Skip to content

Latest commit

 

History

History
361 lines (278 loc) · 15.6 KB

dev-setup.md

File metadata and controls

361 lines (278 loc) · 15.6 KB
Raw

🚀 Dev Setup 2.0

👋🏼 Prerequisites for development

👋🏼 Prerequisites for just running the services

Services:

Front-ends:

Infrastructure used in the project:

  • Rabbitmq
  • Postgres
  • Keycloak
  • Orthanc *
  • Elastic **
  • Kibana **
  • Redis **

(*) - Needed only for HIU when dicom image transferred from HIP (**) - Optional for local setup

Clean up (recommended always)

  1. Run following commands to clean up your local system, before running any infra setup
docker-compose -f docker-compose-infra-lite.yml down
docker system prune -a -f
docker volume rm $(docker volume ls -qf dangling=true)

Setup infra using docker before running services:

  1. Clone the consent-manager repository

  2. In the root directory, you should see the docker-compose-infra-lite.yml

  3. In the command line, run the following

    docker pull projecteka/monitor-db-initializer
docker pull projecteka/gateway-db-initializer
docker pull projecteka/cm-db-initializer
docker pull projecteka/hiu-db-initializer
docker pull projecteka/user-db-initializer
docker pull projecteka/dataflow-db-initializer
docker pull projecteka/data-notification-db-initializer
docker-compose -f docker-compose-infra-lite.yml up -d
 
docker logs $(docker ps -aqf "name=^cm-db-setup$")
docker logs $(docker ps -aqf "name=^hiu-db-setup$")
docker logs $(docker ps -aqf "name=^keycloak-setup$")
docker logs $(docker ps -aqf "name=^user-db-setup$")
docker logs $(docker ps -aqf "name=^dataflow-db-setup$")
docker logs $(docker ps -aqf "name=^data-notification-db-setup$")
    # if you see any errors, run the docker-compose again

docker exec -it $(docker ps -aqf "name=^postgres$") /bin/bash
psql -U postgres consent_manager
\d # should list all the tables
\c health_information_user
\d # should list all the tables
\c user_service
\d # should list all the tables
\c dataflow_service
\d # should list all the tables
\c data_notification_subscription;
\d # should list all the tables
exit # twice

  4. On gateway-db-initializer repo, bridge_service table has been restructured on Dec 11, 2020. Post this date, when you run the commands specified in step 3, you should be able to see both bridge_service_old and bridge_service tables.

    1. In order to have route table for bridges and CM, run the following commands.

      docker cp path-to-file-on-host/db-init-local.sh postgres:/tmp/db-init-local.sh (db-init-local.sh can be found on gateway repository)
docker exec -it postgres bash
cd tmp
chmod +x db-init-local.sh
./db-init-local.sh

    2. In order to migrate the data from bridge_service_old to bridge_service, run the following commands (Only applicable for existing installations, prior to Dec 11, 2020).

      docker cp path-to-file-on-host/flatten_bridge_service.sh postgres:/tmp/flatten_bridge_service.sh (flatten_bridge_service.sh can be found on gateway repository)
docker exec -it postgres bash
cd tmp
chmod +x flatten_bridge_service.sh
./flatten_bridge_service.sh

Note: In case, you want to run Kibana, elastic, use docker-compose-backend.yml

  1. Keycloak runs at http://localhost:9001

    1. Login with user-name: admin, password: welcome
    2. There are two realms Consent-Manager and Central-Registry
    3. Consent-Manager is only for activities with consent-manager service (consent-manager internal service calls and user-management)
    4. Central-Registry is only for intra-service authentication and authorisation, and being used by Gateway service. For example if consent-manager wants to call to gateway, then consent-manager needs to get a token from Gateway using the client-id and client-secret of its own, and it should have a role of CM assigned. Note: All the clients needed for local development added into the keycloak automatically. Need to assign the role manually.
      • 10000002 with role HIU and HIP
      • 10000005 with role HIU and HIP
      • gateway with a role gateway
      • ncg with a role 'CM'
    5. To be able to manipulate bridge & hip/hiu services entries, you need to add admin role to gateway client and create admin-user in Central-Registry realm.

    How to add a client

    1. Click on Clients
    2. Click on Create button in the top right corner of the clients table.
    3. Enter the client id, i.e. 10000002
    4. Click on Create
    5. On the clients page make the following the changes
      • Change Access Type to Confidential.
      • Turn on Service Accounts Enabled flag.
      • Turn on Authorization flag too.
      • Enter some random url in the Valid Redirect URIs. for example http://localhost:8080.
      • Click save (tip: From Credentials you can copy the Secret always)

    How to add a role in the realm

    1. On the left-hand menu, click on Roles
    2. Click on Add Role
    3. Enter Role Name, for example HIU
    4. Click Save
    5. Repeat the same steps for the roles (HIP, HIU, Gateway, CM) you want to add.

    How to add a service role to a client

    1. Click on Clients
    2. Go to the client (for example: ncg) which you want to add role
    3. Click on Service Account Roles tab
    4. On the Available Roles you should see the roles you just created, select the role you want to assign, and then click Add Selected
    5. Repeat the same steps for all the clients.

    How to add admin role to the gateway client

    1. Click on Clients
    2. Go to the gateway client
    3. Click on Roles tab
    4. Click on Add Role
    5. Enter Role Name as admin
    6. Click Save

    How to create admin-user

    1. Click on Users
    2. Click on Add user
    3. Enter Username as admin-user
    4. Click Save
    5. Click on Credentials tab
    6. Set Temporary check to OFF
    7. Enter Password and Password Confirmation as welcome
    8. Click on Set Password
    9. Click on Role Mappings tab
    10. Click on Client Roles - Select a client search box
    11. Type gateway and click enter
    12. On the Available Roles you should see admin role, select that to assign, and then click Add Selected
    13. Type realm-management and click enter
    14. On the Available Roles you should see manage-clients and manage-users roles, select those to assign, and then click Add Selected

  2. Setup RabbitMQ

    1. Clone infrastructure repo

    2. Run the following commands

      docker-compose -f docker-compose-rabbitmq.yml up -d
./rabbitmqDeploy.sh

docker exec -it $(docker ps -aqf "name=^rabbitmq$") /bin/bash
rabbitmqctl list_queues  # should see all the queues
exit

How to 🏃🏻‍♀️ services

Central-Registry a.k.a Client-Registry

  1. Clone central-registry

  2. Run through command line

    cd client-registry
./gradlew bootRun

Note: In case, if default values specified in the application.properties are not you use, you can change them accordingly and run.

OTP-Service

  1. Clone otp-service

  2. Run through command line

    cd otp-service
dotnet run --project src/In.ProjectEKA.OtpService/In.ProjectEKA.OtpService.csproj --environment "local"

Gateway

  1. Clone gateway

  2. Copy the client-secret http://localhost:9001/auth/admin/master/console/#/realms/central-registry/clients of gateway under credentials tab, and use it for a CLIENT_SECRET (client under central-registry realm)

  3. Run through command line

    cd gateway
CLIENT_SECRET=${CLIENT_SECRET} ./gradlew bootRunLocal

Consent-Manager

It's a mono-repo contains, consent, data flow, and user services, there are following common things across services. Those are exposed through HAProxy.

  1. Clone Consent-Manager
  2. You need to get client secret from keycloak
  3. Copy the client-secret http://localhost:9001/auth/admin/master/console/#/realms/consent-manager/clients of consent-manager under credentials tab, and use it for KEYCLOAK_CLIENTSECRET (client under consent-manager realm)
  4. Copy the client-secret http://localhost:9001/auth/admin/master/console/#/realms/central-registry/clients of ncg under credentials tab, and use it for GATEWAY_CLIENTSECRET (client under central-registry realm)

Consent

  1. Run through command line

    cd consent-manager
GATEWAY_CLIENTSECRET=${GATEWAY_CLIENTSECRET} KEYCLOAK_CLIENTSECRET=${KEYCLOAK_CLIENTSECRET} ./gradlew :consent:bootRunLocal

User-Service

  1. Run through command line

    cd consent-manager
GATEWAY_CLIENTSECRET=${GATEWAY_CLIENTSECRET} KEYCLOAK_CLIENTSECRET=${KEYCLOAK_CLIENTSECRET} ./gradlew :user:bootRunLocal

DataFlow Service

  1. Run through command line

    cd consent-manager
GATEWAY_CLIENTSECRET=${GATEWAY_CLIENTSECRET} KEYCLOAK_CLIENTSECRET=${KEYCLOAK_CLIENTSECRET} ./gradlew :dataflow:bootRunLocal

Reverse-Proxy

  1. Since there are two services to form a consent-manager application, we need proxy to route the request.

  2. Hence, haproxy is part of the project to route the request between consent and user service.

  3. Run the following command

    cd consent-manager
./gradlew composeUp

  4. In case if you want to bring down,

    ./gradlew composeDown

  5. In order to access consent manager, you can use http://localhost:8081

Data Notification Subscription

  1. Clone Data-Notification-Subscription

  2. Copy the client-secret http://localhost:9001/auth/admin/master/console/#/realms/central-registry/clients of 10000011 under credentials tab, and use it for CLIENT_SECRET (client under central-registry realm)

  3. Run through command line

    cd data-notification-subscription
GATEWAY_CLIENTSECRET=${GATEWAY_CLIENTSECRET} ./gradlew bootRunLocal

Hip-Service

  1. Clone hip-service
  2. Copy the client-secret http://localhost:9001/auth/admin/master/console/#/realms/central-registry/clients of 10000005 under credentials tab, and use it for CLIENT_SECRET (client under central-registry realm)
  3. Run through command line 
    cd hip-service
cp src/In.ProjectEKA.DefaultHip/Resources/*.json src/In.ProjectEKA.HipService/
export Gateway__clientSecret=${CLIENT_SECRET}
dotnet run --project src/In.ProjectEKA.HipService/In.ProjectEKA.HipService.csproj --environment="local"

health-information-user (HIU)

  1. Clone hiu-service

  2. Do the one time user setup, before proceeding further.

    docker exec -it $(docker ps -aqf "name=^postgres$") /bin/bash
psql -U postgres health_information_user
insert into "user" (username, password, role, verified) values ('admin', '$2a$04$WW.a3wKaiL2/7xWJc4jUmu4/55aJnwBJscZ.o18X.zLZcOdpwQGQa', 'ADMIN', true);
insert into "user" (username, password, role, verified) values ('lakshmi', '$2a$04$WW.a3wKaiL2/7xWJc4jUmu4/55aJnwBJscZ.o18X.zLZcOdpwQGQa', 'DOCTOR', true);

  3. Copy the client-secret http://localhost:9001/auth/admin/master/console/#/realms/central-registry/clients of 10000002 under credentials tab, and use it for CLIENT_SECRET (client under central-registry realm)

  4. Run through command line

    CLIENT_SECRET=${CLIENT_SECRET} ./gradlew bootRunLocal

How to 🏃🏻‍♀️ front-ends

HIU-UI

  1. Run the following command

    Note: This is with an assumption that hiu-service is running on port 8003

    docker pull projecteka/hiu-ui:local # to pull latest `local` image
docker run -d -p 5002:5000 projecteka/hiu-ui:local

  2. Since hiu-service is running on different port, same-origin-policy will prevent you to access the UI by default. In order to avoid, run the following command to get an independent instance of chrome without same-origin-policy

    open -na Google\ Chrome --args --disable-web-security --user-data-dir=$HOME/profile-folder-name

  3. Later versions of Safari allow you to Disable Cross-Origin Restrictions. Just enable the developer menu from Preferences >> Advanced, and select "Disable Cross-Origin Restrictions" from the develop menu. If you want local only, then you only need to enable the developer menu, and select "Disable local file restrictions" from the develop menu.