Skip to content

Commit

Permalink
OZ-573: Add support for SSO with necessary configurations
Browse files Browse the repository at this point in the history
  • Loading branch information
corneliouzbett committed Nov 4, 2024
1 parent 5c259e7 commit e8baaf8
Show file tree
Hide file tree
Showing 17 changed files with 411 additions and 12 deletions.
40 changes: 38 additions & 2 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@
SERVER_SCHEME=https
HOST_URL=http://172.17.0.1
TIMEZONE=UTC

GITPOD_ENV=false
ENABLE_SSO=true
#
# OpenMRS
#
Expand All @@ -29,7 +30,7 @@ SPA_CONFIG_URLS=/openmrs/spa/configs/ozone-frontend-config.json
SPA_DEFAULT_LOCALE=en

# OpenMRS frontend and backend Docker image tag
O3_DOCKER_IMAGE_TAG=
O3_DOCKER_IMAGE_TAG=3.1.1

#
# MySQL
Expand Down Expand Up @@ -57,6 +58,8 @@ ODOO_CONFIG_PATH=
ODOO_INITIALIZER_CONFIG_FILE_PATH=
ODOO_DATABASE=odoo

ODOO_SERVER_ENV_CONFIG=

#
# ERPNext
#
Expand All @@ -70,6 +73,21 @@ ERPNEXT_DB_NAME=erpnext
SITE=senaite
SENAITE_ADMIN_USER=admin
SENAITE_ADMIN_PASSWORD=password
SENAITE_DB_NAME=senaite
SENAITE_DB_USER=senaite
SENAITE_DB_PASSWORD=password
SENAITE_DB_HOST=postgresql

#
# Keycloak
#
KEYCLOAK_DB_USER=keycloak
KEYCLOAK_DB_PASSWORD=keycloak
KEYCLOAK_DB=keycloak
KEYCLOAK_DB_SCHEMA=keycloak
KEYCLOAK_USER=admin
KEYCLOAK_PASSWORD=password
KEYCLOAK_INTERNAL_HOST_URL=http://keycloak:8080

#
# Common EIP clients config
Expand Down Expand Up @@ -116,12 +134,14 @@ OPENMRS_PROPERTIES_PATH=
OPENMRS_CORE_PATH=
OPENMRS_MODULES_PATH=
OPENMRS_CONFIG_PATH=
OPENMRS_TOMCAT_CONFIG_PATH=
SPA_PATH=
OZONE_CONFIG_PATH=
OPENMRS_OWAS_PATH=
ODOO_CONFIG_PATH=
ODOO_EXTRA_ADDONS=
SENAITE_CONFIG_PATH=
KEYCLOAK_CONFIG_PATH=
OPENMRS_FRONTEND_BINARY_PATH=
OPENMRS_FRONTEND_CONFIG_PATH=
EIP_OPENMRS_SENAITE_CONFIG_PATH=
Expand Down Expand Up @@ -150,3 +170,19 @@ ODOO_HOSTNAME=erp-172-17-0-1.traefik.me
SENAITE_HOSTNAME=lims-172-17-0-1.traefik.me
ERPNEXT_HOSTNAME=erpnext-172-17-0-1.traefik.me
FHIR_ODOO_HOSTNAME=fhir-erp-172-17-0-1.traefik.me
KEYCLOAK_HOSTNAME=auth-172-17-0-1.traefik.me

#
# Sample SSO Client Secrets used in the demo script
#
SUPERSET_CLIENT_UUID=891b980a-9edb-4c72-a63d-1f8e488d6ad4
SUPERSET_CLIENT_SECRET=znZK8dvk7hLOpwfU

SENAITE_CLIENT_UUID=3b8672bf-b239-46e5-b0b6-8ba71a4bf5ac
SENAITE_CLIENT_SECRET=Vdi1xIgJiUcrF4dx

OPENMRS_CLIENT_UUID=14b6083d-2d3c-4fb1-a75d-0f5af17be198
OPENMRS_CLIENT_SECRET=AYmNV4AEHA0Tlxwa

ODOO_CLIENT_UUID=70a0e2fd-2bb2-4417-9fc6-22cdca1bb5be
ODOO_CLIENT_SECRET=z3epa8rE66tUIZz6
4 changes: 2 additions & 2 deletions docker-compose-common.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,7 @@ services:
- "${SQL_SCRIPTS_PATH}/mysql/create_db.sh:/docker-entrypoint-initdb.d/create_db.sh"

postgresql:
command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10"
image: postgres:13
command: postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10 -c max_connections=200
environment:
POSTGRES_DB: postgres
POSTGRES_USER: ${POSTGRES_USER}
Expand All @@ -50,6 +49,7 @@ services:
interval: 5s
timeout: 5s
retries: 5
image: postgres:13
networks:
- ozone
ports:
Expand Down
70 changes: 70 additions & 0 deletions docker-compose-keycloak.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
services:

keycloak:
image: docker.io/bitnami/keycloak:22.0.5
restart: unless-stopped
volumes:
- ${KEYCLOAK_CONFIG_PATH}/realms:/keycloak-files/realm-config
- ${KEYCLOAK_CONFIG_PATH}/themes/carbon:/opt/bitnami/keycloak/themes/carbon
environment:
KC_HOSTNAME_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
PROXY_ADDRESS_FORWARDING: "true"
KC_HTTP_ENABLED: 'true'
KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
KC_PROXY: reencrypt
KC_HEALTH_ENABLED: 'true'
KC_METRICS_ENABLED: 'true'
KEYCLOAK_DATABASE_VENDOR: postgresql
KEYCLOAK_DATABASE_HOST: postgresql
KEYCLOAK_DATABASE_PORT_NUMBER: 5432
KEYCLOAK_DATABASE_NAME: ${KEYCLOAK_DB}
KEYCLOAK_DATABASE_USER: ${KEYCLOAK_DB_USER}
KEYCLOAK_DATABASE_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
KEYCLOAK_DATABASE_SCHEMA: ${KEYCLOAK_DB_SCHEMA}
KEYCLOAK_CREATE_ADMIN_USER: "true"
KEYCLOAK_ADMIN_USER: ${KEYCLOAK_USER}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
KEYCLOAK_EXTRA_ARGS_PREPENDED: "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true"
KEYCLOAK_EXTRA_ARGS: "
-Dkeycloak.profile.feature.scripts=enabled
-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=dir
-Dkeycloak.migration.dir=/keycloak-files/realm-config
-Dkeycloak.migration.strategy=OVERWRITE_EXISTING"
healthcheck:
test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/health/ready"]
interval: 15s
timeout: 3s
retries: 5
start_period: 30s

depends_on:
postgresql:
condition: service_started
env-substitution:
condition: service_completed_successfully
networks:
ozone:
web:
labels:
traefik.enable: "true"
traefik.http.routers.keycloak.rule: "Host(`${KEYCLOAK_HOSTNAME}`)"
traefik.http.routers.keycloak.entrypoints: "websecure"
traefik.http.services.keycloak.loadbalancer.server.port: 8080

postgresql:
environment:
KEYCLOAK_DB: ${KEYCLOAK_DB}
KEYCLOAK_DB_SCHEMA: ${KEYCLOAK_DB_SCHEMA}
KEYCLOAK_DB_USER: ${KEYCLOAK_DB_USER}
KEYCLOAK_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
volumes:
- "${SQL_SCRIPTS_PATH}/postgresql/keycloak:/docker-entrypoint-initdb.d/db/keycloak"

env-substitution:
environment:
- KEYCLOAK_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
- KEYCLOAK_INTERNAL_HOST_URL=${KEYCLOAK_INTERNAL_HOST_URL}

volumes:
keycloak-realm: ~
10 changes: 10 additions & 0 deletions docker-compose-odoo-sso.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
services:
odoo:
environment:
- ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc

env-substitution:
environment:
- ODOO_PUBLIC_URL=${SERVER_SCHEME}://${ODOO_HOSTNAME}
- ODOO_CLIENT_SECRET=${ODOO_CLIENT_SECRET}
- ODOO_CLIENT_UUID=${ODOO_CLIENT_UUID}
12 changes: 12 additions & 0 deletions docker-compose-openmrs-sso.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
services:
openmrs:
environment:
KEYCLOAK_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
volumes:
- "${OPENMRS_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties"
- "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml"
env-substitution:
environment:
- HOST_URL=${SERVER_SCHEME}://${O3_HOSTNAME}
- KEYCLOAK_AUTH_SERVER_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
- OPENMRS_CLIENT_SECRET=${OPENMRS_CLIENT_SECRET}
2 changes: 1 addition & 1 deletion docker-compose-openmrs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ services:
networks:
- ozone
- web
restart: unless-stopped
restart: on-failure
volumes:
- "openmrs-data:/openmrs/data"
- "${OPENMRS_OWAS_PATH:-openmrs-owas}:/openmrs/distribution/openmrs_owas/"
Expand Down
38 changes: 38 additions & 0 deletions docker-compose-senaite-sso.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
services:
env-substitution:
environment:
- SENAITE_CLIENT_SECRET=${SENAITE_CLIENT_SECRET}
- SENAITE_CLIENT_UUID=${SENAITE_CLIENT_UUID}

senaite:
image: mekomsolutions/senaite-ozonepro
restart: unless-stopped
environment:
- SITE=${SITE}
- PASSWORD=${SENAITE_ADMIN_PASSWORD}
- OAUTH_CONFIG_FILE=/data/oidc/client.json
- RELSTORAGE_ADAPTER_OPTIONS=type postgresql,dsn dbname='${SENAITE_DB_NAME}' user='${SENAITE_DB_USER}' password='${SENAITE_DB_PASSWORD}' host='${SENAITE_DB_HOST}', driver pg8000
- RELSTORAGE_KEEP_HISTORY=false
- RELSTORAGE_BLOB_DIR=/home/senaite/senaitelims/blobstorage
volumes:
- ${SENAITE_CONFIG_PATH}:/data/importdata/senaite
- ${SENAITE_OIDC_CONFIG_PATH}/:/data/oidc
- ${SENAITE_BLOBSTORAGE_PATH:-senaite-blobstorage}:/home/senaite/senaitelims/blobstorage
networks:
ozone:
aliases:
- senaite
web:
depends_on:
env-substitution:
condition: service_completed_successfully
postgresql:
condition: service_healthy

postgresql:
environment:
SENAITE_DB_NAME: ${SENAITE_DB_NAME}
SENAITE_DB_USER: ${SENAITE_DB_USER}
SENAITE_DB_PASSWORD: ${SENAITE_DB_PASSWORD}
volumes:
- "${SQL_SCRIPTS_PATH}/postgresql/senaite:/docker-entrypoint-initdb.d/db/senaite"
Loading

0 comments on commit e8baaf8

Please sign in to comment.