diff --git a/.docker/.env b/.docker/.env
index 3a05b79650a207a76f93874477a7e642d6407847..0cba4f0b8ca6c65a5dbd711f0648e4d3d84b0f05 100644
--- a/.docker/.env
+++ b/.docker/.env
@@ -1,5 +1,5 @@
# general
-BASE_URL=
+BASE_URL=https://example.com
ADMIN_EMAIL=support@example.com
# password for the identity service admin user
IDENTITY_SERVICE_ADMIN_PASSWORD=admin
@@ -11,7 +11,6 @@ DATA_DB_PASSWORD=dbrepo
AUTH_DB_PASSWORD=dbrepo
SEARCH_DB_PASSWORD=dbrepo
# storage service
-S3_ACCESS_KEY_ID=seaweedfsadmin
S3_SECRET_ACCESS_KEY=seaweedfsadmin
# internal admin user, requires a change of the value of auth_ldap.dn_lookup_bind.password in dist/rabbitmq.conf
SYSTEM_PASSWORD=admin
diff --git a/.docs/images/screenshots/auth-service-ldap-1.png b/.docs/images/screenshots/auth-service-ldap-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..26ca69d3f8f3f3553fe322dd0ce886bb08ca78f8
Binary files /dev/null and b/.docs/images/screenshots/auth-service-ldap-1.png differ
diff --git a/.docs/images/screenshots/auth-service-ldap-2.png b/.docs/images/screenshots/auth-service-ldap-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..f4c26fe2075b79590be6e2b2bc3a61765fb0162e
Binary files /dev/null and b/.docs/images/screenshots/auth-service-ldap-2.png differ
diff --git a/.docs/installation.md b/.docs/installation.md
index 162a515f883cdd1bfdb332ee1abe8d600d518c64..0404133900b41c28679e7a9562b8989783022742 100644
--- a/.docs/installation.md
+++ b/.docs/installation.md
@@ -36,55 +36,95 @@ SSL/TLS certificate is recommended. Follow the [secure install](#secure-install)
## Secure Installation
-1. Execute the install script to download only the environment and save it to `dist`.
-
- ```shell
- curl -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.5/install.sh | DOWNLOAD_ONLY=1 bash
- ```
-
-2. Call the helper script to regenerate the client secret of the `dbrepo-client` and set it as value of the
- `AUTH_SERVICE_CLIENT_SECRET` variable in the `.env` file.
-
- ```bash
- curl -sSL "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.5/.scripts/reg-client-secret.sh" | bash
- ```
-
-3. Finally, update the rest of the default secrets in the `.env` file to secure passwords. You can use `openssl` for
- that, e.g. `openssl rand -hex 16`.
-
- Set `auth_ldap.dn_lookup_bind.password` in `dist/rabbitmq.conf` to the value of `SYSTEM_PASSWORD`.
-
-4. To secure your deployment traffic with SSL/TLS, tell the Gateway Service to use your certificate secret (e.g.
- from Let's Encrypt):
-
- ```yaml title="docker-compose.yml"
- services:
- ...
- dbrepo-gateway-service:
- ...
- volumes:
- - /path/to/cert.crt:/app/cert.crt
- - /path/to/cert.key:/app/cert.key
- ...
- ```
-
- Now redirect all non-HTTPS routes to HTTPS in the Gateway Service:
-
- ```config title="dist/dbrepo.conf"
- server {
- listen 80 default_server;
- server_name _;
- return 301 https://$host$request_uri;
- }
-
- server {
- listen 443 ssl default_server;
- server_name my_hostname;
- ssl_certificate /app/cert.crt;
- ssl_certificate_key /app/cert.key;
- ...
- }
- ```
+Execute the install script to download only the environment and save it to `dist`.
+
+```shell
+curl -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.5/install.sh | DOWNLOAD_ONLY=1 bash
+```
+
+### Static Configuration
+
+Call the helper script to regenerate the client secret of the `dbrepo-client` and set it as value of the
+`AUTH_SERVICE_CLIENT_SECRET` variable in the `.env` file.
+
+```bash
+curl -sSL "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-1.4.5/.scripts/reg-client-secret.sh" | bash
+```
+
+Update the rest of the default secrets in the `.env` file to secure passwords. You can use `openssl` for that, e.g.
+`openssl rand -hex 16`. Set `auth_ldap.dn_lookup_bind.password` in `dist/rabbitmq.conf` to the value of
+`SYSTEM_PASSWORD`.
+
+### Runtime Configuration
+
+The [Auth Service](../api/auth-service) can be configured easily when DBRepo is running. Start DBRepo temporarily:
+
+```shell
+docker compose up -d
+```
+
+Log into the Auth Service with the default credentials `admin` and the value of `AUTH_SERVICE_ADMIN_PASSWORD`
+(c.f. Figure 1) and select the "dbrepo" realm :material-numeric-1-circle-outline:. In the sidebar, select the
+"User federation" :material-numeric-2-circle-outline: and from the provider list, select the "Identity Service" provider
+:material-numeric-3-circle-outline:.
+
+<figure markdown>
+{ .img-border }
+<figcaption>Figure 1: Select the Identity Service provider.</figcaption>
+</figure>
+
+If you plan to change the default admin username (c.f. Figure 2), modify the Bind DN :material-numeric-1-circle-outline:
+but this is optional. Change the Bind credentials to the desired password :material-numeric-2-circle-outline: from
+the variable `IDENTITY_SERVICE_ADMIN_PASSWORD` in `.env`.
+
+<figure markdown>
+{ .img-border }
+<figcaption>Figure 2: Update the Identity Service admin user credentials.</figcaption>
+</figure>
+
+Also, update the JWT key according to the
+[Keycloak documentation](https://www.keycloak.org/docs/24.0.1/server_admin/index.html#rotating-keys). To secure your
+deployment traffic with SSL/TLS, tell the Gateway Service to use your certificate secret (e.g. from Let's Encrypt):
+
+```yaml title="docker-compose.yml"
+services:
+ ...
+ dbrepo-gateway-service:
+ ...
+ volumes:
+ - /path/to/cert.crt:/app/cert.crt
+ - /path/to/cert.key:/app/cert.key
+ ...
+```
+
+Now redirect all non-HTTPS routes to HTTPS in the Gateway Service:
+
+```config title="dist/dbrepo.conf"
+server {
+ listen 80 default_server;
+ server_name _;
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl default_server;
+ server_name my_hostname;
+ ssl_certificate /app/cert.crt;
+ ssl_certificate_key /app/cert.key;
+ ...
+}
+```
+
+### Apply the Configuration
+
+Restart the configured DBRepo system to apply the static and runtime configuration:
+
+```shell
+docker compose down
+docker compose up -d
+```
+
+The secure installation is now finished!
## Troubleshooting
diff --git a/.scripts/reg-client-secret.sh b/.scripts/reg-client-secret.sh
index bf6a9852c082098cd6173ac907e18e1daa8ea533..260e6ed283d185e2d67380464f0f4c793469a5a4 100644
--- a/.scripts/reg-client-secret.sh
+++ b/.scripts/reg-client-secret.sh
@@ -8,13 +8,22 @@ fancy () {
printf "This is a utility script to re-generate the client secret of the %s client.\n" $(fancy dbrepo-client)
fancy "Your credentials are never transmitted outside your machine!\n\n"
+
read -rp "Username: " USERNAME
-read -rp "Password: " PASSWORD
+read -rsp "Password: " PASSWORD
# get admin token
ADMIN_ACCESS_TOKEN=$(curl -fsSL -X POST -d "username=${USERNAME}&password=${PASSWORD}&grant_type=password&client_id=admin-cli" http://localhost/api/auth/realms/master/protocol/openid-connect/token | jq -r .access_token)
-printf "\nSuccessfully obtained admin token."
+if [ -z $ADMIN_ACCESS_TOKEN ]; then
+ printf "\n\nFailed to obtain admin token, credentials may not be correct."
+ exit 1
+fi
+printf "\n\nSuccessfully obtained admin token."
# re-generate client secret
SECRET=$(curl -fsSL -X POST -H "Authorization: Bearer ${ADMIN_ACCESS_TOKEN}" http://localhost/api/auth/admin/realms/dbrepo/clients/6b7ef364-4132-4831-b4e2-b6e9e9dc63ee/client-secret | jq -r .value)
+if [ -z $SECRET ]; then
+ printf "\n\nFailed to re-generate client secret."
+ exit 1
+fi
printf "\nSuccessfully re-generated client secret: %s" $(fancy $SECRET)
diff --git a/dbrepo-analyse-service/app.py b/dbrepo-analyse-service/app.py
index 968e019e3262f2bad5eba69e451c85092fd992c3..d19b721a33a211b44a56a8a727c7ff0badbce7f6 100644
--- a/dbrepo-analyse-service/app.py
+++ b/dbrepo-analyse-service/app.py
@@ -178,7 +178,6 @@ template = {
}
swagger = Swagger(app, config=swagger_config, template=template)
-app.config["GATEWAY_SERVICE_ENDPOINT"] = os.getenv("GATEWAY_SERVICE_ENDPOINT", "http://localhost")
app.config["JWT_ALGORITHM"] = "HS256"
app.config["JWT_PUBKEY"] = '-----BEGIN PUBLIC KEY-----\n' + os.getenv("JWT_PUBKEY",
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB") + '\n-----END PUBLIC KEY-----'
diff --git a/dbrepo-auth-service/dbrepo-realm.json b/dbrepo-auth-service/dbrepo-realm.json
index 04fb056a966ab7e3799b59db42e6c3ae6162aa67..a39f7de1b0ab0611057af4890ee281bb202609ca 100644
--- a/dbrepo-auth-service/dbrepo-realm.json
+++ b/dbrepo-auth-service/dbrepo-realm.json
@@ -2174,7 +2174,7 @@
} ],
"org.keycloak.storage.UserStorageProvider" : [ {
"id" : "c109d473-5ce1-4032-af7b-02e5442f5c07",
- "name" : "openldap",
+ "name" : "Identity Service",
"providerId" : "ldap",
"subComponents" : {
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper" : [ {
diff --git a/dbrepo-data-service/rest-service/src/main/resources/application.yml b/dbrepo-data-service/rest-service/src/main/resources/application.yml
index c07689e9d47e70b39d00c1511e7c0dd996837bc7..6684368fb250cdd4323278d329c5ce1fc2845d67 100644
--- a/dbrepo-data-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-data-service/rest-service/src/main/resources/application.yml
@@ -50,9 +50,9 @@ logging:
org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
dbrepo:
endpoints:
- metadataService: "${METADATA_SERVICE_ENDPOINT:http://gateway-service}"
- storageService: "${S3_ENDPOINT:http://gateway-service/api/storage}"
- authService: "${AUTH_SERVICE_ENDPOINT:http://gateway-service/api/auth}"
+ metadataService: "${METADATA_SERVICE_ENDPOINT:http://metadata-service:8080}"
+ storageService: "${S3_ENDPOINT:http://storage-service:9000}"
+ authService: "${AUTH_SERVICE_ENDPOINT:http://auth-service:8080}"
s3:
accessKeyId: "${S3_ACCESS_KEY_ID:seaweedfsadmin}"
secretAccessKey: "${S3_SECRET_ACCESS_KEY:seaweedfsadmin}"
diff --git a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
index 9b1f6fede17615cc81c4d711d98e9f20c62391e8..13e207a8bdd4101e7e74b592ade00b7787fcce4b 100644
--- a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
@@ -3,7 +3,7 @@ application:
version: '@project.version@'
spring:
datasource:
- url: "jdbc:mariadb://${METADATA_HOST:metadata-db}:3306/${METADATA_DB:dbrepo}${METADATA_JDBC_EXTRA_ARGS}"
+ url: "jdbc:mariadb://${METADATA_HOST:metadata-db}:${METADATA_PORT:3306}/${METADATA_DB:dbrepo}${METADATA_JDBC_EXTRA_ARGS}"
driver-class-name: org.mariadb.jdbc.Driver
username: "${METADATA_USERNAME:root}"
password: "${METADATA_DB_PASSWORD:dbrepo}"
@@ -65,16 +65,16 @@ dbrepo:
username: "${SYSTEM_USERNAME:admin}"
password: "${SYSTEM_PASSWORD:admin}"
endpoints:
- searchService: "${SEARCH_SERVICE_ENDPOINT:http://gateway-service}"
- analyseService: "${ANALYSE_SERVICE_ENDPOINT:http://gateway-service}"
+ analyseService: "${ANALYSE_SERVICE_ENDPOINT:http://analyse-service:8080}"
+ searchService: "${SEARCH_SERVICE_ENDPOINT:http://search-service:8080}"
dataService: "${DATA_SERVICE_ENDPOINT:http://data-service:8080}"
- brokerService: "${BROKER_SERVICE_ENDPOINT:http://gateway-service/admin/broker}"
- authService: "${AUTH_SERVICE_ENDPOINT:http://gateway-service/api/auth}"
- storageService: "${S3_ENDPOINT:http://gateway-service/api/storage}"
+ brokerService: "${BROKER_SERVICE_ENDPOINT:http://broker-service:15672}"
+ authService: "${AUTH_SERVICE_ENDPOINT:http://auth-service:8080}"
+ storageService: "${S3_ENDPOINT:http://storage-service:9000}"
rorService: "${ROR_ENDPOINT:https://api.ror.org}"
crossRefService: "${CROSSREF_ENDPOINT:http://data.crossref.org}"
pid:
- base: "${PID_BASE:http://localhost/pid/}"
+ base: "${BASE_URL:http://localhost}/pid/"
jwt:
public_key: "${JWT_PUBKEY:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
keycloak:
diff --git a/dbrepo-search-service/app.py b/dbrepo-search-service/app.py
index 9b2aba7f0294cb5eebd006ea58d89fa4201a3b79..f8d7856c9b7f7c60cf9769e3ade9f800640f0b9f 100644
--- a/dbrepo-search-service/app.py
+++ b/dbrepo-search-service/app.py
@@ -192,14 +192,14 @@ template = {
}
swagger = Swagger(app, config=swagger_config, template=template)
-app.config["GATEWAY_SERVICE_ENDPOINT"] = os.getenv("GATEWAY_SERVICE_ENDPOINT", "http://localhost")
+app.config["METADATA_SERVICE_ENDPOINT"] = os.getenv("METADATA_SERVICE_ENDPOINT", "http://metadata-service:8080")
app.config["JWT_ALGORITHM"] = "HS256"
app.config["JWT_PUBKEY"] = '-----BEGIN PUBLIC KEY-----\n' + os.getenv("JWT_PUBKEY",
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB") + '\n-----END PUBLIC KEY-----'
-app.config["AUTH_SERVICE_ENDPOINT"] = os.getenv("AUTH_SERVICE_ENDPOINT", "http://localhost/api/auth")
+app.config["AUTH_SERVICE_ENDPOINT"] = os.getenv("AUTH_SERVICE_ENDPOINT", "http://auth-service:8080/api/auth")
app.config["AUTH_SERVICE_CLIENT"] = os.getenv("AUTH_SERVICE_CLIENT", "dbrepo-client")
app.config["AUTH_SERVICE_CLIENT_SECRET"] = os.getenv("AUTH_SERVICE_CLIENT_SECRET", "MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG")
-app.config["OPENSEARCH_HOST"] = os.getenv('OPENSEARCH_HOST', 'localhost')
+app.config["OPENSEARCH_HOST"] = os.getenv('OPENSEARCH_HOST', 'search-db')
app.config["OPENSEARCH_PORT"] = os.getenv('OPENSEARCH_PORT', '9200')
app.config["OPENSEARCH_USERNAME"] = os.getenv('OPENSEARCH_USERNAME', 'admin')
app.config["OPENSEARCH_PASSWORD"] = os.getenv('OPENSEARCH_PASSWORD', 'admin')
diff --git a/dbrepo-search-service/clients/opensearch_client.py b/dbrepo-search-service/clients/opensearch_client.py
index 623da7c2a07ffa220e3555a41cebf25bfea67a02..3f198ac443784286c4c16912d1e2d946f1fd9080 100644
--- a/dbrepo-search-service/clients/opensearch_client.py
+++ b/dbrepo-search-service/clients/opensearch_client.py
@@ -3,7 +3,6 @@ The opensearch_client.py is used by the different API endpoints in routes.py to
"""
from json import dumps, load
import logging
-import re
from dbrepo.api.dto import Database
from flask import current_app
@@ -12,7 +11,7 @@ from collections.abc import MutableMapping
from opensearchpy import OpenSearch, TransportError, RequestError
from omlib.measure import om
-from omlib.constants import SI, OM_IDS
+from omlib.constants import OM_IDS
from omlib.omconstants import OM
from omlib.unit import Unit
diff --git a/dbrepo-search-service/init/app.py b/dbrepo-search-service/init/app.py
index 82617fccb44d93ae2cb741a5b31e89dce26620d8..4c8bde0bf96f04b9f50fb5f7e691ff2f011d41f0 100644
--- a/dbrepo-search-service/init/app.py
+++ b/dbrepo-search-service/init/app.py
@@ -2,6 +2,7 @@ import json
import os
import logging
from typing import List
+from flask import current_app
import opensearchpy.exceptions
from dbrepo.RestClient import RestClient
@@ -40,7 +41,7 @@ class App:
"""
The client to communicate with the OpenSearch database.
"""
- gateway_endpoint: str = None
+ metadata_service_endpoint: str = None
search_host: str = None
search_port: int = None
search_username: str = None
@@ -48,11 +49,11 @@ class App:
search_instance: OpenSearch = None
def __init__(self):
- self.gateway_endpoint = os.getenv("GATEWAY_SERVICE_ENDPOINT", "http://localhost")
- self.search_host = os.getenv("OPENSEARCH_HOST", "localhost")
- self.search_port = int(os.getenv("OPENSEARCH_PORT", "9200"))
- self.search_username = os.getenv("OPENSEARCH_USERNAME", "admin")
- self.search_password = os.getenv("OPENSEARCH_PASSWORD", "admin")
+ self.metadata_service_endpoint = current_app.config["METADATA_SERVICE_ENDPOINT"]
+ self.search_host = current_app.config["OPENSEARCH_HOST"]
+ self.search_port = int(current_app.config["OPENSEARCH_PORT"])
+ self.search_username = current_app.config["OPENSEARCH_USERNAME"]
+ self.search_password = current_app.config["OPENSEARCH_PASSWORD"]
def _instance(self) -> OpenSearch:
"""
@@ -101,7 +102,7 @@ class App:
return True
def fetch_databases(self) -> List[Database]:
- client = RestClient(endpoint=self.gateway_endpoint)
+ client = RestClient(endpoint=self.metadata_service_endpoint)
databases = []
for database in client.get_databases():
databases.append(client.get_database(database_id=database.id))
diff --git a/docker-compose.yml b/docker-compose.yml
index a6ec6f46c71ac022658f74a3ba90cefb520da926..aa869d7bc2ac294917b8c0d4601ef3eef6bb7a54 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -116,19 +116,19 @@ services:
- "${SHARED_VOLUME:-/tmp}:/tmp"
environment:
ADMIN_EMAIL: "${ADMIN_EMAIL:-noreply@localhost}"
- ANALYSE_SERVICE_ENDPOINT: "${ANALYSE_SERVICE_ENDPOINT:-http://gateway-service}"
+ ANALYSE_SERVICE_ENDPOINT: "${ANALYSE_SERVICE_ENDPOINT:-http://analyse-service:8080}"
AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-admin}
AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-admin}
AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT_SECRET:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
- AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://gateway-service/api/auth}
+ AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
BASE_URL: "${BASE_URL:-http://localhost}"
BROKER_EXCHANGE_NAME: ${BROKER_EXCHANGE_NAME:-dbrepo}
BROKER_QUEUE_NAME: ${BROKER_QUEUE_NAME:-dbrepo}
BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"
BROKER_PASSWORD: ${BROKER_PASSWORD:-admin}
BROKER_PORT: ${BROKER_PORT:-5672}
- BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://gateway-service/admin/broker}
+ BROKER_SERVICE_ENDPOINT: ${BROKER_SERVICE_ENDPOINT:-http://broker-service:15672}
BROKER_USERNAME: ${BROKER_USERNAME:-admin}
BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
CROSSREF_ENDPOINT: "${CROSSREF_ENDPOINT:-http://data.crossref.org}"
@@ -138,14 +138,14 @@ services:
JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
LOG_LEVEL: ${LOG_LEVEL:-info}
METADATA_DB: "${METADATA_DB:-dbrepo}"
+ METADATA_DB_PASSWORD: "${METADATA_DB_PASSWORD:-dbrepo}"
METADATA_HOST: "${METADATA_HOST:-metadata-db}"
METADATA_JDBC_EXTRA_ARGS: "${METADATA_JDBC_EXTRA_ARGS:-}"
+ METADATA_PORT: "${METADATA_PORT:-3306}"
METADATA_USERNAME: root
- METADATA_DB_PASSWORD: "${METADATA_DB_PASSWORD:-dbrepo}"
- PID_BASE: ${PID_BASE:-http://localhost/pid/}
REPOSITORY_NAME: "${REPOSITORY_NAME:-Database Repository}"
ROR_ENDPOINT: "${ROR_ENDPOINT:-https://api.ror.org}"
- SEARCH_SERVICE_ENDPOINT: "${SEARCH_SERVICE_ENDPOINT:-http://gateway-service}"
+ SEARCH_SERVICE_ENDPOINT: "${SEARCH_SERVICE_ENDPOINT:-http://search-service:8080}"
S3_ACCESS_KEY_ID: "${S3_ACCESS_KEY_ID:-seaweedfsadmin}"
S3_BUCKET: "${S3_BUCKET:-dbrepo}"
S3_ENDPOINT: "${S3_ENDPOINT:-http://storage-service:9000}"
@@ -184,7 +184,6 @@ services:
AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
- GATEWAY_SERVICE_ENDPOINT: ${GATEWAY_SERVICE_ENDPOINT:-http://gateway-service}
JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
S3_ACCESS_KEY_ID: "${S3_ACCESS_KEY_ID:-seaweedfsadmin}"
S3_BUCKET: "${S3_BUCKET:-dbrepo}"
@@ -269,7 +268,7 @@ services:
AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT_SECRET:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
AUTH_SERVICE_ENDPOINT: ${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}
COLLECTION: ${COLLECTION:-['database','table','column','identifier','unit','concept','user','view']}
- GATEWAY_SERVICE_ENDPOINT: ${GATEWAY_SERVICE_ENDPOINT:-http://gateway-service}
+ METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
OPENSEARCH_HOST: ${OPENSEARCH_HOST:-search-db}
OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
@@ -402,7 +401,7 @@ services:
context: ./dbrepo-search-service/init
network: host
environment:
- GATEWAY_SERVICE_ENDPOINT: ${GATEWAY_SERVICE_ENDPOINT:-http://gateway-service}
+ METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
OPENSEARCH_HOST: ${OPENSEARCH_HOST:-search-db}
OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
OPENSEARCH_USERNAME: ${SEARCH_DB_USERNAME:-admin}
@@ -504,7 +503,7 @@ services:
BROKER_VIRTUALHOST: "${BROKER_VIRTUALHOST:-dbrepo}"
CONNECTION_TIMEOUT: ${CONNECTION_TIMEOUT:-60000}
EXCHANGE_NAME: ${EXCHANGE_NAME:-dbrepo}
- METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://gateway-service}
+ METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
GRANT_DEFAULT_READ: "${GRANT_DEFAULT_READ:-SELECT}"
GRANT_DEFAULT_WRITE: "${GRANT_DEFAULT_WRITE:-SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE}"
JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"