diff --git a/Makefile b/Makefile
index 49bbdd6d3218e798581d6329bde2f6b501211185..76976ea1099f5547784314d4ea48b1afda240e9b 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,6 @@ build-analyse-service:
build-docker:
docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service
docker build ./dbrepo-log-service -t dbrepo-log-service:latest
- docker build ./dbrepo-log-service/dashboard -t dbrepo-log-service-dashboard:latest
docker compose build --parallel
build-frontend:
diff --git a/dbrepo-log-service/dashboard/Dockerfile b/dbrepo-log-service/dashboard/Dockerfile
deleted file mode 100644
index 2d31f2be81b13e441450d240272568dee0287e66..0000000000000000000000000000000000000000
--- a/dbrepo-log-service/dashboard/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM opensearchproject/opensearch-dashboards:2.8.0
-MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
-
-RUN /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin remove securityDashboards
-
-EXPOSE 5601
\ No newline at end of file
diff --git a/dbrepo-log-service/dashboard/README.md b/dbrepo-log-service/dashboard/README.md
index 1ad77b872ac58fca2d9990b3b8bce9dda98d598d..a829276bedb0220817b1a4ee512be1b7438b23b2 100644
--- a/dbrepo-log-service/dashboard/README.md
+++ b/dbrepo-log-service/dashboard/README.md
@@ -2,4 +2,4 @@
## Dashboard
-Visit [http://localhost:5601](http://localhost:5601)
\ No newline at end of file
+Visit [http://localhost:5601/admin/dasboard](http://localhost:5601/admin/dasboard)
\ No newline at end of file
diff --git a/dbrepo-log-service/dashboard/opensearch_dashboards.yml b/dbrepo-log-service/dashboard/opensearch_dashboards.yml
index 08eb760fa67f4fc7f98c583dd0cee27d934b40d1..618147ea32adfd22e0fe2ca86319c57b3d2fd600 100644
--- a/dbrepo-log-service/dashboard/opensearch_dashboards.yml
+++ b/dbrepo-log-service/dashboard/opensearch_dashboards.yml
@@ -1,4 +1,4 @@
-server.basePath: "/admin/log"
+server.basePath: "/admin/dashboard"
server.rewriteBasePath: true
server.name: log-dashboard
server.host: "0.0.0.0"
diff --git a/dbrepo-search-db/Dockerfile b/dbrepo-search-db/Dockerfile
index 2ebe067473b3f2abff67cfe4e5c71317e50ae801..23929421e982c983ce6c6f0f583f242026edabd3 100644
--- a/dbrepo-search-db/Dockerfile
+++ b/dbrepo-search-db/Dockerfile
@@ -1,3 +1,29 @@
FROM opensearchproject/opensearch:2.8.0 as runtime
-RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security
+USER root
+
+RUN yum install -y jq
+
+COPY ./limits.conf /etc/security/limits.conf
+
+WORKDIR /usr/share/opensearch
+
+RUN chmod 0700 ./config
+COPY --chown=opensearch:opensearch ./opensearch.yml ./config/opensearch.yml
+COPY --chown=opensearch:opensearch ./config.yml ./config/opensearch-security/config.yml
+COPY --chown=opensearch:opensearch ./internal_users.yml ./config/opensearch-security/internal_users.yml
+RUN chmod 0600 ./config/opensearch-security/internal_users.yml
+
+COPY --chown=opensearch:opensearch ./pem/admin.pem ./config/admin.pem
+COPY --chown=opensearch:opensearch ./pem/admin-key.pem ./config/admin-key.pem
+RUN chmod 0600 ./config/admin*.pem
+COPY --chown=opensearch:opensearch ./pem/node1.pem ./config/node1.pem
+COPY --chown=opensearch:opensearch ./pem/node1-key.pem ./config/node1-key.pem
+RUN chmod 0600 ./config/node1*.pem
+COPY --chown=opensearch:opensearch ./pem/root-ca.pem ./config/root-ca.pem
+COPY --chown=opensearch:opensearch ./pem/root-ca-key.pem ./config/root-ca-key.pem
+RUN chmod 0600 ./config/root-ca*.pem
+
+USER opensearch
+
+ENV DISABLE_INSTALL_DEMO_CONFIG=true
diff --git a/dbrepo-search-db/config.yml b/dbrepo-search-db/config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..44c8e845cf181fbf577d05ea4bcf5cda398a34d3
--- /dev/null
+++ b/dbrepo-search-db/config.yml
@@ -0,0 +1,57 @@
+---
+
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ # Either enables or disables anonymous authentication. When true, HTTP authenticators try to find user credentials in
+ # the HTTP request. If credentials are found, the user is authenticated. If none are found, the user is authenticated
+ # as an “anonymous” user. This user then has the username “anonymous” and one role named “anonymous_backendrole”.
+ # When you enable anonymous authentication, all defined HTTP authenticators are non-challenging. Also see The
+ # challenge setting.
+ anonymous_auth_enabled: true
+ xff:
+ enabled: false
+ authc:
+ basic_internal_auth_domain:
+ description: "Authenticate via HTTP Basic against internal users database"
+ http_enabled: true
+ transport_enabled: true
+ order: 0
+ http_authenticator:
+ type: basic
+ challenge: true
+ authentication_backend:
+ type: intern
+ jwt_auth_domain:
+ description: "Authenticate via Json Web Token"
+ # Enables or disables authentication on the REST layer. Default is true (enabled).
+ http_enabled: true
+ # Enables or disables authentication on the transport layer. Default is true (enabled).
+ transport_enabled: true
+ # Determines the order in which an authentication domain is queried with an authentication request when multiple
+ # backends are configured in combination. Once authentication succeeds, any remaining domains do not need to be
+ # queried. Its value is an integer.
+ order: 1
+ http_authenticator:
+ # https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/#configure-openid-connect-integration
+ type: openid
+ challenge: false
+ config:
+ # The HTTP header that stores the token. Typically the Authorization header with the
+ # Bearer schema: Authorization: Bearer <token>. Optional. Default is Authorization.
+ jwt_header: Authorization
+ # The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is
+ # used. Most IdP providers use the preferred_username claim. Optional.
+ subject_key: client_id
+ # The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated
+ # list of roles. Required only if you want to use roles in the JWT.
+ roles_key: roles
+ jwks_uri: https://test.dbrepo.tuwien.ac.at/api/auth/realms/dbrepo/protocol/openid-connect/certs
+ authentication_backend:
+ # No further authentication against any backend system is performed. Use noop if the HTTP authenticator has
+ # already authenticated the user completely, as in the case of JWT or client certificate authentication.
+ type: noop
diff --git a/dbrepo-search-db/generate-pki.sh b/dbrepo-search-db/generate-pki.sh
new file mode 100644
index 0000000000000000000000000000000000000000..6aff5a819eda145fbdc88995b713b90fbe23af00
--- /dev/null
+++ b/dbrepo-search-db/generate-pki.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Generate the private key of the root CA
+openssl genrsa -out ./pem/root-ca-key.pem 4096
+# Generate the self-signed root CA certificate
+openssl req -x509 -sha256 -new -nodes -key ./pem/root-ca-key.pem -days 3650 -out ./pem/root-ca.pem -subj "/C=AT/O=Technische Universität Wien/CN=test.dbrepo.tuwien.ac.at"
+
+# Create the certificate key
+openssl genrsa -out ./pem/admin-key.pem 4096
+# Create the signing (csr)
+openssl req -new -sha256 -key ./pem/admin-key.pem -subj "/C=AT/O=Technische Universität Wien/CN=test.dbrepo.tuwien.ac.at" -out ./pem/admin.csr
+# Generate the certificate using the csr and key along with the CA Root key
+openssl x509 -req -in ./pem/admin.csr -CA ./pem/root-ca.pem -CAkey ./pem/root-ca-key.pem -CAcreateserial -out ./pem/admin.pem -days 365 -sha256
+
+# Create the certificate key
+openssl genrsa -out ./pem/node1-key.pem 4096
+# Create the signing (csr)
+openssl req -new -sha256 -key ./pem/node1-key.pem -subj "/C=AT/O=Technische Universität Wien/CN=test.dbrepo.tuwien.ac.at" -out ./pem/node1.csr
+# Generate the certificate using the csr and key along with the CA Root key
+openssl x509 -req -in ./pem/node1.csr -CA ./pem/root-ca.pem -CAkey ./pem/root-ca-key.pem -CAcreateserial -out ./pem/node1.pem -days 365 -sha256
\ No newline at end of file
diff --git a/dbrepo-search-db/internal_users.yml b/dbrepo-search-db/internal_users.yml
new file mode 100644
index 0000000000000000000000000000000000000000..db93ae09edbe45261b686b2ce384625df024d4aa
--- /dev/null
+++ b/dbrepo-search-db/internal_users.yml
@@ -0,0 +1,14 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+ type: "internalusers"
+ config_version: 2
+
+admin:
+ hash: "$2y$12$d1Gx2n13.EJMLPIB6jQwDeE4p4E6SPvUUH6aKICV1vYOuJIY5Xebq" # admin
+ reserved: true
+ backend_roles:
+ - "admin"
+ description: "Default admin user"
\ No newline at end of file
diff --git a/dbrepo-search-db/opensearch.yml b/dbrepo-search-db/opensearch.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f0333feb0ff7906be6c08a70b3f333df14427053
--- /dev/null
+++ b/dbrepo-search-db/opensearch.yml
@@ -0,0 +1,23 @@
+---
+cluster.name: search-db
+
+# Bind to all interfaces because we don't know what IP address Docker will assign to us.
+network.host: 0.0.0.0
+
+# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
+discovery.type: single-node
+
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/opensearch/config/node1.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/opensearch/config/node1-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/opensearch/config/root-ca.pem
+plugins.security.ssl.http.pemcert_filepath: /usr/share/opensearch/config/node1.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/opensearch/config/node1-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: r/usr/share/opensearch/config/root-ca.pem
+plugins.security.allow_default_init_securityindex: true
+plugins.security.audit.type: internal_opensearch
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+opendistro_security.audit.config.disabled_rest_categories: NONE
+opendistro_security.audit.config.disabled_transport_categories: NONE
diff --git a/dbrepo-search-db/pem/admin-key.pem b/dbrepo-search-db/pem/admin-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..8315244358bf43d093295b290326e5510be22e2c
--- /dev/null
+++ b/dbrepo-search-db/pem/admin-key.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAulg+zSSPHujMckFPkrgJDvlRMLNbWf5R7z6Yr0mGMir5IXs8
+ELP3GOTTPJNAtCqZVkeuLAuiv1rsRtMO5tXRiGcgkJrPjP1/F70d4NCx1F7AWMyM
+uDimF5Ke4jp+lQN+iZtzBAfb/QR2toYec0/LpJGtFAnlzdFo/GL8Al0I00S8blG3
+uiCfn9no5C35TWEFBL5yQNptQL3qjcxhL/ahacMdOuqq4WXyRPbQjyqKccALlOIv
+T62OXzutLAkamr6/97qiONkY6D+OFUpXgS97moWQh9X1pFitcc1zsAXH1Ctvul/8
+wcIaOnSGo1T+E2nSSlWGHDYmCBrjbormgfcm/0CncU3BvWvM/FgTCMatOj40fmay
+ezAz+1/haKHLg4cJsLH0US7AZslnqpDJOKvf6vhiQ74hhlYVvJiIyjGuogxFWO/v
+Cv7j2DezpVvryWuzVL6yha+fl4um9Rzhzo74a2z/Qs3C9tktaO29hE64KTg7cbrQ
+zKboihazxB/BsfKV1ANkYXe6SG+dF/He5VLNpJmOiRnSI7+vGcDInJkKsQcurg95
+IZRn9PiodP06tWDjGKgkN7MsApPW9e8rpGwUgoR4EaCrstk7h8kohi/d9XhPXCra
+NgCRhCIxjt4jPCx14tTuaYn2QwqY0RPa29UyBlSj3mHtVfcViHjssqVzZXUCAwEA
+AQKCAgEAgea+cNeJheyXiRaKWCc++VdICAEgL44go/0pBxjkGdjnLzXvW115Zbsu
+nk2wj2ga2JDDlCTQYUEK8Rx0iOqJVOM/Sk8BXLHihTPqviv9q6QZxk1h05J6BnjJ
+lb9dOpfjAB6DgU3RR4JzFy5Lz+rSdXiwBQYZUu8mlrqSHzunyU9jZCxHPdM8M3z+
+4wJBhnWZwALbNuaNvtIlzo+pOHxfbZD8sXOhh9s/ll/QZ90qAb301OcQQCUm2LCL
+OeVmzHUo8ZMDP0noGQ8lByZ59a6aJc/yPx8iTF0dG/YzLYP6F6foDS6YzqF3E0Tk
+DrxTGklstTEFemks/f1wikD+C5+1aI6bKzLZgqIW06xGORgMMVqiIKCIqH1amcdP
+h///iikUa+pkGlyjXdQAIeReBBcxFxS2oeISnIXRGcS4SI7IHR1LIUnzX1cL/ukN
+qterE2Jfk9kUrsJiH8adBW5ISdcjUBNgfZQNj5toCPJ0KzYJpZxlBQ5NcWfYWc7e
+K/wwGJGw7qsfzKKHF/3Oe+Vr2f+Gb5WlHb46xtW3/1QBDZ2qifGeaAEeYonQgp3r
+mTPMoN1VUi8vlXqsurxIGhohZ4IzfyRDdKWNlW1T1KzdHQZBiOBil8xzWtPGJVMR
+Py+rKprbAvLc4LeCgNFtOFs/ddi9eVhtVsAsDA+gHcyfTgvYWkECggEBAN9ug0DF
+9dSuD97Ri6XJY00MmnFhxfcvT1eP6vd6S1eJ5S/85XsvV6klQq8kudAz8Wd+w55q
+wubT/67pZXaJjjZ4pTupUwI2aWdKwz/py3qkqvzQNTmmkat374+keY5uaLCTte04
+BEpYZNsIaAUqIAGan3bhCDH8dMrBlIpCSXIlAPdtEqP3DdPb5TAHy4PPLTs42XUb
+NBFcqNnUs38UPO9xnE5diMZlEiphZ3HT5cMIvE2LPLg2gdGlh+/3tgkHp8UG+aeK
+YhncKVQkDp0zVV9PBDjJOyrkoNPPVw3aGvFqvK1HVwwYj4C46RIkNK/T6/qdF2Z9
+68tAc8Ei68OOkUkCggEBANWBz0bAVGs8yqI9evENNTANUq3XaNYQ7REbwesNFJa+
+1BCyqXVs+zneEhnKMW8PCupYElkXNPsZWbiUrwbsH9ow/VPjlWOMtXfLEVmw8t9M
+06UrPRyXrbqiz71rdYcgv5SIDi3/q2wPGXbhR2Y0xlSGV6pSAk/RQXeysZ2zYbkE
+IFc076rTQH+LTkgt3j9I+Ze11XWTR/Go60go2q9twOSZbvQv08wCtEiLQ2LSfqWP
+8wz6ynEOds/2Mumh3K6ipmmr+ENaNSDpH+Vm2ndoecgXGpIPrxHIrMnyuAQMa5mI
+B20aXD4JIzdQHH9SY7lTSar7Rblgh9Z6tiCT+teuns0CggEBAJ5uV6WreYiIsHo4
+LgSty7sLz8vMH7sKEgGt7Ff1oMz+28PuWK7DwC4RXLqimRuYaXoQuhdv7qoM84WM
+vESUf4IChG/Mvi6YdJ8otVBxsLZTY2eHH+a0RSDIF9fMMeGcSqHC68K88NXi3gku
+acwXtcBNavu5z7zaHdrT70cmf7vvn0LTVd9sRKLQjzBCpr3dP156DkBqvL3+7UAh
+AfJ/YEINVl9/FYhQjNP+Y4KkVYy5egSmUbTx+ZW2AbFX/f1jL0SXkJmLl8psgeXG
+95Hin4vIlN7LWigtHBl1MW6CFI7RN97K8l+CXudQtvwFLlLrO65mi/xCF9v05N+z
+qmfthPkCggEAW8/EaHJQWwT7RiUV9w5s7srr4OGerV798rty+jbXwbMx0jRh9qL0
+rX+3XOu7sjxPv1I8IZ9/IvNVx6/4TAvB7rveU/KrzPE3H9ptDZqv9iI9aOtdDiyT
+gox8tMG++mq0t5SCNHmbJ46erqZVY7gSCUrz68P0Rop/ko9/HYeD4GHL3nRfE6Bg
+PfiToypGRgSFgB2rOzIoX9z5wEABOisCJcttEQh4FWScTg3E3nwSBfQO2mgGIfPM
+V8VRQ3JdSaOb2BkhWyUxb4OQOb+u9mYw6EA3JtQjvowC8Zy0UNlec9kxCFOrkumv
+ARwsBPxS8eDE7we6herivvJp2zyHQ7RNiQKCAQBAKO30L8525FFe6YpH3tBXwKaK
+ifU7flyT5dXso38F7HU255dfm79RZFln6Qjkz6z97eY4F01q4lEfsX7Gn/Bzsxkq
+9EAppkhfcsAHgKOgb5ZuL4Cd/IkcK8oBV6TJR9B0Md47heaTkS5mqFEltvGRZTTj
+N3bIuzbgy4cd9lnfSs8PiJMTayXwDQm3PocF2qxVMFvF11PBXmc8mf/3AnsO9Sfe
+HEJD8ttwkZvN5PwNjODzFFI1FNM/J6/i1O28N+at9rAaFRoMyR0don015eFVdKeL
+xkorQZrbKGucQaBI7azK9pqw7QX1Wt4GTayh7U3NPQKQqV/tAJfH3r0XXDus
+-----END RSA PRIVATE KEY-----
diff --git a/dbrepo-search-db/pem/admin.csr b/dbrepo-search-db/pem/admin.csr
new file mode 100644
index 0000000000000000000000000000000000000000..90ea981b44b79649a8c8ded9f814441dda0ad38c
--- /dev/null
+++ b/dbrepo-search-db/pem/admin.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEnjCCAoYCAQAwWTELMAkGA1UEBhMCQVQxJzAlBgNVBAoMHlRlY2huaXNjaGUg
+VW5pdmVyc2l0w4PCpHQgV2llbjEhMB8GA1UEAwwYdGVzdC5kYnJlcG8udHV3aWVu
+LmFjLmF0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAulg+zSSPHujM
+ckFPkrgJDvlRMLNbWf5R7z6Yr0mGMir5IXs8ELP3GOTTPJNAtCqZVkeuLAuiv1rs
+RtMO5tXRiGcgkJrPjP1/F70d4NCx1F7AWMyMuDimF5Ke4jp+lQN+iZtzBAfb/QR2
+toYec0/LpJGtFAnlzdFo/GL8Al0I00S8blG3uiCfn9no5C35TWEFBL5yQNptQL3q
+jcxhL/ahacMdOuqq4WXyRPbQjyqKccALlOIvT62OXzutLAkamr6/97qiONkY6D+O
+FUpXgS97moWQh9X1pFitcc1zsAXH1Ctvul/8wcIaOnSGo1T+E2nSSlWGHDYmCBrj
+bormgfcm/0CncU3BvWvM/FgTCMatOj40fmayezAz+1/haKHLg4cJsLH0US7AZsln
+qpDJOKvf6vhiQ74hhlYVvJiIyjGuogxFWO/vCv7j2DezpVvryWuzVL6yha+fl4um
+9Rzhzo74a2z/Qs3C9tktaO29hE64KTg7cbrQzKboihazxB/BsfKV1ANkYXe6SG+d
+F/He5VLNpJmOiRnSI7+vGcDInJkKsQcurg95IZRn9PiodP06tWDjGKgkN7MsApPW
+9e8rpGwUgoR4EaCrstk7h8kohi/d9XhPXCraNgCRhCIxjt4jPCx14tTuaYn2QwqY
+0RPa29UyBlSj3mHtVfcViHjssqVzZXUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IC
+AQCXqmcRcAZC5dVSFtHulZJ8I26lxhXZZBBAjuMrFR2waFYsESGh70TAncXuIhNC
+8eG56HQplky7EDgAVssps9RZ+EevpdmUNANdFgA02fsDwl8Nc6WVMOFu786Bf7bd
+rnEF1oCFQN/sgle/Dp+gXw2nzTsvq0iuV3JoGJs6F7eoy6YDG7ipKizbKXR75/Ym
+cahY8GDU128JTYXMSqyY3DA8mr52WEWPugGCCvOOfoANnc26EqK6Wi/g/rV4zgnP
+ewbNw1C6zOlTyZE64aMkxF5ufoBF967kpEKNQvuCB4bIH/RLtXbN9YRjNpNyLWpm
+q5JerlHvn+8sLACXUqoGVROaxOkTLVZ6BEyRG1cUO8VR8sHilUSiUrOk0SvgdytC
+mekoKMkojAUA+sYDP8AyAHQAx37SPlwMdvPYpr6bpdLWbamy6b9Lv4D0YW3Fapac
+PY8K7EEgsZ3t2usSYjp5JDqKlW+wyHpsgMQvnB+DEDyObjX3rJEO2zx0wkwvhkbN
+hsW/Xs7uR+F6wPxH+4LOSgaKLnyidcLBzn4rBuwfUBzfNhO7mKN6OQRWOn17Qt3C
+tHd/U6c1Oo4iFnH878zM2C6lBmZOJX9O/e9kFoe+fLOu+t+ujLNnHmY+4srBNLD3
+o9knVuzkz6kirDqzrOwCBbAc6hAyJyLJ3UTjY2TyDZ5u5g==
+-----END CERTIFICATE REQUEST-----
diff --git a/dbrepo-search-db/pem/admin.pem b/dbrepo-search-db/pem/admin.pem
new file mode 100644
index 0000000000000000000000000000000000000000..5a953916364f1add5a0af107e20697779b7b2def
--- /dev/null
+++ b/dbrepo-search-db/pem/admin.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFOTCCAyECFChEG9Tfkni/pHf2PVR/jkSuImSYMA0GCSqGSIb3DQEBCwUAMFkx
+CzAJBgNVBAYTAkFUMScwJQYDVQQKDB5UZWNobmlzY2hlIFVuaXZlcnNpdMODwqR0
+IFdpZW4xITAfBgNVBAMMGHRlc3QuZGJyZXBvLnR1d2llbi5hYy5hdDAeFw0yMzA5
+MjYxMTA5MjRaFw0yNDA5MjUxMTA5MjRaMFkxCzAJBgNVBAYTAkFUMScwJQYDVQQK
+DB5UZWNobmlzY2hlIFVuaXZlcnNpdMODwqR0IFdpZW4xITAfBgNVBAMMGHRlc3Qu
+ZGJyZXBvLnR1d2llbi5hYy5hdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALpYPs0kjx7ozHJBT5K4CQ75UTCzW1n+Ue8+mK9JhjIq+SF7PBCz9xjk0zyT
+QLQqmVZHriwLor9a7EbTDubV0YhnIJCaz4z9fxe9HeDQsdRewFjMjLg4pheSnuI6
+fpUDfombcwQH2/0EdraGHnNPy6SRrRQJ5c3RaPxi/AJdCNNEvG5Rt7ogn5/Z6OQt
++U1hBQS+ckDabUC96o3MYS/2oWnDHTrqquFl8kT20I8qinHAC5TiL0+tjl87rSwJ
+Gpq+v/e6ojjZGOg/jhVKV4Eve5qFkIfV9aRYrXHNc7AFx9Qrb7pf/MHCGjp0hqNU
+/hNp0kpVhhw2Jgga426K5oH3Jv9Ap3FNwb1rzPxYEwjGrTo+NH5msnswM/tf4Wih
+y4OHCbCx9FEuwGbJZ6qQyTir3+r4YkO+IYZWFbyYiMoxrqIMRVjv7wr+49g3s6Vb
+68lrs1S+soWvn5eLpvUc4c6O+Gts/0LNwvbZLWjtvYROuCk4O3G60Mym6IoWs8Qf
+wbHyldQDZGF3ukhvnRfx3uVSzaSZjokZ0iO/rxnAyJyZCrEHLq4PeSGUZ/T4qHT9
+OrVg4xioJDezLAKT1vXvK6RsFIKEeBGgq7LZO4fJKIYv3fV4T1wq2jYAkYQiMY7e
+IzwsdeLU7mmJ9kMKmNET2tvVMgZUo95h7VX3FYh47LKlc2V1AgMBAAEwDQYJKoZI
+hvcNAQELBQADggIBAJ2spSG1fPRr6WeRVvJCdGLfoN+/ROaN0tF+tNzcSW3SSQy/
+lJ6iALTaAd8Jfa5Y+KB3vrwXXLOZWmUJTpWiIYcBeZym0ZruQmIj07Z0sO3JZZMF
+RNKUAyTmt2AA8qPXkKgmcUOylZY1BbJybKf7iAz3dAfNRkad5TreUhMfFVlUD9DZ
+p6KkZ/e1u/HgrUgQMmgcBwRZX66DWMrq9OFh2umODqYkmV6nIH5cVrqWkjS8CBmp
+tSe7s4+UG7gvAgDqgePL38bdM8yzR8v7E7UWLuCb4TjZwXdswuOieLgfE0d1l6IW
+XmWysf5PzaXdVWgqryR9KU4nU1JPexEm2uSa//lHNYYvTt4t7Sr4Fkmem9tuzp13
+MRSCYlZYEwRxqSH1T1e0oSheiqRaPvxTd6eumjprfFLhiLQB3B+2+HULT9vLp/i+
+mE37hZMZAITKlGqsjgGk3VF51TlJXyTKeKpgKdpleKwbulLVKPj/cos+Lw6LlIvu
+hKVmCzUOx/G9ZbWZbH3SzGKWeTykc+IxmGnANFsbrVocSHnTdS6kZGi6pKFpSaoS
+9CV8nItjcQyFbArqpHK5EEyTUzgFF8dHDE/29HJmZOzzjyMzrPvDCx5d+PqsBc8k
+JlWD5hNaAymNFnAdKAyEcXtYZ4ARTWhpMRd/kTMxsMvC2tQPaiuePaZu5D+F
+-----END CERTIFICATE-----
diff --git a/dbrepo-search-db/pem/node1-key.pem b/dbrepo-search-db/pem/node1-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..33e9ad7bb148d9b5222b42dbf88cefc27ff2dd1f
--- /dev/null
+++ b/dbrepo-search-db/pem/node1-key.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAlo1nI4G1xaD1qHaXNvB+R9aH9B55H1qTLSsPMViFKCx5Lwhk
+C0I4iP8p8GSw4cPYOCSFvIhy/qmMQejNxp5xUZx1WsblJulsCP8H37p7BtawiZI7
+/MV+MfnEoDUyD5xThnr4yYanBN5vP0sW5zn5LjBfgIBChtak6rG2ANCBLqA/gGmh
+RI12AEoyhFAjW4HdLHFn1/n9gVeyU88yovT6T2gdT5s8vgaTvzm5owca/ngFkXvU
+GDro8ae/ek72afxogP+nrE72TRxDbTxIt4vxmqN1GC2XlMpb3GEJGhelNstNI8Bl
+p5bc1gMGDcXXwWR/kekApGbw7X/yLp1zxoD/9qddjpBJ6g/cf3O+nH+ftf3ryBE1
+D4xalVbmTRLrRhlncbbddBkI0MQfKDYTchs0VO4IFboyvwOhp7rHkR1NQei3RJA5
+CPWc/v3w7XJwiC9Ll1nX4zd9HnxSbNap8Uq+2XAEBTVjzIPjuSSZwumXeU/KUZmb
+f5/P11vRy3camBaRWRMHp9zUR/X+fDCMtci2C7ZtbNmDKD9ByUEN0Glc97wcNfC+
+0AZrB6CiUqhp35K2yG26CNfV51wgNcTkvSqbWswaleOU//0PoPTgKgM3DJ5k3/Xp
+uVu3aiAH7da1Ewdgj3ZihSuVWbS/4jpQxn40SwVgjQAZSnEUg5ZOboroDi0CAwEA
+AQKCAgBva/F0NtBHlmuZJUOelnhvRFfUFSWBTfB00lRpKeFKrTd21pfsOTNMOMRa
+NLswK1h/nJAZy0aIMQUr1ldM8wBc7RVxfJglp0WcltrF+uaIViXLex3IYoWWCQs7
+ooMNSJ4MfkBYLb64fMMKrdEiiiZfx882dDZIQt1FEQbpLWceEd1NdV+0M5msdz1R
+7VltpPwCo1++WTcEHdpN6p/IONR0JlLjErnuzUFVmixIer7ArCU62dFLqXWzO3ob
+1ArMv9C7//mhLcNdqFhCpQYQSZMi5myH214+8VDxFiO9WticZ/QMTJ0vXhjMjupR
+ESYv6+f6Hd6qzcDrlPCxDTidJeXJDNL4cl453zyIdU+8Vl67Rnki+G3wa+t1dV4n
+KdoyrqNOan+jHVz+ZtOvTnv0V8d5gyi+DbxsAuwWQUO37UXgPlAdGb3j6bBdJRiG
+8qnASJiq98YylKCFqiksxIRsrAhceudM7cTcD7GoJfYdzdoowA0P/6fESes28uzm
+P2sEnXhlLqTy+jfBw9ayVOX7aTfnk94LfwMV6ANgfDg6Y6vPCy6GbH0CsjvaQBxq
+i8X5BBthTz5bjjzlQmrghHlB766DdMw6YCcmp0stp0KGqPowqBTn0Bka6PrdUQ/R
+yivcQNr73forYm4WLE2ykHl5OBgA0lRii4vbYR2i02JQwtbzZQKCAQEAxn4pZiBA
+pRhSa2cTfAPykM2nugU9xnun9pKucf4C7Ndl7zYUQpbP48GVC2BLRDty1l055hQi
+R/pd2QtYoGcoSOHJO8f8TV8YbyiklTH+dcJ9fTA9SG5trzLWd2geKrxsaTYz3svH
+5A4i75LWkg9NOqKEwC1Vr4s5I/8qTVtaasK0ELfZZZwRpfbChs9QQP0lUtXc91d0
+PzBnHuzo01LmWlgvsJ4nkP00gRaI+DwzlrMyFt/Ck7SmjRmM2v32SIFqgdle/2w/
+Eaod1H1+anHuBsdR71MIu8HOa3TMp4tKe0VY3gnoZiVH4waNjpfg2j73+nTLTt9i
+hTvW3qLXPxAy1wKCAQEAwiuWWUwWzTnITr6V0BAafHVu3TDm9waS4q4XvPY2CxAo
+wd0QgPIvzz+Zqx43pB6RFP14HnE0P1hNUjnU0rBZ65UM/P11Dwj+nNAmDf5joEqA
+LJGNcH6/L4BW15b8EHMemrNdeuBGbYaTV9r2uq9hJDmnzeuR6Xj6C1yLHBzMihSg
+sllXMoL8a4wfovjEeF9CUqbNlVHSSlKre/DfFBUwsPGSELZ5SafLxA78SaECIGtz
+iF4WwsIDjOA1sqWjfTWjEM4cQES7wVjvWZ6PemKcxcTQM5r3EJ1fue5jL5vBOmlr
+UUcAw/koZt78IDE0t9WLvMiyAvsM44HMeE6N9A4qmwKCAQASfL2uXWKn/dPvXPJb
+oqJ9CiqNEN/oFKxYMuE8jMQI+ybrWMYaTaGfPPB81sMr372aaaRy4X0v5wnGpV/j
+0LfX0e/EOaQuMKU99TMfEkD5BtxZRJzwmhhtMPb4uCHXKSWPxxSds60yeH6Ygbyq
+bfJre6eRnqdUakswJxvxiIirWOcch4MgC6E5K/qCQ9zdsLZBONoTz3lsST3Ri49D
+33zE/WGzuYdF4c96Fnc7Z6AGcTpBFyYwS6sXiUGtQ+okZqlc3roSYCqfopCUsfuM
+PoBE8VuYRsuRcUOgjohhMoAFazgTtiiHGwHPC1Uz6sFukl7WXPpypiuu7RveMJyL
+qx6RAoIBAEsEXAoUA5s2f9UsfOTt083R8Qs0IYe+2nEJodI3rZmInLaJmh63cxE3
+GT+rZQPba2IYq5fXVMBEdVsXTMo5qAQEiggURG2SpAwhvxIY/pSnM+4ELgkQbv0D
+MIoKo0gXsfNC6RLYI12daL/AsSJfL8C3JcXBBZaWTsSk9HngBoYyggNl0PKK+Mr0
+UCS+x+lZpF4aY8MU4ZIlbmtsHEO+DBnQuwYJ+cIjOe59e6tWsWOlH/XHpDOKkaST
+2ysyI3/0gRO1DeUmqQOCQLb3M6etAbTG3UmSzXF1284R8/Ao1PakU/oK3JjaYmmc
+LPyjBiMgNeSyBVRxegFL3Jt+fgmUj5ECggEALLbwb8S0o67ZUBQrf/q7om1SXQnD
+FMO2Oxxv2/BysX0m5oAcCLztxrANko8o+RzAdxtjmRq8yOSaWAM8KSdI8iaJ/QJ7
+exHBeopoTVSbMUiDqL1CZDvndJwTxqQsXRP0PKgAxJrDl5p8hJnkMq6PFS90o6kL
+fNhfj14W5j8yududzHdEgHOMIkiOOl62YGoHdA6R/PIp3r/6uVnoMuAp46q3lM9n
+ikfMdbL6PQWKzV/5yEeFS11RgoWDwRr/bU2KWTUi2IV4Y3T7cZFNInY2BTc40cJ+
+vj61WkkZ7/M56+f/K/MgyzcZzoYz6NlsFgEqoeODIXw1g4YfYFpaJzC++A==
+-----END RSA PRIVATE KEY-----
diff --git a/dbrepo-search-db/pem/node1.csr b/dbrepo-search-db/pem/node1.csr
new file mode 100644
index 0000000000000000000000000000000000000000..44ba9b3d4571f26032395e523765043285fa92ce
--- /dev/null
+++ b/dbrepo-search-db/pem/node1.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEnjCCAoYCAQAwWTELMAkGA1UEBhMCQVQxJzAlBgNVBAoMHlRlY2huaXNjaGUg
+VW5pdmVyc2l0w4PCpHQgV2llbjEhMB8GA1UEAwwYdGVzdC5kYnJlcG8udHV3aWVu
+LmFjLmF0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlo1nI4G1xaD1
+qHaXNvB+R9aH9B55H1qTLSsPMViFKCx5LwhkC0I4iP8p8GSw4cPYOCSFvIhy/qmM
+QejNxp5xUZx1WsblJulsCP8H37p7BtawiZI7/MV+MfnEoDUyD5xThnr4yYanBN5v
+P0sW5zn5LjBfgIBChtak6rG2ANCBLqA/gGmhRI12AEoyhFAjW4HdLHFn1/n9gVey
+U88yovT6T2gdT5s8vgaTvzm5owca/ngFkXvUGDro8ae/ek72afxogP+nrE72TRxD
+bTxIt4vxmqN1GC2XlMpb3GEJGhelNstNI8Blp5bc1gMGDcXXwWR/kekApGbw7X/y
+Lp1zxoD/9qddjpBJ6g/cf3O+nH+ftf3ryBE1D4xalVbmTRLrRhlncbbddBkI0MQf
+KDYTchs0VO4IFboyvwOhp7rHkR1NQei3RJA5CPWc/v3w7XJwiC9Ll1nX4zd9HnxS
+bNap8Uq+2XAEBTVjzIPjuSSZwumXeU/KUZmbf5/P11vRy3camBaRWRMHp9zUR/X+
+fDCMtci2C7ZtbNmDKD9ByUEN0Glc97wcNfC+0AZrB6CiUqhp35K2yG26CNfV51wg
+NcTkvSqbWswaleOU//0PoPTgKgM3DJ5k3/XpuVu3aiAH7da1Ewdgj3ZihSuVWbS/
+4jpQxn40SwVgjQAZSnEUg5ZOboroDi0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IC
+AQBp0YyMbdiLyv5i7NBm2kGik4NJ4dXiFp4VO7AVnauo35S4QZsMU6fs3rvK0/9a
+46ER6uSilEx94I2I+v7ALmvayyF1tNitdXmadgbC1OVGfk+ZCEIZ39mC5G4M3lZ/
+qNFTabe3fyccwH7Nwx2BkmVBW/wWepyuox57qP11EiMG8PJpdXxxkKkd90Q5TFum
+MfdJ+eqw28h1lNPS7FtqFlC4aeAPSrth2qcZhoCmE0WNP49AdXz1TYUJlbworWe8
+n7jpPwM8cAgiqp4rr3Lr4zc02/mrKBRn1Io1jaknb/5hMc4wrlzKPTYpLzoOavD0
+ANQbl2EIyzkee90+cKsu5gs80hvXTJZqpk9PdWEze6e97Pe/BF+/CrYFlbwaxn0p
+aP96qsXvymnG3+S08h9TawEnC4xVmo/TC9VCT72ZXJgKcUKTz+lA+b68luf/CVIi
+N6D4wO+bhTWlZrIMAjuJAAnWzeN27GxpRJEcVDf4BrLCTKOOJPh6kPNSjSHEwmX/
+SS3spK6G/j+IlJxHJL/L0jxA2mxZnbVxWxBz9Sk2bT7HO85x3by/e+kUTgAY2Eue
+MXCvhZ4at3ong9/6NqQBwaNBUaQ9wuDRPLWND7XuCvCjqT0mBGvg7yyBGHVaEGIC
+jJtCCf8SY2+MdXH+4ISP6M/SYaMynLHPcxp+7CjRqJK5Pw==
+-----END CERTIFICATE REQUEST-----
diff --git a/dbrepo-search-db/pem/node1.pem b/dbrepo-search-db/pem/node1.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ad4cc59d17f944d617aa770812b2d5cdbc055d39
--- /dev/null
+++ b/dbrepo-search-db/pem/node1.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFOTCCAyECFChEG9Tfkni/pHf2PVR/jkSuImSZMA0GCSqGSIb3DQEBCwUAMFkx
+CzAJBgNVBAYTAkFUMScwJQYDVQQKDB5UZWNobmlzY2hlIFVuaXZlcnNpdMODwqR0
+IFdpZW4xITAfBgNVBAMMGHRlc3QuZGJyZXBvLnR1d2llbi5hYy5hdDAeFw0yMzA5
+MjYxMTA5MjRaFw0yNDA5MjUxMTA5MjRaMFkxCzAJBgNVBAYTAkFUMScwJQYDVQQK
+DB5UZWNobmlzY2hlIFVuaXZlcnNpdMODwqR0IFdpZW4xITAfBgNVBAMMGHRlc3Qu
+ZGJyZXBvLnR1d2llbi5hYy5hdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAJaNZyOBtcWg9ah2lzbwfkfWh/QeeR9aky0rDzFYhSgseS8IZAtCOIj/KfBk
+sOHD2DgkhbyIcv6pjEHozcaecVGcdVrG5SbpbAj/B9+6ewbWsImSO/zFfjH5xKA1
+Mg+cU4Z6+MmGpwTebz9LFuc5+S4wX4CAQobWpOqxtgDQgS6gP4BpoUSNdgBKMoRQ
+I1uB3SxxZ9f5/YFXslPPMqL0+k9oHU+bPL4Gk785uaMHGv54BZF71Bg66PGnv3pO
+9mn8aID/p6xO9k0cQ208SLeL8ZqjdRgtl5TKW9xhCRoXpTbLTSPAZaeW3NYDBg3F
+18Fkf5HpAKRm8O1/8i6dc8aA//anXY6QSeoP3H9zvpx/n7X968gRNQ+MWpVW5k0S
+60YZZ3G23XQZCNDEHyg2E3IbNFTuCBW6Mr8Doae6x5EdTUHot0SQOQj1nP798O1y
+cIgvS5dZ1+M3fR58UmzWqfFKvtlwBAU1Y8yD47kkmcLpl3lPylGZm3+fz9db0ct3
+GpgWkVkTB6fc1Ef1/nwwjLXItgu2bWzZgyg/QclBDdBpXPe8HDXwvtAGawegolKo
+ad+StshtugjX1edcIDXE5L0qm1rMGpXjlP/9D6D04CoDNwyeZN/16blbt2ogB+3W
+tRMHYI92YoUrlVm0v+I6UMZ+NEsFYI0AGUpxFIOWTm6K6A4tAgMBAAEwDQYJKoZI
+hvcNAQELBQADggIBAKiZJcKWSYnTV1JasY/U4FjOpcR8E77vRh/jM3pz3Tq2PDtk
+Lx7NwNvmdFZBW/Avg5RkqkG//8Vje8iU4d1IvJONHWZnYM/CMjPWDA9AXPbiK0YP
+QCuLXppTJ7PG37TVmVL3uBpwrTKWuyDHPkUYVBuunLC1ehWGbhKYKWeOe26y+C18
+rnj86SeoG4o2XbiLAGAwIw3T0vivHENp2G9MnUpgUa2nxlHnncaq7ZYPlzQLpucP
+PzvdEORifUVYStjpTBqPgxdSoBRIKtZbWlnG48fzIOHNrpZS5wh2fnKSuQ/KfRq5
+rRO9fNAgT7Kq8ad79MrVyXBbMZhU0gjiiRLAq6Md5On2wndTrUhzVVDFreNOofJD
+QIWpMElo8zRqBgsr3N2HE7vOB7XjsUjN11rBwAlvjTB3rJKCu8kCLWUDHzVGvdaN
+CWpGUoUrtlkUcxbgilQNywRx2xdHCdQViN96WRfkE93Dhf06JSmpttnr6CkOd4eJ
+dCcijqEOtHAPmjk8NBVnQjA5e0GrwuTtZ/Y1YurKPtRRbA9emTcor6ImlVn6bXwa
+knZzq9z13MzY1no7TtZQKfuXWPY+tgTdsF3VKqhbpQWPNjmzTG5BHeUYh8L/T+NW
+GmS/XJUWkbuC2CxwVBSfIrnp/kxPMtVaW5NGISxoZvfJOFfiU8Zt8clUZBs5
+-----END CERTIFICATE-----
diff --git a/dbrepo-search-db/pem/root-ca-key.pem b/dbrepo-search-db/pem/root-ca-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e09c0919d59982b870458b5a5d44509d31df280f
--- /dev/null
+++ b/dbrepo-search-db/pem/root-ca-key.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAvdhcv2roF53m0WsM2PktVHyQar83BhyfoyhioXj66nOVRXMZ
+JJcF9sw6TGUuRQCUNclfCZj0ZJoLb4iNCX0y8Y93V6IYHah8rLVT8U62oeXQXE5e
+8+Q/Bj05d2qdM7zK3lq8v5LbnoEvjo2g5WsZIn+GxftgFUhXyJOWmLhfeeHBbnFJ
+CQTpnn61/WiG4r+9KaGYSrq+8wG11BDiZG3BBYmHno3731wptu1etgIHJUlgvJJg
+8KNCWMgeitJCA/az85hqQ1z78vRExKPg7u5Ry19ddS1zsTrrnmV+uqSAYC1MEp1O
+u/TDsHIgicXKYEEK4+Y1n8bURhCJ5SSzzE10xws8twL6XfZcC/fODF7YXeLsKmCd
+MCbpoWrTfUWS1kQgOyebVbKqpjw6iz07sQsp/fz2kiW2yD2tFYbny3JhzDo9vlpT
+XwOELPOo+84141HEfHehsqRxe2VLlEnOEVu3Kd0c9Sa0o6LcPSdnqa1xH7PESpI3
++EkKq8y1B8wvIUo2GjoKscXd0LfKeFMfsUyCVITYldAgOv/21CMd3HoE+ue/T238
+CWot+/MEkXf/Z6kIv3KdBfnc3+fKzVJLYR0swV9AXoRc9h/7GJTrqhza3KW3cFNB
+fwaQqx99Xvd9CX2kFEqHTRhN5TMnJsaujI3M2dXnd6bT3QnU+kV+GssUAPMCAwEA
+AQKCAgBkwhOfqH7cIfsihL2B3uYXJDGF5kyu2rxDXSjT6KDLlGLSRF9A00LgFM6Q
+Q1dGWiNPVLwzHNIBHt0Y6hFoyuEh4fIGOcqw2v6or2iI9yzpSk7G3vV4Xliw2AfL
+AHPExNurHd91kd0sCAaUk0ik2q2xaJvAMkVxpj6o/uP71EcgKhh+pHON7OSNMVUn
+1LVaXUdpdBGe//RehzbZAckWYkYCyVaIaXUXvBOLufn9gaAHQyWrj8kRjqSk+Dl1
+llhhQCuMCwXDEPPLo6dn8k5soWIaHVg928y+cLYjEF0tdCeKZCAu9PyXtzWxTTFF
+zgs2AO9lu4YUcfOx6A835b3jnexu2CAf1Whzkwi8t4MKZxitHmcd90xgW7/XKgXu
+faU7uJZAm0SoQQHw0zMfGXuE2gCWg/GpKII7JP4wBfhZftPlUEnxISFQ9E6clZP+
+7O47Tpz69lmiEeRXLd3eCiBHcxPm/XvrtpoMC8KsWXeW4WxFkTE3gONo/DsjtSmn
+l5Bkwf8YotxGsOQq+/VYcttgqq7EENbTFjQHMAPws0A3WHQaMAb01lqoze+T4N8J
+wHq2ANRoZUg6wYv7I0Pm9bdzQzHL2mZPFM44VJno43fEIMDt946DMDxkw01fU32I
+wQgQMXoLXjKNFzkKdvR0P+Fm3ZxN+nJXw2el1Se8mghatyTESQKCAQEA+Qt+VXO3
+cYAc0V5ooO8pYVjWBGfb9QBvgqfTxYqnOmgHet299ig8Pno0EVN2BICbyaUzIa2I
+gIfOAPoVIAgUwBqx3l2Ajl2QmFiR6tGDz3hB3EpaXYJcSvjpF8JdS9LsAqxy0gG9
+7wKXjF1oD/8QxhI9zDo+BRu9LkGq8yJZykHY5WWdb2nSD6+lMp6UMRJW+oI7klvh
+1C4NVdT3UHtAYZziRgGUFQXxK2yC4GTPtVVe7547f00d4cEArM6CZC60NU22UmJ+
+VapngFjbGmgoQ4bk6nOZbie8FQKO97UOUerf+rq/s4l2IJSxDvp+DmeBzEdv3bdD
+R8KDLZ7mRF/79QKCAQEAwyWhPHugHL5R2ESoiDol2/2HycmgWr4FtiyG3DABbCp+
+Gg41m+sUpQNhOmMM56pybNd31Qhnt12azovOoVOsVTP1cnhf2QVO1VKS4Ey9F2o5
+RbB/8XP1ykLrUKzjgGDBlel15Wdm3tlQnL2bidSKm8Ybn/wymkdp2ebA1owy/REB
+eA3WIWWBBZ4SNROb50RmQpu+CqMFDeFHosZEV9fi3r1NWCU1/wU+698ibkRl5Kds
+PuWPlDhceDojPvuyPe1BeCc17J+pB4pjzknvB1tRHeS3m4grRD2q45zwSlD/wmid
+SNCoMzoMMw8zmdqlhARDIyO8Dcx+WAa4dzowuYygRwKCAQEA7GvLz8VdhWMweFXe
+j8DbEK3r5hzOg8SZF3jJIoPhAyJUz4AH4NILdug926DWramFuySX6MW7iwDhQK4o
+NdNWF5R//G/ZJc2PAgE67KdfMSqho0X2iUTC5u1rIoICXYPrRxJ8of7DV02nnrnh
+myXxv4b7oZA85k6SBoKSjeOzR73A8OzJS0YzA28kLWy7k+YsKf5OHUAan3nkcPIO
+ohmPYds0N28yK88LRsTpbapmQGe+C020f8Iutuyo/mPBBugLbXrLtWQJOLvfK8mu
+nl/4sToywJtjMV6JP4zBOkhoQr3tSTHV4NODD6T4fRaxam06nDnI6bsbJNlz/HAX
+ext/rQKCAQEAtlAyiVoJ5LCdsAm81cBVXGhI8ukuqXf7yA1jVNR4j8BHHTqHNQpz
+uBInRLAC/3ALBMpsRpdapkGJ/ks5GRkd2F/5gB8blJnT45IIbArlYbm4lfXmIgKu
+726Df1R2GprKYK7CmTZ4Mdwe5sBxTlxFvnBfoKCx+dab+poNMKO8gxbfI3TxxzOY
+TVI3OmT+cxpA2xu7eR6B+0yra1QFx3eGmYeLeb0R7BXPifdlqFS4SN1tUHmRIO1i
+3mOaSB5HkHlWf9VKGK208bmFstT5vgq/BsmGC4U0vsVKIOmeyB9SQiMQRlXBvlIN
+0anzEFrn5SVCP9MDvnR82Oo2bhTsLn1FwwKCAQAJTPoY3DfJO7gE3RXuDgIKgNCn
+IWt18x9B51EhHqCC7EoEdgfonLzePROc0rnLf6okD3lKmS5ReJX6Y/VdfK/S/CgR
+FidJkYXQ/TuC+e6hVsoU5yoerQxZHM89Evg8Z85K+N4T/GyBRaaoAawsnW9Zjpe4
+NFa2KiRgcelOyAEC+r2XS3AWxF1CPWOQTxz9DXhlwsspmHv5w9HIFgJE5Mi4uDGu
+NuJ1GLiv+35ireLlnOXsYnmTgAqApQTB1EfeHpD4Aq0rXIRbxcCVLA4MksPFwzV2
+jzz0NKrvIKFfY4gM6HmPOy6iN9ZazYd3JB+TXOXuNYh1IZVE+ni00hyYS/fb
+-----END RSA PRIVATE KEY-----
diff --git a/dbrepo-search-db/pem/root-ca.pem b/dbrepo-search-db/pem/root-ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..dc9536b8e63d42f4c1fd4713f8d1febea82f1f01
--- /dev/null
+++ b/dbrepo-search-db/pem/root-ca.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFkzCCA3ugAwIBAgIUOfbA5pppESAMwKjKjQ5dv7AyqLEwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCQVQxJzAlBgNVBAoMHlRlY2huaXNjaGUgVW5pdmVyc2l0
+w4PCpHQgV2llbjEhMB8GA1UEAwwYdGVzdC5kYnJlcG8udHV3aWVuLmFjLmF0MB4X
+DTIzMDkyNjExMDkyM1oXDTMzMDkyMzExMDkyM1owWTELMAkGA1UEBhMCQVQxJzAl
+BgNVBAoMHlRlY2huaXNjaGUgVW5pdmVyc2l0w4PCpHQgV2llbjEhMB8GA1UEAwwY
+dGVzdC5kYnJlcG8udHV3aWVuLmFjLmF0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAvdhcv2roF53m0WsM2PktVHyQar83BhyfoyhioXj66nOVRXMZJJcF
+9sw6TGUuRQCUNclfCZj0ZJoLb4iNCX0y8Y93V6IYHah8rLVT8U62oeXQXE5e8+Q/
+Bj05d2qdM7zK3lq8v5LbnoEvjo2g5WsZIn+GxftgFUhXyJOWmLhfeeHBbnFJCQTp
+nn61/WiG4r+9KaGYSrq+8wG11BDiZG3BBYmHno3731wptu1etgIHJUlgvJJg8KNC
+WMgeitJCA/az85hqQ1z78vRExKPg7u5Ry19ddS1zsTrrnmV+uqSAYC1MEp1Ou/TD
+sHIgicXKYEEK4+Y1n8bURhCJ5SSzzE10xws8twL6XfZcC/fODF7YXeLsKmCdMCbp
+oWrTfUWS1kQgOyebVbKqpjw6iz07sQsp/fz2kiW2yD2tFYbny3JhzDo9vlpTXwOE
+LPOo+84141HEfHehsqRxe2VLlEnOEVu3Kd0c9Sa0o6LcPSdnqa1xH7PESpI3+EkK
+q8y1B8wvIUo2GjoKscXd0LfKeFMfsUyCVITYldAgOv/21CMd3HoE+ue/T238CWot
++/MEkXf/Z6kIv3KdBfnc3+fKzVJLYR0swV9AXoRc9h/7GJTrqhza3KW3cFNBfwaQ
+qx99Xvd9CX2kFEqHTRhN5TMnJsaujI3M2dXnd6bT3QnU+kV+GssUAPMCAwEAAaNT
+MFEwHQYDVR0OBBYEFHRalunU9uLvP49ItGLJi9QLzNo5MB8GA1UdIwQYMBaAFHRa
+lunU9uLvP49ItGLJi9QLzNo5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAJErWbSivfbkFUWVuWkZX6BJv+Xqr4mp7AZz4vXyNQnVT8TqXtiI+Xek
+w9BVRVUUaTCymducJrQKT9LJBpwLSzB6z4l+o+6XVnK/Z67Fj8WtvoZdaBWwpePR
+4f6xxR19sdUOD4W8YTsahpZXq/yi1qchNFda2CNmI9MoVN0ujy+NBw61OL6GjNdP
+xjcjtHkifm1e1tBNWNGCcScplLbbJScd83rB4Qwe26x0kpHJmpSQkN0U8GuLlAVP
+pQOVQt+GDPg03j+1KTcOqDUjWaVVgaIUVdCfq2K6ToMI68HtVVpXy8VlYtYi5gEl
+jEZqDuC1uMCIf3rl+Jscrg4NLRXninEdCi+qqtyiHuRRuJxYsUP1x62wG/kbvY+V
+72HD3hZVwMYAfJ1GN0W2HvpuRpd/QkQL5tqRuELa6/WSCBqpVT7zLCGqtKkMHzKt
+hsPFlrQJTMdkdbDEbZ/5dkE29sPIA2TD2d7wOWLmunuyXycPAgPGGc55IHRDd/4W
+yk6toxxnSXvDuGup5jFio3XI7A14toLo6algdQ9WOJLoBGNYGyQpT+1Zgv/a1MaC
+QpjeOEW8pCpOxrMWusph4pMmV+Trxc+tCmLnMSR6nq0ILoTT4cggwS/ztN/7o9yp
+VGafIWCdXQP7T1H0ESOtMaQ7TRbRPtLq2NoTh12DQg7oV7kfYjrx
+-----END CERTIFICATE-----
diff --git a/dbrepo-search-db/pem/root-ca.srl b/dbrepo-search-db/pem/root-ca.srl
new file mode 100644
index 0000000000000000000000000000000000000000..8a970fd4d45a5be230352dbe4a8cbe48779eb82a
--- /dev/null
+++ b/dbrepo-search-db/pem/root-ca.srl
@@ -0,0 +1 @@
+28441BD4DF9278BFA477F63D547F8E44AE226499
diff --git a/docker-compose.yml b/docker-compose.yml
index 01cebe7422ca5ba41480ac17e254cea45e7dc719..e9473d11b75cd86f6e97c5b58e07b095fa371108 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -53,10 +53,11 @@ services:
ports:
- "3306:3306"
- "9100:9100"
- env_file:
- - .env
+ environment:
+ MARIADB_DATABASE: "${METADATA_DB:-fda}"
+ MARIADB_ROOT_PASSWORD: "${METADATA_PASSWORD:-dbrepo}"
healthcheck:
- test: mysqladmin ping --user="$METADATA_USERNAME" --password="$METADATA_PASSWORD" --silent
+ test: mysqladmin ping --user="${METADATA_USERNAME:-root}" --password="${METADATA_PASSWORD:-dbrepo}" --silent
interval: 10s
timeout: 5s
retries: 12
@@ -67,7 +68,7 @@ services:
restart: "no"
container_name: dbrepo-data-db
hostname: data-db
- image: mariadb:10.5
+ image: bitnami/mariadb:10.5
networks:
core:
volumes:
@@ -76,12 +77,10 @@ services:
ports:
- "3307:3306"
- "9101:9100"
- env_file:
- - .env
environment:
- - MARIADB_ROOT_PASSWORD=$USER_DB_PASSWORD
+ MARIADB_ROOT_PASSWORD: "${USER_DB_PASSWORD:-dbrepo}"
healthcheck:
- test: mysqladmin ping --user="$USER_DB_USERNAME" --password="$USER_DB_PASSWORD" --silent
+ test: mysqladmin ping --user="${USER_DB_USERNAME:-root}" --password="${USER_DB_PASSWORD:-dbrepo}" --silent
interval: 10s
timeout: 5s
retries: 12
@@ -100,13 +99,11 @@ services:
ports:
- "3308:3306"
- "9102:9100"
- env_file:
- - .env
environment:
- - MARIADB_ROOT_PASSWORD=$AUTH_PASSWORD
- - MARIADB_DATABASE=$AUTH_DB
+ MARIADB_DATABASE: "${AUTH_DB:-keycloak}"
+ MARIADB_ROOT_PASSWORD: "${AUTH_PASSWORD:-dbrepo}"
healthcheck:
- test: mysqladmin ping --user="$AUTH_USERNAME" --password="$AUTH_PASSWORD" --silent
+ test: mysqladmin ping --user="${AUTH_USERNAME:-root}" --password="${AUTH_PASSWORD:-dbrepo}" --silent
interval: 10s
timeout: 5s
retries: 12
@@ -122,8 +119,6 @@ services:
- "--base-path=/api/upload/files/"
networks:
core:
- env_file:
- - .env
volumes:
- upload-service-data:/data
- "/tmp:/srv/tusd-data/data"
@@ -141,12 +136,16 @@ services:
ports:
- "8443:8443"
- "8080:8080"
- env_file:
- - .env
+ environment:
+ AUTH_DB: "${AUTH_DB:-keycloak}"
+ KC_DB_USERNAME: "${AUTH_USERNAME:-root}"
+ KC_DB_PASSWORD: "${AUTH_PASSWORD:-dbrepo}"
+ KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN:-fda}"
+ KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD:-fda}"
volumes:
- authentication-service-data:/opt/keycloak/data/
depends_on:
- dbrepo-metadata-db:
+ dbrepo-auth-db:
condition: service_healthy
logging:
driver: json-file
@@ -159,12 +158,40 @@ services:
image: dbrepo-metadata-service
networks:
core:
- env_file:
- - .env
volumes:
- "/tmp:/tmp"
ports:
- "9099:9099"
+ environment:
+ ADMIN_MAIL: "${ADMIN_MAIL:-noreply@localhost}"
+ BASE_URL: "${BASE_URL:-http://localhost}"
+ GRANT_PRIVILEGES: "${GRANT_PRIVILEGES:-SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE}"
+ BROKER_CONSUMERS: "${BROKER_CONSUMERS:-2}"
+ BROKER_ENDPOINT: "${BROKER_ENDPOINT:-http://broker-service:15672/admin/broker}"
+ BROKER_USERNAME: "${BROKER_USERNAME:-fda}"
+ BROKER_PASSWORD: "${BROKER_PASSWORD:-fda}"
+ DELETED_RECORD: "${DELETED_RECORD:-persistent}"
+ EARLIEST_DATESTAMP: "${EARLIEST_DATESTAMP:-2022-09-17T18:23:00Z}"
+ GRANULARITY: "${GRANULARITY:-YYYY-MM-DDThh:mm:ssZ}"
+ JWT_ISSUER: "${JWT_ISSUER:-http://localhost/api/auth/realms/dbrepo}"
+ JWT_PUBKEY: "${JWT_PUBKEY:-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB}"
+ LOG_LEVEL: "${LOG_LEVEL:-debug}"
+ METADATA_DB: "${METADATA_DB:-fda}"
+ METADATA_HOST: "${METADATA_HOST:-metadata-db}"
+ METADATA_JDBC_EXTRA_ARGS: "${METADATA_JDBC_EXTRA_ARGS:-}"
+ METADATA_USERNAME: "${METADATA_USERNAME:-root}"
+ METADATA_PASSWORD: "${METADATA_PASSWORD:-dbrepo}"
+ NOT_SUPPORTED_KEYWORDS: "${NOT_SUPPORTED_KEYWORDS:-\\*,AVG,BIT_AND,BIT_OR,BIT_XOR,COUNT,COUNTDISTINCT,GROUP_CONCAT,JSON_ARRAYAGG,JSON_OBJECTAGG,MAX,MIN,STD,STDDEV,STDDEV_POP,STDDEV_SAMP,SUM,VARIANCE,VAR_POP,VAR_SAMP,--}"
+ PID_BASE: "${PID_BASE:-http://localhost/pid/}"
+ REPOSITORY_NAME: "${REPOSITORY_NAME:-Example Repository}"
+ SEARCH_USERNAME: "${SEARCH_USERNAME:-admin}"
+ SEARCH_PASSWORD: "${SEARCH_PASSWORD:-admin}"
+ SHARED_FILESYSTEM: "${SHARED_FILESYSTEM:-/tmp}"
+ USER_NETWORK: "${USER_NETWORK:-userdb}"
+ WEBSITE: "${WEBSITE:-http://localhost}"
+ KEYCLOAK_HOST: "${KEYCLOAK_HOST:-http://authentication-service:8080}"
+ KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN:-fda}"
+ KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD:-fda}"
healthcheck:
test: wget -qO- localhost:9099/actuator/health/readiness | grep -q "UP" || exit 1
interval: 10s
@@ -190,8 +217,6 @@ services:
core:
ports:
- "5000:5000"
- env_file:
- - .env
volumes:
- "/tmp:/tmp"
logging:
@@ -208,8 +233,11 @@ services:
ports:
- "5672:5672"
- "15672:15672"
- env_file:
- - .env
+ healthcheck:
+ test: wget -qO- localhost:15672/admin/broker | grep "RabbitMQ" || exit 1
+ interval: 10s
+ timeout: 5s
+ retries: 12
depends_on:
dbrepo-authentication-service:
condition: service_healthy
@@ -229,15 +257,12 @@ services:
ports:
- "2020:2020"
- "9200:9200"
- env_file:
- - .env
healthcheck:
- test: curl -sSL localhost:9200/_cat/indices || exit 1
+ test: curl -sSL localhost:9200/_plugins/_security/health | jq .status | grep UP
interval: 10s
timeout: 5s
retries: 12
environment:
- discovery.type: "single-node"
ES_JAVA_OPTS: "-Xms4g -Xmx4g"
logger.level: "WARN"
deploy:
@@ -246,7 +271,6 @@ services:
memory: 4G
volumes:
- search-db-data:/usr/share/elasticsearch/data
- - ./dbrepo-search-db/limits.conf:/etc/security/limits.conf
logging:
driver: json-file
@@ -259,8 +283,22 @@ services:
networks:
core:
public:
- env_file:
- - .env
+ environment:
+ BROKER_USERNAME: "${BROKER_USERNAME:-fda}"
+ BROKER_PASSWORD: "${BROKER_PASSWORD:-fda}"
+ BROKER_LOGIN_URL: "${BROKER_LOGIN_URL:-/admin/broker/}"
+ KEYCLOAK_LOGIN_URL: "${KEYCLOAK_LOGIN_URL:-/api/auth/admin/}"
+ SHARED_FILESYSTEM: "${SHARED_FILESYSTEM:-/tmp}"
+ LOGO: "${LOGO:-/logo.png}"
+ SEARCH_USERNAME: "${SEARCH_USERNAME:-admin}"
+ SEARCH_PASSWORD: "${SEARCH_PASSWORD:-admin}"
+ VERSION: "${VERSION:-${TAG}}"
+ TITLE: "${TITLE:-Database Repository}"
+ ICON: "${ICON:-/favicon.ico}"
+ DBREPO_CLIENT_ID: "${DBREPO_CLIENT_ID:-dbrepo-client}"
+ DBREPO_CLIENT_SECRET: "${DBREPO_CLIENT_SECRET:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
+ UPLOAD_PATH: "${UPLOAD_PATH:-/tmp/}"
+ FORCE_SSL: "${FORCE_SSL:-false}"
depends_on:
dbrepo-upload-service:
condition: service_started
@@ -296,30 +334,11 @@ services:
logging:
driver: json-file
-# dbrepo-log-service:
-# restart: "no"
-# container_name: dbrepo-log-service
-# hostname: log-service
-# build: ./dbrepo-log-service
-# image: dbrepo-log-service:latest
-# networks:
-# core:
-# public:
-# volumes:
-# - ./dbrepo-log-service/fluent.conf:/fluentd/etc/fluent.conf
-# ports:
-# - "24224:24224"
-# - "24224:24224/udp"
-# depends_on:
-# dbrepo-search-db:
-# condition: service_healthy
-#
- dbrepo-log-service-dashboard:
+ dbrepo-search-db-dashboard:
restart: "no"
- container_name: dbrepo-log-service-dashboard
- hostname: log-service-dashboard
- build: ./dbrepo-log-service/dashboard
- image: dbrepo-log-service-dashboard:latest
+ container_name: dbrepo-search-db-dashboard
+ hostname: search-db-dashboard
+ image: opensearchproject/opensearch-dashboards:2.8.0
networks:
core:
public:
@@ -330,3 +349,35 @@ services:
depends_on:
dbrepo-search-db:
condition: service_healthy
+
+ dbrepo-search-sync-agent:
+ restart: "no"
+ container_name: dbrepo-search-sync-agent
+ hostname: search-startup-agent
+ build: ./dbrepo-search-sync-agent
+ image: dbrepo-search-sync-agent
+ networks:
+ core:
+ environment:
+ METADATA_DB: ${METADATA_DB:-fda}
+ METADATA_HOST: ${METADATA_HOST:-metadata-db}
+ METADATA_JDBC_EXTRA_ARGS: ${METADATA_JDBC_EXTRA_ARGS:-}
+ METADATA_PASSWORD: ${METADATA_PASSWORD:-dbrepo}
+ METADATA_USERNAME: ${METADATA_USERNAME:-root}
+ SEARCH_USERNAME: ${SEARCH_USERNAME:-fda}
+ SEARCH_PASSWORD: ${SEARCH_PASSWORD:-fda}
+ LOG_LEVEL: ${LOG_LEVEL:-debug}
+ healthcheck:
+ test: wget -qO- localhost:9050/actuator/health/readiness | grep -q "UP" || exit 1
+ interval: 10s
+ timeout: 5s
+ retries: 12
+ depends_on:
+ dbrepo-metadata-db:
+ condition: service_healthy
+ dbrepo-search-db:
+ condition: service_started
+ dbrepo-authentication-service:
+ condition: service_healthy
+ logging:
+ driver: json-file
\ No newline at end of file