Versions Compared

Old Version 3

changes.mady.by.user David Hübner

Saved on

compared with

New Version 4

changes.mady.by.user Marc Füller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Überarbeitung zur Vorbereitung des Betriebshandbuchs

...

Deployment is supported as either Docker containers or as a VM based deployment (currently only Ubuntu 18/20 is supported) for most components with some exceptions as per the following list:


DockerVM based (Ubuntu)
Coreyesyes
LUIyesyes
Authenticatoryesyes
Provisioneryesno
ETLyesno
Pwd Synchronizernoyes

For VM based deployment only Ubuntu 18/20 is currently supported.

Docker deployment

Docker images are provided for all components (except Pwd Synchronizer) and this is the preferred deployment model.

...

The following commands might be useful for operations:

Code Block
# Start: 
docker-compose up -d

# Stop: 
docker-compose down

# Display Status: 
docker-compose ps

# Show logs of individual container: 
docker logs {container-name}

# Restart individual container: 
docker restart {container-name}

...

didmos Core consists of two Docker containers:

ContainerDescription
{project-name}-core

...

API

...

{project-name}-

...

openldap LDAP Metadirectory

...


The logs of each component can be accessed via docker logs (see list of general commands)..

Code Block
docker logs {container-name}

Configuration is possible via docker environment variables (for supported parameters).

VM based

LDAP Metadirectory

The LDAP Metadirectory is installed via the Ubuntu distribution during the initial Ansible setup (i.e. apt install slapd).

...

It can be administered using the following commands:

Code Block
systemctl {start|stop|restart|status} slapd
  • Logs: TODO

To start the slapd server in debug mode use this command:

Code Block
/usr/local/libexec/slapd -F /usr/local/etc/slapd.d -d 1

These log levels are supported:

Image Added

More information about debugging OpenLDAP can be found in the documentation: https://www.openldap.org/doc/admin24/runningslapd.html 

didmos Core API Server

The didmos Core API server is installed as a python virtual environment and deployed as a mod_wsgi app in Apache webserver. The following locations on the VM are used:

ComponentLocation in file system
Python Virtual environment

...

/opt/didmos2coreEnv
Python application

...

/opt/didmos2core
Configuration (Templates and default config)

...

/opt/didmos2core/general

...


/opt/didmos2core/customer/customer_config
Configuration (Overrides)

...

/etc/didmos/core
Logs

...

/var/log/didmos
Apache config (mod_wsgi integration)

...

/etc/apache2/sites-available/api-ssl.conf
Apache logs

...

/var/log/apache2


Restarting the didmos Core API server is possible via the Apache webserver:

Code Block
systemctl

...

 {start|stop|restart|status} apache2

Backups of LDAP database

The core data of a didmos system is stored in the LDAP server and therefore backups of the entire LDAP server should be done regularly.

...

  • {project-name}-frontend

In that this container, the compiled frontend (Angular JavaScript app with assets like images, CSS-files etc.) is shipped using an nginx webserver. 

...

The compiled frontend  (Angular JavaScript app with assets like images, CSS-files etc.) is located in /var/www/didmos2lui and then shipped as static files using an Apache webserver. The following locations on the VM are used:

ComponentLocation in file system
Frontend files

...

/var/www/didmos2lui
Configuration file

...

/var/www/didmos2lui/assets/config/environment.json
Apache config

...

/etc/apache2/sites-available/lui-ssl.conf
Apache logs

...

/var/log/apache2


Generally In general, changes to the functionality always require recompiling the static files from source and then redeploying the compiled application on the VM.

...

didmos Auth consists of the following Docker container:

ContainerDescription

{project-name}-auth

Application

{project-name}-mongo

MongoDB Database

In the -auth container Auth is running as a mod_wsgi application inside an Apache webserver.

The -mongo container is running a Mongodb MongoDB for storage of the OIDC OP (i.e. registered clients, tokens).

...

didmos Auth is installed as a python virtual environment and deployed as a mod_wsgi app in Apache webserver. The following locations of the VM are used:

ComponentLocation in file system
Virtual environment (Python)

...

/opt/didmos2auth
Configuration

...

/etc/satosa
Logs

...

/var/log/satosa
Apache config (mod_wsgi integration)

...

/etc/apache2/sites-available/auth.conf
Apache logs

...

/var/log/apache2
MongoDB logs/var/log/mongodb


Restarting didmos Auth is possible via the Apache webserver: 

Code Block
systemctl

...

 {start|stop|restart|status} apache2


The application is based on Satosa and most of the configuration in /etc/satosa follows the default Satosa configuration (see https://github.com/IdentityPython/SATOSA).

MongoDB is installed via the Ubuntu distribution during the initial Ansible setup (i.e. apt install mongodb).

...

The administration of MongoDB can be done using these commands:

Code Block
systemctl {start|stop|restart|status} mongodb


Backups of MongoDB database

...

didmos Provisioner consists of the following Docker containers:

ContainerDescription
didmos2-rabbitmq

...

RabbitMQ queue

...

{project-name}-ra

...

Requesting authority

...

{project-name}-xyz-worker

...

Worker nodes, possible multiple containers for each target system

...

The logs can be accessed via docker logs (see list of general commands).

...

Configuration is possible via docker environment variables (for supported parameters) but generally via files in the volume.

Pwd Synchronizer

Todo?