMHBiRERxV2Q5YWV5OGZNb2tTMUVkcGFBT1k0YnRPYlIwbDFlM2wKazBQelBIc2lITWlFVWpTQm5yS2ZJZVJjd1VKK3NPaTQxVjYrTVV4V1FhSFBPTXRrWjRMNFdUOTVvV0paNG8wdQpQd0pXS0V0cmh3cHdoSldHeFl1Ym51TVhJdW1PTW5USFZ4cmlpdGRjODdyMDhuUTF3eDJjT3JkUkVBK25mWjVWCml6VHprUVFBTG1PNUI4V3IrS1ZYRW5HRUVHVTR2alRMYkQ5blAyclVXMXYvSFBTamgyZjlOaDlxd1RDQm04bGoKb1JBQ3BUTUhlS2VxYmpQOVgxM2V1bFp0a2hhK05kRndkeDdPZ1FJREFRQUJBb0lCQURrU2hkV2NUZ0F3WG9YMgpsSml2ekFodElOZm1sWnVSZ1pTSlF0MTlkQUhqV0JNM3FIc3N3MjhaL1NOSlh0OUw5b0U1eXRLbUljTjFEZUNvCm90Z1ZwUFB3cktKUE9YM0tTMkI4akJsc09GQVdER3ZSNnNIV1c1RUV3dTFrTEZWYXVFY2hBbmpEdHgrVTRtYkwKSStwMDZkcm5ZQTBvYll3RHVnQzBoZlF6U3diSVhaM3d6V25BVlRaZE4yTGFqRTA2UHRNSkxsSzZZZ3FyWmpObQpzeXpKSVgwRmg4WlFlOHZVMmF1U205UnIvTFhwMEN6TFpDYmxUT2RRcXlRdFQ3cHR5c2ZBUWZvZkkrMFNWcVZ2CkhqQUhaTU5ZZk9mSFJiMVBjVzFKdjZlSUJERFZiYXNCZVl5bWlQRStXVEpkOU1hbFNFSlI5NDFmaWFBQ1UwVEcKRlhLclQ4RUNnWUVBL0JaNEJvbkdONkVsQUd5akhldU42eXhka3JCUHJhUWh4am5ScEZxMGQzTjFISUdBS2pEVQpvQStEU0JzMG1NY2xRWm8yT1dHVTdZbzhwNkEzZVMyNTc2aVF6a1pndnNhS3hXcnFWTTBCRHdlOU5mdEYyVXQwCjhoczNZS1V2ek1yNEhiL1FTVFZkWldWZkR0YUdBY3kxTkFnVlRJcE9PK1FDTlk5V3p1cVVlT2tDZ1lFQXpOSVUKNm1HOGcxOUtqN1lJb3hmd1E1c3E1WGhWSk8zQ3MvVXpqSU5HKzNSRnZDWDRxd2VoTVdUY0NBVVFicnl5MGlJSApYdGpXR1B3clM5Z0JiZzdsS2VJdkdQYXRlZGhrZUNqMDJzVVp3SnZoUGowaHRXTnZWckRnb1doWG03M0xNUU1lCnRrOTdDejZta0J5RWw0VGcwMTVLL1JHK2hVLzl0aVhWRDBoUEtka0NnWUFqV0c4cDA0V0VaVWJQNFd1WmxWNkgKdStlKzJwUEJjQU1BVFRrVXgxY0liSnJlRFZaUUZCcXIrcURZcWwvY2tBZXNSQmdZUVpObEh2M1VMd1c0S3U0bwpLVVZzZHJlMzZCU3JDNHVocWtEY3Y2UUsvcGxUbDEzbFdHV1NXbmJ5U3Y4eEJLVUtycjNTcXIwQ1VwZmxock5kCmdVaWpPNzB1YnBEVXU2MWJRODdmaVFLQmdFQkhBYWRZaXNlVHBSdWFuZlZJOHU3VWlFN0JSNzh5R25OTlZTTVkKbzdNUUZ6NW5rRFZrVEpMcXV4Nk5NRTRBVEFJa0Nib2JSSDFNemUyY1dUNkgwQ1VueFc0SkpBSGtCZ3VybHNQOQpMUXJFSUpqZXFIQjdSeHFtb2FnbHpiQ2pqRnZTUmRZaTlWTmZFdmlRNm85K2RPd0FZSG94RW1CVjdTSTNsemlYCmtiaHBBb0dBYjBrVUVpanl0akZlUWJBRGYvRk92VlRVdmUxZW9PK3JuWmJ2V3NhVWhVSGRuMTdDUXc0Y1ZjK0UKbHQzWXhHVmMvNldIV3E3azB4YXBlVWJucEF4NjNIMTlNZTRjTmJFaXZSb2d4bzdHWERnRDIxbENGUHlCUmZKagpLN2g1VE1lQnRnZjhibGdrVzcxenkyWFdNWnBJRXVRT3ZCZjJqRVJuU0hYTDFrL2NObDQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg" +WORKER_SECRET="dECXNlqctXJ/a+1FI4AaeLZY4Rp+Pxo23WwmJxC2xew=" +# Start your app with RTM=false to manage your runtime manually. You might be +# doing this so that you can run `ws-worker` by hand on a local branch, rather +# than using the NPM installed version. +# RTM=false + + +# Should Docker restart your containers if they go down in unexpected ways? +#DOCKER_RESTART_POLICY=unless-stopped DOCKER_RESTART_POLICY=no +# What health check test command do you want to run? In development, having it +# curl your web server will result in a lot of log spam, so setting it to +# /bin/true is an easy way to make the health check do basically nothing. +#DOCKER_WEB_HEALTHCHECK_TEST=curl localhost:4000/health_check DOCKER_WEB_HEALTHCHECK_TEST=/bin/true -LIGHTNING_EXTERNAL_PORT=4000 - +# What ip:port should be published back to the Docker host for the app server? +# If you're using Docker Toolbox or a custom VM you can't use 127.0.0.1. This +# is being overwritten in dev to be compatible with more dev environments. +# +# If you have a port conflict because something else is using 4000 then you +# can either stop that process or change 4000 to be something else. +# +# Use the default in production to avoid having it directly accessible to +# the internet without assistance from a cloud based firewall. +#LIGHTNING_EXTERNAL_PORT=127.0.0.1:4000 +LIGHTNING_EXTERNAL_PORT=4001 + +# What volume path should be used? In dev we want to volume mount everything +# so we can develop our code without rebuilding our Docker images. +# Note that by mounting the whole project into the container, you will need to +# follow the Contributing steps in the README. +#LIGHTNING_VOLUME=.:/app + +# What CPU and memory constraints will be added to your services? When left at +# 0, they will happily use as much as needed. +#DOCKER_POSTGRES_CPUS=0 +#DOCKER_POSTGRES_MEMORY=0 +#DOCKER_WEB_CPUS=0 +#DOCKER_WEB_MEMORY=0 + +# Give this variable the value of true if you want the system to create a sample project for a new registered user INIT_PROJECT_FOR_NEW_USER=false +# If not provided, PURGE_DELETED_AFTER_DAYS defaults to 7. Set to 0 to never purge deleted records. PURGE_DELETED_AFTER_DAYS=7 +# To use https://plausible.io/ analytics, provide the SRC for your script and +# your data-domain below. +# PLAUSIBLE_SRC=https://plausible.io/js/script.js +# PLAUSIBLE_DATA_DOMAIN=openfn.org + +# If you wish to enable PromEx-driven Prometheus/Grafana monitoring use the following: +# PROMEX_ENABLED=true +# PROMEX_GRAFANA_HOST=http://localhost:3000 +# PROMEX_GRAFANA_USER=admin +# PROMEX_GRAFANA_PASSWORD=admin +# PROMEX_UPLOAD_GRAFANA_DASHBOARDS_ON_START=true +# PROMEX_DATASOURCE_ID=promex +# PROMEX_METRICS_ENDPOINT_AUTHORIZATION_REQUIRED=yes +# PROMEX_METRICS_ENDPOINT_TOKEN=foobar +# PROMEX_ENDPOINT_SCHEME=http + +# The length of time an Attempt must remain in the `available` state before it is +# considered `stalled`. +# METRICS_STALLED_ATTEMPT_THRESHOLD_SECONDS=300 + +# The maximum age of an Attempt that will be considered when measuring +# Attempt performance. +# METRICS_ATTEMPT_PERFORMANCE_AGE_SECONDS=120 + + + +# Example .env copied from Lightning repository, full description of variables can be found in +# https://github.com/OpenFn/Lightning + +# Thise secrets should be regenerated +PRIMARY_ENCRYPTION_KEY=0bJ9w+hn4ebQrsCaWXuA9JY49fP9kbHmywGd5K7k+/s= +SECRET_KEY_BASE=please_generate_a_more_secure_unique_secret_value_for_your_project + IMIS_USER_FIRST_NAME=IMISUser IMIS_USER_LAST_NAME=IMISUser diff --git a/.env.openSearch b/.env.openSearch new file mode 100644 index 0000000..bd5d921 --- /dev/null +++ b/.env.openSearch @@ -0,0 +1,5 @@ +DISCOVERY_TYPE=single-node +CLUSTER_NAME=my_opensearch_cluster +OPEN_SEARCH_HTTP_PORT=9200 +SLL_HTTP_ENABLED=false +OPENSEARCH_HOSTS='["http://opensearch:9200"]' diff --git a/.env.openSearch.example b/.env.openSearch.example index 66a086f..bd5d921 100644 --- a/.env.openSearch.example +++ b/.env.openSearch.example @@ -2,7 +2,4 @@ DISCOVERY_TYPE=single-node CLUSTER_NAME=my_opensearch_cluster OPEN_SEARCH_HTTP_PORT=9200 SLL_HTTP_ENABLED=false -OPENSEARCH_ADMIN=admin -OPENSEARCH_PASSWORD=admin -OPENSEARCH_BASIC_TOKEN="Basic YourBasicToken" -OPENSEARCH_HOSTS=http://opensearch:9200 +OPENSEARCH_HOSTS='["http://opensearch:9200"]' diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..da93b2d --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,23 @@ +name: Sonar CI pipeline +on: + push: + branches: + - main + - 'release/**' + - develop + - 'feature/**' + pull_request: + types: [opened, synchronize, reopened] +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/README.md b/README.md index b79502d..e91d5b1 100644 --- a/README.md +++ b/README.md @@ -1,44 +1,44 @@ # openIMIS dockerized - This repository provides a dockerized openIMIS (all components) as a quick setup for development, testing or demoing. + This repository provides a dockerized openIMIS (all components) as a quick setup , testing or demoing. Please look for further instructions on the openIMIS Wiki: https://openimis.atlassian.net/wiki/spaces/OP/pages/963182705/MO1.1+Install+the+modular+openIMIS+using+Docker - The docker compose currently contains the openIMIS database, backend + worker, frontend, restapi and gateway components. + The docker-compose currently contains the openIMIS database, backend + worker, frontend, and third parties components (lightning, opensearch, rabitMQ ... ). + In case of troubles, please consult/contact our service desk via our [ticketing site](https://openimis.atlassian.net/servicedesk/customer). -#Prerequisit +# Prerequisit - Docker installed -# First startup +# fast lane -* create a `.env` file, use .env.example as starting point + You can use the script `deploy_openimis.sh`to initialize all components + +# First startup -## Configure the restapi - the rest api config files appsettings.json, appsettings.Production.json, appsetting.Developments.json must be created in the folder ./conf/restapi - create the log folder ./logs¨ +* create a `.env` file, use `.env.example` as starting point (respectivement for `.env.lightning`, `.env.openSearch`) +* chose database vendor: the default is psql but you can edit the docker-compose.yml and change `docker-compose-psql.yml` to `docker-compose-mssql.yml` - to remove the restapi one will have to: - - uncomment the volume in the fronend config - - replace openimis.conf with openimis.conf.without_restapi ## Configure the gateway (optionnal) - - uncomment the volume in the fronend config - - make modification in openimis.conf +* uncomment the volume in the frontend config +* make modification in openimis.conf -## Init database +## main database initialisation -Include the line INIT_MODE=demo in .env or uncomment it if .env.example copied to intiate the database with the DEMO dataset, it will create an empty openIMIS database otherwise +Include the line INIT_MODE=demo in .env or uncomment it in case it has been copied from .env.example copied to intiate the database with the DEMO dataset, it will create an empty openIMIS database otherwise + + +## OpenFN/Lightning setup ( manage social protection workflow/import ) -## OpenFN/Lightning setup -Lightning is not by default enabled in dockerized instance. To make it work it's required to: * Copy `.env.lightning.example` to `.env.lightning` and make adjustments * Create `lightning_dev` database in db container * Run container build `docker compose -f docker-compose.lightning.yml --env-file .env.lightning --env-file .env build` @@ -71,11 +71,15 @@ To pull new images or images update `docker compose pull` Use the certbot docker compose file -export NEW_OPENIMIS_HOST first +export DOMAIN first ## Dry run docker compose run --rm --entrypoint " certbot certonly --webroot -w /var/www/certbot --staging --register-unsafely-without-email -d ${NEW_OPENIMIS_HOST} --rsa-key-size 2048 --agree-tos --force-renewal" certbot -## Actual setup +## dry run +docker-compose run --rm --entrypoint " certbot certonly --webroot -w /var/www/certbot --staging --register-unsafely-without-email -d ${DOMAIN} --rsa-key-size 2048 --agree-tos --force-renewal" certbot + +## actual setup + +docker-compose run --rm --entrypoint " certbot certonly --webroot -w /var/www/certbot --register-unsafely-without-email -d ${DOMAIN} --rsa-key-size 2048 --agree-tos --force-renewal" certbot -docker compose run --rm --entrypoint " certbot certonly --webroot -w /var/www/certbot --register-unsafely-without-email -d ${NEW_OPENIMIS_HOST} --rsa-key-size 2048 --agree-tos --force-renewal" certbot diff --git a/conf/nginx/locations/backend.loc b/conf/nginx/locations/backend.loc new file mode 100644 index 0000000..51f388e --- /dev/null +++ b/conf/nginx/locations/backend.loc @@ -0,0 +1,21 @@ + + location /${REACT_APP_API_URL}/ { + + proxy_pass http://${backend}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto https; + } + location = /check_user/ { + internal; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://${backend}/${REACT_APP_API_URL}/core/users/current_user/; + } + + diff --git a/conf/nginx/locations/certbot.loc b/conf/nginx/locations/certbot.loc new file mode 100644 index 0000000..17a03e7 --- /dev/null +++ b/conf/nginx/locations/certbot.loc @@ -0,0 +1,3 @@ +location /.well-known/acme-challenge/ { + root /var/www/certbot; +} \ No newline at end of file diff --git a/conf/nginx/locations/frontend.loc b/conf/nginx/locations/frontend.loc new file mode 100644 index 0000000..86517ea --- /dev/null +++ b/conf/nginx/locations/frontend.loc @@ -0,0 +1,10 @@ + + + location / { + return 302 https://$host/${PUBLIC_URL}/; + } + + location /${PUBLIC_URL} { + try_files $uri $uri/ /${PUBLIC_URL}/index.html; + #error_page 404 $scheme://$host/front/; + } diff --git a/conf/nginx/locations/lightning.loc b/conf/nginx/locations/lightning.loc new file mode 100644 index 0000000..6bce374 --- /dev/null +++ b/conf/nginx/locations/lightning.loc @@ -0,0 +1,14 @@ + + location /lightning/ { + + rewrite /lightning/(.*) /$1 break; + proxy_pass http://${lightning}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $server_name; + + + } + diff --git a/conf/nginx/locations/opensearch.loc b/conf/nginx/locations/opensearch.loc new file mode 100644 index 0000000..79cfec2 --- /dev/null +++ b/conf/nginx/locations/opensearch.loc @@ -0,0 +1,13 @@ + + location /opensearch/ { + auth_request /check_user/; + proxy_pass http://${opensearch}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header Authorization "Basic ${OPENSEARCH_BASIC_TOKEN}"; + + } + diff --git a/conf/nginx/locations/restapi.loc.bk b/conf/nginx/locations/restapi.loc.bk new file mode 100644 index 0000000..b7c6458 --- /dev/null +++ b/conf/nginx/locations/restapi.loc.bk @@ -0,0 +1,14 @@ + + + location /${ROOT_MOBILEAPI}/ { + + #this rewrite rule is required to remove "ROOT_MOBILEAPI" because implicite rule (/ at the end of the url) donc work with variable + rewrite /${ROOT_MOBILEAPI}/(.*) /$1 break; + proxy_pass http://${restapi}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $server_name; + + } diff --git a/conf/nginx/openimis.conf b/conf/nginx/openimis.conf index 91ee8d5..6598f67 100644 --- a/conf/nginx/openimis.conf +++ b/conf/nginx/openimis.conf @@ -1,8 +1,7 @@ server { resolver 127.0.0.11 valid=30s; - set $dockerbackend "backend:8000"; - set $dockerrestapi "restapi:80"; + client_max_body_size ${DATA_UPLOAD_MAX_MEMORY_SIZE}; listen 443 ssl; @@ -12,39 +11,10 @@ server { ssl_certificate /etc/letsencrypt/live/${NEW_OPENIMIS_HOST}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${NEW_OPENIMIS_HOST}/privkey.pem; root /usr/share/nginx/html; - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } + location /.well-known { root /var/www/html; } + ###INCLUDE_PLACEHOLDER### - location / { - return 302 https://$host/${PUBLIC_URL}/${REDIRECT_TAIL}; - } - - location /${PUBLIC_URL} { - try_files $uri $uri/ /${PUBLIC_URL}/index.html; - #error_page 404 $scheme://$host/front/; - } - - location /${REACT_APP_API_URL}/ { - proxy_pass http://${dockerbackend}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Forwarded-Proto https; - } - - location /${ROOT_MOBILEAPI}/ { - #this rewrite rule is required to remove "ROOT_MOBILEAPI" because implicite rule (/ at the end of the url) donc work with variable - rewrite /${ROOT_MOBILEAPI}/(.*) /$1 break; - proxy_pass http://${dockerrestapi}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $server_name; - } } \ No newline at end of file diff --git a/conf/nginx/variables/var.conf b/conf/nginx/variables/var.conf new file mode 100644 index 0000000..0567990 --- /dev/null +++ b/conf/nginx/variables/var.conf @@ -0,0 +1,4 @@ +set $backend "backend:8000"; +set $opensearch "opensearch-dashboards:5601"; +set $lightning "lightning:4000"; +set $frontend "lightning:4000"; \ No newline at end of file diff --git a/deploy_openimis.sh b/deploy_openimis.sh new file mode 100644 index 0000000..b387f2b --- /dev/null +++ b/deploy_openimis.sh @@ -0,0 +1,37 @@ +#!/bin/bash +#rename .env +if [[ -f '.env' ]] +then +echo "Using existing env files" +else +echo "creating env files from example" +cp .env.example .env +cp .env.lightning.example .env.lightning +cp .env.openSearch.example .env.openSearch +fi + + +if [[ -f '.init.lock' ]] +then +echo "initialisation already done" +else +echo "initialisation" + +docker compose up -d db +#set -a # automatically export all variables +source .env +source .env.lightning +#set +a +docker compose run -e PGPASSWORD=${POSTGRES_PASSWORD} --rm db createdb -h db -U ${POSTGRES_USER} ${POSTGRES_DB} +set -e +docker compose run --rm web mix ecto.migrate +docker compose run --rm web mix run imisSetupScripts/imisSetup.exs +#TODO init opensearch dashboard with API/ manage command +echo "connect to https://{DOMAIN}" +echo "then go to https://{DOMAIN}/opensearch" +echo "then go in manage / saved object / import to import the openSearch dashboard" +touch '.init.lock' +fi +docker compose up -d + + diff --git a/docker-compose-mssql.yml b/docker-compose-mssql.yml deleted file mode 100644 index 0788b83..0000000 --- a/docker-compose-mssql.yml +++ /dev/null @@ -1,119 +0,0 @@ -version: "2.4" - -services: - db: - container_name: ${PROJECT_NAME:-openimis}-db - image: ghcr.io/openimis/openimis-mssql:${DB_TAG:-latest} - restart: always - environment: - - DB_USER_PASSWORD=${DB_PASSWORD} - - SA_PASSWORD=${DB_PASSWORD} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - ACCEPT_EULA=${ACCEPT_EULA} - - INIT_MODE=${INIT_MODE} - healthcheck: - test: "bash /app/healthcheck.sh" - interval: 10s - timeout: 5s - retries: 5 - start_period: 100s - networks: - openimis-net: - volumes: - - database:/var/opt/mssql/data - ports: - - 1433:1433 - ## WARNING: - ## exposing the database port outside the openimis-net network - ## may lead to security issue (depending on your network topology) - # ports: - # - 1433:1433 - backend: - container_name: ${PROJECT_NAME:-openimis}-api - image: ghcr.io/openimis/openimis-be:${BE_TAG:-develop} - restart: always - command: start - volumes: - - photos:/openimis-be/openIMIS/images/insurees - environment: &backend-env - - DB_HOST=${DB_HOST} - - DB_PORT=${DB_PORT} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PASSWORD=${DB_PASSWORD} - - SITE_ROOT=api - - DEBUG=True - - DJANGO_LOG_LEVEL=DEBUG - - SITE_URL=${NEW_OPENIMIS_HOST} - - CELERY_BROKER_URL=amqp://rabbitmq - depends_on: - db: - condition: service_healthy - networks: - openimis-net: - - frontend: - container_name: ${PROJECT_NAME:-openimis}-frontend - image: ghcr.io/openimis/openimis-fe:${FE_TAG:-develop} - restart: always - environment: - - REACT_APP_API_URL=api - - NEW_OPENIMIS_HOST=${NEW_OPENIMIS_HOST} - - OPENIMIS_CONF_JSON=${OPENIMIS_FE_CONF_JSON} - networks: - openimis-net: - ports: - - ${HTTP_PORT:-80}:80 - - ${HTTPS_PORT:-443}:443 - depends_on: - - backend - volumes: - - ./data/certbot/conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot - # uncomment to use custom openimis.conf - #- ./conf/nginx:/conf/ - worker: - container_name: ${PROJECT_NAME:-openimis}-worker - image: ghcr.io/openimis/openimis-be:${BE_TAG:-develop} - command: worker - restart: always - volumes: - - photos:/openimis-be/openIMIS/images/insurees - depends_on: - - backend - environment: *backend-env - networks: - openimis-net: - rabbitmq: - container_name: ${PROJECT_NAME:-openimis}-rabbitmq - image: rabbitmq:3-management - restart: always - networks: - openimis-net: - restapi: - container_name: ${PROJECT_NAME:-openimis}-restapi - image: ghcr.io/openimis/openimis-rest_api:${RESTAPI_TAG:-develop} - environment: - - DB_HOST=${DB_HOST} - - DB_PORT=${DB_PORT} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PASSWORD=${DB_PASSWORD} - volumes: - #- ./conf/restapi:/app/config - - ./logs:/app/log - - photos:/app/photos - - ./Escape:/app/Escape - - ./FromPhone:/app/FromPhone - restart: always - depends_on: - db: - condition: service_healthy - networks: - openimis-net: -networks: - openimis-net: -volumes: - database: - photos: diff --git a/docker-compose.base.yml b/docker-compose.base.yml new file mode 100644 index 0000000..21f3a6b --- /dev/null +++ b/docker-compose.base.yml @@ -0,0 +1,66 @@ +#version: "3.7" +x-api: &default-api + image: ghcr.io/openimis/openimis-be:${BE_TAG:-develop} + environment: + - DB_HOST=${DB_HOST} + - DB_PORT=${DB_PORT} + - DB_NAME=${DB_NAME} + - DB_USER=${DB_USER} + - DB_PASSWORD=${DB_PASSWORD} + - SITE_ROOT=api + - SITE_URL=${DOMAIN} + - CELERY_BROKER_URL=amqp://rabbitmq + - DB_ENGINE=${DB_ENGINE} + - MODE=${MODE:-Prod} + volumes: + - photos:/openimis-be/openIMIS/images/insurees + depends_on: + db: + condition: service_healthy + networks: + openimis-net: + restart: always + +services: + frontend: + container_name: ${PROJECT_NAME:-openimis}-frontend + image: ghcr.io/openimis/openimis-fe:${FE_TAG:-develop} + restart: always + environment: + - REACT_APP_API_URL=api + - NEW_OPENIMIS_HOST=${DOMAIN} + - OPENIMIS_CONF_JSON=${OPENIMIS_FE_CONF_JSON} + - OPENSEARCH_BASIC_TOKEN=${OPENSEARCH_BASIC_TOKEN} + networks: + openimis-net: + ports: + - ${HTTP_PORT:-80}:80 + - ${HTTPS_PORT:-443}:443 + depends_on: + - backend + volumes: + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot + # uncomment to use custom openimis.conf + - ./conf/nginx:/conf/ + backend: + <<: *default-api + container_name: ${PROJECT_NAME:-openimis}-api + command: start + + worker: + <<: *default-api + container_name: ${PROJECT_NAME:-openimis}-worker + command: worker + rabbitmq: + container_name: ${PROJECT_NAME:-openimis}-rabbitmq + image: rabbitmq:3-management + restart: always + networks: + openimis-net: +networks: + openimis-net: + name: "${PROJECT_NAME:-openimis}-net" +volumes: + database: + photos: diff --git a/docker-compose.certbot.yml b/docker-compose.certbot.yml index b32b9c4..369143b 100644 --- a/docker-compose.certbot.yml +++ b/docker-compose.certbot.yml @@ -1,73 +1,6 @@ -version: "2.4" - +#version: "3.7" services: - db: - container_name: ${PROJECT_NAME:-openimis}-db - image: ghcr.io/openimis/openimis-pgsql:${DB_TAG:-latest} - environment: - - DB_USER_PASSWORD=${DB_PASSWORD} - - SA_PASSWORD=${DB_PASSWORD} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - ACCEPT_EULA=${ACCEPT_EULA} - healthcheck: - test: "bash /app/healthcheck.sh" - interval: 10s - timeout: 5s - retries: 5 - start_period: 100s - networks: - openimis-net: - volumes: - - database:/var/opt/mssql/data - ports: - - 1433:1433 - ## WARNING: - ## exposing the database port outside the openimis-net network - ## may lead to security issue (depending on your network topology) - # ports: - # - 1433:1433 - backend: - container_name: ${PROJECT_NAME:-openimis}-api - image: ghcr.io/openimis/openimis-be:${BE_TAG:-develop} - command: start - volumes: - - photos:/openimis-be/openIMIS/images/insurees - environment: &backend-env - - DB_HOST=${DB_HOST} - - DB_PORT=${DB_PORT} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PASSWORD=${DB_PASSWORD} - - DB_ENGINE=${DB_ENGINE} - - SITE_ROOT=api - - DEBUG=True - - DJANGO_LOG_LEVEL=DEBUG - - SITE_URL=${NEW_OPENIMIS_HOST} - - CELERY_BROKER_URL=amqp://rabbitmq - depends_on: - db: - condition: service_healthy - networks: - openimis-net: - frontend: - container_name: ${PROJECT_NAME:-openimis}-frontend - image: ghcr.io/openimis/openimis-fe:${FE_TAG:-develop} - environment: - - REACT_APP_API_URL=api - - NEW_OPENIMIS_HOST=${NEW_OPENIMIS_HOST} - - OPENIMIS_CONF_JSON=${OPENIMIS_FE_CONF_JSON} - networks: - openimis-net: - ports: - - ${HTTP_PORT:-80}:80 - - ${HTTPS_PORT:-443}:443 - depends_on: - - backend - volumes: - - ./data/certbot/conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot certbot: image: certbot/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" @@ -76,48 +9,3 @@ services: - ./data/certbot/www:/var/www/certbot # uncomment to use custom openimis.conf #- ./conf/nginx:/conf/ - - worker: - container_name: ${PROJECT_NAME:-openimis}-worker - image: ghcr.io/openimis/openimis-be:${BE_TAG:-develop} - command: worker - restart: always - volumes: - - photos:/openimis-be/openIMIS/images/insurees - depends_on: - - backend - environment: *backend-env - networks: - openimis-net: - rabbitmq: - container_name: ${PROJECT_NAME:-openimis}-rabbitmq - image: rabbitmq:3-management - restart: always - networks: - openimis-net: - restapi: - container_name: ${PROJECT_NAME:-openimis}-restapi - image: ghcr.io/openimis/openimis-rest_api:${RESTAPI_TAG:-develop} - environment: - - DB_HOST=${DB_HOST} - - DB_PORT=${DB_PORT} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PASSWORD=${DB_PASSWORD} - volumes: - #- ./conf/restapi:/app/config - - ./logs:/app/log - - photos:/app/photos - - ./Escape:/app/Escape - - ./FromPhone:/app/FromPhone - restart: always - depends_on: - db: - condition: service_healthy - networks: - openimis-net: -networks: - openimis-net: -volumes: - database: - photos: diff --git a/docker-compose.lightning.yml b/docker-compose.lightning.yml index d322f01..91238b7 100644 --- a/docker-compose.lightning.yml +++ b/docker-compose.lightning.yml @@ -1,27 +1,28 @@ -version: "3.7" - +#version: "3.7" x-lightning: &default-app - build: - dockerfile: Dockerfile-dev- - context: "https://github.com/openimis/openimis-lightning_dkr.git#develop" - args: - - "MIX_ENV=${MIX_ENV:-dev}" - - "NODE_ENV=${NODE_ENV:-development}" - target: "${MIX_ENV:-dev}" + image: ghcr.io/openimis/openimis-lightning_dkr:develop + platform: linux/amd64 + #build: + # dockerfile: Dockerfile-dev- + # context: "https://github.com/openimis/openimis-lightning_dkr.git#delcroip-patch-1" + # target: "${MIX_ENV:-dev}" + # args: + # - "MIX_ENV=${MIX_ENV:-dev}" + # - "NODE_ENV=${NODE_ENV:-development}" + depends_on: - - "postgres" + - "db" env_file: - - .env + - ".env.lightning" + restart: "${DOCKER_RESTART_POLICY:-unless-stopped}" stop_grace_period: "3s" - tty: ${TTY:-false} volumes: - "${LIGHTNING_VOLUME:-./priv/static:/app/priv/static}" services: - - lightning-web: + web: <<: *default-app container_name: ${PROJECT_NAME}-lightning env_file: @@ -35,23 +36,10 @@ services: networks: openimis-net: ports: - - ${LIGHTNING_EXTERNAL_PORT:-4000}:4000 - postgres: - container_name: ${PROJECT_NAME}-lightning-db - env_file: - - .env - image: "postgres:14.2-alpine" - restart: "${DOCKER_RESTART_POLICY:-unless-stopped}" - stop_grace_period: "3s" - volumes: - - "postgres:/var/lib/postgresql/data" + - "${LIGHTNING_EXTERNAL_PORT:-127.0.0.1:4000}:${URL_PORT}" networks: openimis-net: volumes: postgres: {} -networks: - openimis-net: - name: ${PROJECT_NAME}-openimis-net - external: True diff --git a/docker-compose.mssql.yml b/docker-compose.mssql.yml new file mode 100644 index 0000000..4ce6908 --- /dev/null +++ b/docker-compose.mssql.yml @@ -0,0 +1,31 @@ +#version: '3.7' +services: + db: + container_name: ${PROJECT_NAME:-openimis}-db + image: ghcr.io/openimis/openimis-mssql:${DB_TAG:-latest} + restart: always + environment: + - DB_USER_PASSWORD=${DB_PASSWORD} + - SA_PASSWORD=${DB_PASSWORD} + - DB_NAME=${DB_NAME} + - DB_USER=${DB_USER} + - ACCEPT_EULA=${ACCEPT_EULA} + - INIT_MODE=${INIT_MODE} + healthcheck: + test: "bash /app/healthcheck.sh" + interval: 10s + timeout: 5s + retries: 5 + start_period: 100s + networks: + openimis-net: + volumes: + - database:/var/opt/mssql/data + ports: + - 1433:1433 + ## WARNING: + ## exposing the database port outside the openimis-net network + ## may lead to security issue (depending on your network topology) + # ports: + # - 1433:1433 + \ No newline at end of file diff --git a/docker-compose.openSearch.yml b/docker-compose.openSearch.yml index 51f0570..ece11d3 100644 --- a/docker-compose.openSearch.yml +++ b/docker-compose.openSearch.yml @@ -1,4 +1,4 @@ -version: '2.4' +#version: '3.7' services: opensearch: build: @@ -11,32 +11,29 @@ services: - "cluster.name=${CLUSTER_NAME:-my_opensearch_local}" - "http.port=${OPEN_SEARCH_HTTP_PORT:-9200}" - "plugins.security.ssl.http.enabled=${SLL_HTTP_ENABLED:-false}" + - "plugins.security.disabled=true" volumes: - "opensearch-data1:/usr/share/opensearch/data" networks: openimis-net: opensearch-dashboards: - image: opensearchproject/opensearch-dashboards:latest - container_name: opensearch-dashboards - ports: - - "5601:5601" - expose: - - "5601" + image: opensearchproject/opensearch-dashboards:2.9.0 + container_name: ${PROJECT_NAME:-openimis}-opensearch-dashboards environment: - - "OPENSEARCH_HOSTS=${OPENSEARCH_HOSTS:-http://opensearch:9200}" - - "ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME:-admin}" - - "ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:-admin}" - - 'SERVER_BASEPATH="/opensearch"' - - 'SERVER_REWRITEBASEPATH=true' + - OPENSEARCH_HOSTS=${OPENSEARCH_HOSTS:-http://opensearch:9200} + - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" + - SERVER_BASEPATH=/opensearch + - SERVER_REWRITEBASEPATH=true volumes: - - "./opensearch-configuration/opensearch.yml:/usr/share/opensearch-dashboards/config/opensearch.yml" + - "./conf/opensearch/opensearch.yml:/usr/share/opensearch-dashboards/config/opensearch.yml" networks: openimis-net: volumes: opensearch-data1: +# networks: +# openimis-net: +# name: "${PROJECT_NAME:-openimis}-net" +# external: true + -networks: - openimis-net: - name: ${PROJECT_NAME}-openimis-net - external: True diff --git a/docker-compose.psql.yml b/docker-compose.psql.yml new file mode 100644 index 0000000..506b501 --- /dev/null +++ b/docker-compose.psql.yml @@ -0,0 +1,21 @@ +#version: '3.7' +services: + db: + container_name: ${PROJECT_NAME:-openimis}-db + image: ghcr.io/openimis/openimis-pgsql:${DB_TAG:-latest} + environment: + - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_DB=${DB_NAME} + - POSTGRES_USER=${DB_USER} + - INIT_MODE=${INIT_MODE} + healthcheck: + test: pg_isready -U ${DB_USER} -d ${DB_NAME} + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - database:/var/lib/postgresql/data + restart: always + networks: + openimis-net: diff --git a/docker-compose.yml b/docker-compose.yml index d10b944..5357979 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,95 +1,20 @@ -version: "3.7" -x-api: &default-api - image: ghcr.io/openimis/openimis-be:${BE_TAG:-develop} - healthcheck: - test: ['CMD', 'curl' ,"--fail" ,"--silent", "--write-out" ,"HTTP CODE : %{http_code}\n", '--output', '/dev/null', 'http://127.0.0.1:8000/${SITE_ROOT}/core/'] - interval: 20s - timeout: 5s - retries: 10 - start_period: 30s - environment: - - DB_HOST=${DB_HOST} - - DB_PORT=${DB_PORT} - - DB_NAME=${DB_NAME} - - DB_USER=${DB_USER} - - DB_PASSWORD=${DB_PASSWORD} - - SITE_ROOT=api - - SITE_URL=${NEW_OPENIMIS_HOST} - - CELERY_BROKER_URL=amqp://rabbitmq - - DB_ENGINE=${DB_ENGINE} - - DJANGO_LOG_LEVEL=DEBUG - - DEBUG=True - depends_on: - db: - condition: service_healthy - networks: - openimis-net: - restart: always - volumes: - - photos:/openimis-be/openIMIS/images/insurees +include: + - path: docker-compose.psql.yml + env_file: .env + - path: docker-compose.base.yml + env_file: .env + - path: docker-compose.openSearch.yml + env_file: + - .env + - .env.openSearch + - path: docker-compose.lightning.yml + env_file: + - .env + - .env.lightning +# - path: docker-compose.certbot.yml + + + + + -services: - db: - container_name: ${PROJECT_NAME:-openimis}-db - image: ghcr.io/openimis/openimis-pgsql:${DB_TAG:-latest} - build: - target: ${INIT_MODE:-base} - environment: - - POSTGRES_PASSWORD=${DB_PASSWORD} - - POSTGRES_DB=${DB_NAME} - - POSTGRES_USER=${DB_USER} - - INIT_MODE=${INIT_MODE} - healthcheck: - test: ['CMD', 'pg_isready', '-U', "$DB_USER", '-d', "$DB_NAME"] - interval: 10s - timeout: 5s - retries: 5 - start_period: 30s - volumes: - - database:/var/lib/postgresql/data - restart: always - networks: - openimis-net: - backend: - <<: *default-api - container_name: ${PROJECT_NAME:-openimis}-api - command: start - gateway: - container_name: ${PROJECT_NAME:-openimis}-frontend - image: ghcr.io/openimis/openimis-fe:${FE_TAG:-develop} - restart: always - environment: - - REACT_APP_API_URL=api - - NEW_OPENIMIS_HOST=${NEW_OPENIMIS_HOST} - - OPENIMIS_CONF_JSON=${OPENIMIS_FE_CONF_JSON} - - FORCE_RELOAD=1 - - OPENSEARCH_BASIC_TOKEN=${OPENSEARCH_BASIC_TOKEN} - networks: - openimis-net: - ports: - - ${HTTP_PORT:-80}:80 - - ${HTTPS_PORT:-443}:443 - depends_on: - - backend - volumes: - - ./data/certbot/conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot - # uncomment to use custom openimis.conf - # - ./conf/nginx:/conf/ - worker: - <<: *default-api - container_name: ${PROJECT_NAME:-openimis}-worker - command: worker - rabbitmq: - container_name: ${PROJECT_NAME:-openimis}-rabbitmq - image: rabbitmq:3-management - restart: always - networks: - openimis-net: - -volumes: - database: - photos: -networks: - openimis-net: - name: ${PROJECT_NAME}-openimis-net diff --git a/opensearch-configuration/Dockerfile-openSearch-dev- b/opensearch-configuration/Dockerfile-openSearch-dev- index a45e4ef..4256877 100644 --- a/opensearch-configuration/Dockerfile-openSearch-dev- +++ b/opensearch-configuration/Dockerfile-openSearch-dev- @@ -1,4 +1,4 @@ -FROM opensearchproject/opensearch:latest +FROM opensearchproject/opensearch:2.10.0 # Set the ownership of the data directory RUN chown -R 1000:1000 /usr/share/opensearch/data diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..b695e1d --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,6 @@ +sonar.projectKey=openimis_openimis-dist_dkr +sonar.organization=openimis-1 +sonar.projectName=openimis-openimis-dist_dkr + +sonar.sources=./ +sonar.sourceEncoding=UTF-8