Express Setup¶
This setup installs the MPS and RPS microservices as Docker* containers, standardized packages containing an application's source code, libraries, environment, and dependencies.
Get the Toolkit¶
To clone the repositories:
-
Open a Terminal or Command Prompt and navigate to a directory of your choice for development:
git clone --recursive https://github.com/open-amt-cloud-toolkit/open-amt-cloud-toolkit --branch v2.1.0 -
Change to the cloned
open-amt-cloud-toolkitdirectory.cd open-amt-cloud-toolkit
Set Environment Variables¶
The .env.template file is used by docker to set environment variables.
To set the environment variables:
-
Copy the
.env.templatefile to.env:cp .env.template .envcopy .env.template .env -
In a text editor or IDE of choice, open the new
.envfile to edit. -
Update the following fields for configuring the MPS, Sample Web UI, Vault and Postgres. Save and keep track of the values you choose.
Field Name Required Usage MPS_COMMON_NAME Development System IP Address. For connecting to MPS server via UI or APIs. WARNING: Do not use localhost. Use the development system IP Address. MPS_WEB_ADMIN_USER Username of your choice For logging into the Sample Web UI MPS_WEB_ADMIN_PASSWORD Strong password of your choice For logging into the Sample Web UI MPS_JWT_SECRET A strong secret of your choice (Example: A unique, random 256-bit string. See another example in code snippet below). Used when generating a JSON Web Token (JWT) for authentication. This example implementation uses a symmetrical key and HS256 to create the signature. Learn more about JWT. POSTGRES_PASSWORD Strong password of your choice For logging into the Postgres VAULT_TOKEN Strong token of your choice For logging into the vault Important - Using Strong Passwords
The MPS_WEB_ADMIN_PASSWORD must meet standard, strong password requirements:
-
8 to 32 characters
-
One uppercase, one lowercase, one numerical digit, one special character
-
-
Save the file.
Set Kong JSON Web Token (JWT)¶
Set the shared secret used in Kong for JWT authentication.
-
Open the
kong.yamlfile. -
Update the secret field with your MPS_JWT_SECRET.
jwt_secrets: - consumer: admin key: 9EmRJTbIiIb4bIeSsmgcWIjrR6HyETqc #sample key secret: "Yq3t6w9z$C&E)H@McQfTjWnZr4u7x!A%" #sample secret, DO NOT use for production -
Save and close the file.
Build and Run the Docker Images¶
Build the MPS, RPS, and Sample Web UI Docker images and launch the stack.
-
Run docker-compose to start the containers from the
./open-amt-cloud-toolkitdirectory.sudo docker-compose -f "docker-compose.yml" up -d --builddocker-compose -f "docker-compose.yml" up -d --buildImportant - For Windows* 10
While the
docker-compose upcommand is running, you may see a number of pop-ups asking for permission for Docker Desktop Filesharing (Figure 1). You must select Share It for thedocker-compose upcommand to execute successfully. If the pop-up expires,docker-compose upwill fail. You must rundocker-compose down -vand then rerundocker-compose upto successfully start the containers.
Figure 1: Docker Desktop Filesharing -
Check that all the containers are running.
sudo docker ps --format "table {{.Image}}\t{{.Status}}\t{{.Names}}"docker ps --format "table {{.Image}}\t{{.Status}}\t{{.Names}}"Success
IMAGE STATUS NAMES kong:2.3 Up 4 seconds (health: starting) open-amt-cloud-toolkit_kong_1 sslpostgres Up 9 seconds open-amt-cloud-toolkit_db_1 webui:latest Up 10 seconds open-amt-cloud-toolkit_webui_1 mpsrouter:latest Up 11 seconds open-amt-cloud-toolkit_mpsrouter_1 rps:latest Up 11 seconds open-amt-cloud-toolkit_rps_1 mps:latest Up 10 seconds open-amt-cloud-toolkit_mps_1 vault Up 10 seconds open-amt-cloud-toolkit_vault_1
Important
Container Issues
If any of the above containers are not running, walk through the steps again or file a GitHub issue here.
If the kong container reloads repeatedly, verify kong.yaml edits. Misconfiguration of this file will cause the container to reload.
Important
Because the vault is running in a dev mode, stored secrets will be lost upon a restart, and profiles and configs must be recreated. They are not persistent in this mode. Be sure to run docker-compose down -v when bringing down the stack, which removes the volumes, and start fresh upon docker-compose up. To run vault in production mode, follow the guide here.