Skip to content

Latest commit

 

History

History
95 lines (86 loc) · 3.94 KB

README.md

File metadata and controls

95 lines (86 loc) · 3.94 KB

MOSIP Token Seeder

Overview

Refer documentation.

Running for Development

Pre-requisites

  • Install the following packages (or equivalent ones for your system).
    sudo apt install libsqlcipher-dev libsqlite3-dev
  • Initialize virtualenv:
    virtualenv venv_token_seeder
  • Edit the activate file of the virtualenv (venv_token_seeder/bin/activate), and add the following lines in the end of the file.
    export TOKENSEEDER_GUNICORN__WORKERS=3
    export TOKENSEEDER_GUNICORN__MAX_REQUESTS=10000
    export TOKENSEEDER_GUNICORN__TIMEOUT=5
    export TOKENSEEDER_GUNICORN__KEEP_ALIVE=5
    export TOKENSEEDER_DB__LOCATION="sqlite:///auth_token_seeder.dbsqlite"
    export TOKENSEEDER_DB__GENERATE_DB_ALWAYS="false"
    export TOKENSEEDER_DB__PRINT_PASSWORD_ON_STARTUP="true"
    export TOKENSEEDER_MOSIP_AUTH__PARTNER_APIKEY=
    export TOKENSEEDER_MOSIP_AUTH__PARTNER_MISP_LK=
    export TOKENSEEDER_MOSIP_AUTH__PARTNER_ID=
    export TOKENSEEDER_MOSIP_AUTH_SERVER__IDA_AUTH_DOMAIN_URI=
    export TOKENSEEDER_MOSIP_AUTH_SERVER__IDA_AUTH_URL=
    export TOKENSEEDER_CRYPTO_ENCRYPT__ENCRYPT_CERT_PATH=
    export TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PATH=
    export TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PASSWORD=
    
    alias run_token_seeder_dev='TOKENSEEDER_DB__PASSWORD=$(python3 -m mosip_token_seeder.repository dbinit) gunicorn -n "gunicorn" --worker-class uvicorn.workers.UvicornWorker --workers ${TOKENSEEDER_GUNICORN__WORKERS} --bind 0.0.0.0:8080 --max-requests ${TOKENSEEDER_GUNICORN__MAX_REQUESTS} --timeout ${TOKENSEEDER_GUNICORN__TIMEOUT} --keep-alive ${TOKENSEEDER_GUNICORN__KEEP_ALIVE} --access-logfile "-" --error-logfile "-" app:app'
  • Create a new folder certs, and place the client certificates, etc there.
  • Configure the above environment variables in the activate script with the appropriate client details and certs.
  • Install the python requirements:
    source venv_token_seeder/bin/activate
    pip3 install -r mosip_token_seeder/requirements.txt
    deactivate

Running

  • Activate virtual env.
    source venv_token_seeder/bin/activate
  • When running tokenseeder locally for the very first time, run it with the env variable.
    TOKENSEEDER_DB__GENERATE_DB_ALWAYS="true" run_token_seeder_dev
  • For the subsequent runs, simply use.
    run_token_seeder_dev
    Access localhost:8080 on browser. Access localhost:8080/docs for apidocs.
  • For running only the authenticator for single authentication:
    • Configure mosip_auth, mosip_auth_server and crypto_ sections in authenticator/authenticator-config.toml. And place the certificate and keys appropriately.
    • Then run (sample json given in samples folder):
      python3 -m mosip_token_seeder.authenticator demoauth <json>

Running the Docker

docker run -it --rm \
    --name token-seeder \
    -p 8080:8080 \
    -v <local-certs-path>:/seeder/certs \
    -e TOKENSEEDER_MOSIP_AUTH__PARTNER_APIKEY= \
    -e TOKENSEEDER_MOSIP_AUTH__PARTNER_MISP_LK= \
    -e TOKENSEEDER_MOSIP_AUTH__PARTNER_ID= \
    -e TOKENSEEDER_MOSIP_AUTH_SERVER__IDA_AUTH_DOMAIN_URI= \
    -e TOKENSEEDER_MOSIP_AUTH_SERVER__IDA_AUTH_URL= \
    -e TOKENSEEDER_CRYPTO_ENCRYPT__ENCRYPT_CERT_PATH=/seeder/certs/<ida.partner.cert> \
    -e TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PATH=/seeder/certs/<client.p12> \
    -e TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PASSWORD= \
    mosipdev/mosip-token-seeder:develop

Installing on k8s cluster using the helm

  •   cd helm
  • Configure seeder.mandatoryValidationFields and seeder.cleanup sections in values.yaml, with the desired values.
    • Or post installation; edit these values in mosip-token-seeder configmap and restart tokenseeder pod.
  • Install kubectl and helm utilities. Then run:
    ./install.sh [cluster-kubeconfig-file]