Starting Up The Application¶
Now that the host and database are both ready, lets wrap up the setup by starting up the environment.
- Unpack configuration file:
We will send you a configuration file containing a predefined
docker-compose.yml.Unpack that file on the host (preferably in directory /etc/docker/datavaultbuilder/dvb_1)
- Update the configuration file
- Define connection to your target database
Adjust the Setting of the
CLIENT_DB_CONNECTIONSTRINGParameter for the core Container to point at your database.Note
Do not include the username & password into the connection string. The Datavault Builder will automatically use the technical
authenticatorfor the connection.
- Define password for admin user
Adjust your own password for the initially created admin user by setting the value for the following environment variable for the core service
GUI_USER_PASSWORD
- Optional: Update ports
In case you install multiple stacks on the same host, make sure to alter the ports settings so you don’t have conflicts. Also, make sure, that not two stacks point at the same database.
ports: - '80:80'
Hint
If you would like to change the port for the webinterface, update the left side value (e.g. 81:80 in case it should be reachable over port 81)
- Generate System Encryption Keys
The encryption-keys are used to encrypt the system passwords configured in Datavault Builder.
As those will be stored on the processing database, this prevents, that everyone having direct access onto the database can read the passwords in cleartext.
Generic Steps
Generate a gpg key.
Store the gpg public key, private key as well as the private key password into files.
Share these files as secrets with the core service.
Sample on Linux
- Possible requirement: Entropy pool
On a server, you probably need an entropy pool generator, on a client you can just move the mouse. To install an entropy pool generator:
RHEL / CentOS:
sudo yum install rng-tools sudo rngd -r /dev/urandom
Ubuntu / Debian:
sudo apt-get install rng-tools sudo rngd -r /dev/urandom
- Generate the keys
Now follow the gpg instructions to generate new keys (in openpgp format).
RHEL 7 / CentOS 7 / Ubuntu 16.04:
gpg --gen-key --openpgp (select RSA/RSA, 4096 bits)
Ubuntu 18.04:
gpg --full-generate-key --openpgp (select RSA/RSA, 4096 bits)
- Check the list of generated signatures
List all existing signatures to get the ID of the key you would like to export from the list. (should be something like 906D6CC7116E90F277A23B534A2F176B19BD4390). e.g.:
gpg --list-signatures
- Export everything to files
Store the generated keys and the used passwords in files, so they can be used as docker secrets.
gpg -a --export YOUR_KEY > secrets/systems_password_public_key.txt gpg -a --export-secret-keys YOUR_KEY > secrets/systems_password_private_key.txt echo YOUR_PASSWORD > secrets/systems_password_private_key_password.txt
Sample:
gpg -a --export 906D6CC7116E90F277A23B534A2F176B19BD4390 > secrets/systems_password_public_key.txt gpg -a --export-secret-keys 906D6CC7116E90F277A23B534A2F176B19BD4390 > secrets/systems_password_private_key.txt echo ng74na7ub247 > secrets/systems_password_private_key_password.txt
- Optional: Enable SSL-Encryption
To secure the webtraffic.
Warning
Be aware, that if left out, communication between frontend and backend (including password transmition) is not secured!
- Start the services
Open the cmd-line within the folder, containing the
docker-compose.yml:docker login docker.datavault-builder.com
Download the docker images:
docker-compose pull
Start the containers:
docker-compose up -d
- Open up the frontend.
The Frontend can now be reached with a Chromium based Browser on the exposed port from the webgui on the machine (default: 80).
The credentials for the initially created user can be found in the docker-compose.yml -> core -> env variables:
GUI_USER_PASSWORD GUI_USER_NAME