Starting Up The Application

Now that the host and database are both ready, lets wrap up the setup by starting up the environment.

  1. Unpack configuration file:
    • We will send you a configuration file containing a predefined docker-compose.yml.

    • Unpack that file on the host (preferably in directory /etc/docker/datavaultbuilder/dvb_1)

  2. Update the configuration file
    • Define connection to your target database

      Adjust the Setting of the CLIENT_DB_CONNECTIONSTRING Parameter for the core Container to point at your database.

      Note

      Do not include the username & password into the connection string. The Datavault Builder will automatically use the technical authenticator for the connection.

    • Define password for admin user

      Adjust your own password for the initially created admin user by setting the value for the following environment variable for the core service

      GUI_USER_PASSWORD
      
    • Optional: Update ports

      In case you install multiple stacks on the same host, make sure to alter the ports settings so you don’t have conflicts. Also, make sure, that not two stacks point at the same database.

      ports:
      - '80:8080'
      

      Hint

      If you would like to change the port for the webinterface, update the left side value (e.g. 81:8080 in case it should be reachable over port 81)

  3. Generate System Encryption Keys

    The encryption-keys are used to encrypt the system passwords configured in Datavault Builder.

    As those will be stored on the processing database, this prevents, that everyone having direct access onto the database can read the passwords in cleartext.

    Generic Steps

    1. Generate a gpg key.

    2. Store the gpg public key, private key as well as the private key password into files.

    3. Share these files as secrets with the core service.

    Sample on Linux

    1. Possible requirement: Entropy pool

      On a server, you probably need an entropy pool generator, on a client you can just move the mouse. To install an entropy pool generator:

      • RHEL / CentOS:

        sudo yum install rng-tools
        sudo rngd -r /dev/urandom
        
      • Ubuntu / Debian:

        sudo apt-get install rng-tools
        sudo rngd -r /dev/urandom
        
    2. Generate the keys

      Now follow the gpg instructions to generate new keys (in openpgp format).

      • RHEL 7 / CentOS 7 / Ubuntu 16.04:

        gpg --gen-key --openpgp (select RSA/RSA, 4096 bits)
        
      • Ubuntu 18.04:

        gpg --full-generate-key --openpgp (select RSA/RSA, 4096 bits)
        
    3. Check the list of generated signatures

      List all existing signatures to get the ID of the key you would like to export from the list. (should be something like 906D6CC7116E90F277A23B534A2F176B19BD4390). e.g.:

      gpg --list-signatures
      
    4. Export everything to files

      Store the generated keys and the used passwords in files, so they can be used as docker secrets.

      gpg -a --export YOUR_KEY > secrets/systems_password_public_key.txt
      gpg -a --export-secret-keys YOUR_KEY > secrets/systems_password_private_key.txt
      echo YOUR_PASSWORD > secrets/systems_password_private_key_password.txt
      

      Sample:

      gpg -a --export 906D6CC7116E90F277A23B534A2F176B19BD4390 > secrets/systems_password_public_key.txt
      gpg -a --export-secret-keys 906D6CC7116E90F277A23B534A2F176B19BD4390 > secrets/systems_password_private_key.txt
      echo ng74na7ub247 > secrets/systems_password_private_key_password.txt
      
  4. Optional: Enable SSL-Encryption

    To secure the webtraffic.

    Warning

    Be aware, that if left out, communication between frontend and backend (including password transmition) is not secured!

  5. Start the services
    • Open the cmd-line within the folder, containing the docker-compose.yml:

      docker login docker.datavault-builder.com
      
    • Download the docker images:

      docker-compose pull
      
    • Start the containers:

      docker-compose up -d
      
  6. Open up the frontend.

    The Frontend can now be reached with a Chromium based Browser on the exposed port from the webgui on the machine (default: 80).

    The credentials for the initially created user can be found in the docker-compose.yml -> core -> env variables:

    GUI_USER_PASSWORD
    GUI_USER_NAME