Add script to do all the (first time) database initialisation #4
Conversation
pmeulen
force-pushed
the
feature/add-db-init-script
branch
from
fe8a7ae to
78f380c
Compare
The script vcan be safely run multiple times, e.g. to upgrade the database schema for new versions, or to update the middleware configuration
pmeulen
force-pushed
the
feature/add-db-init-script
branch
from
4422b75 to
f15fc55
Compare
Yes, I had held back this change because #5 modified the README as well. I've now rebased and updated the README with the new instructions. |
|
As discussed in OpenConext/Stepup-Middleware#410, running the console command as root is troublesome because it messes op the ownership of the Symfony cache. I've added chowns the the init script to fix that. Another option would be to use sudo, but that would require adding the sudo package to the base container(s). That could be a better solution to cache ownership issue. |
| 127.0.0.1 selfservice.dev.openconext.local webauthn.dev.openconext.local ssp.dev.openconext.local gateway.dev.openconext.local middleware.dev.openconext.local ra.dev.openconext.local demogssp.dev.openconext.local | ||
| ``` | ||
|
|
||
| Secondly you need to create the `stepup/gateway/surfnet_yubikey.yaml` filewith your Yubikey API credentials. If you do not have API credentials, you can get them at <https://upgrade.yubico.com/getapikey/>. You require a Yubikey to get an API key. | ||
| Secondly you need to create the `stepup/gateway/surfnet_yubikey.yaml` filew ith your Yubikey API credentials. If you do not have API credentials, you can get them at <https://upgrade.yubico.com/getapikey/>. You require a Yubikey to get an API key. |
| @@ -0,0 +1,25 @@ | |||
| #!/bin/bash | |||
|
|
|||
| set -e | |||
There was a problem hiding this comment.
Curiosity: why do you instruct the script to immediately exit upon error in this script, and not in the others? Is there a distinct advantage for doing it here?
TIL: set -x is going to help me in the future while writing bash
| This associates the admin account with your Yubikey. The account has SRAA rights. You can then use your Yubikey to log in as user `admin` with password `admin`. Note that you must run this command before the first time you log in with the admin account to the SA or RA, otherwise this command will fail because the admin identity already exists. | ||
|
|
||
| ```shell | ||
| docker compose exec middleware /var/www/html/bin/console middleware:bootstrap:identity-with-yubikey urn:collab:person:dev.openconext.local:admin dev.openconext.local "Your Name" Your@email en_GB Yubikey_ID |
There was a problem hiding this comment.
Did you intentionally not move this to a script? I'm totally fine with having it in the README as it also ensures you need to remain engaged in order to not mis a step.
| Mailcatcher is included. You can view the email by going to http://localhost:1080 | ||
| You can now login to the self-service portal at <https://selfservice.dev.openconext.local> and login to the RA portal at <https://ra.dev.openconext.local> using your admin/admin account. | ||
|
|
||
| Mailcatcher is included. You can view the email by going to <http://localhost:1080> |
There was a problem hiding this comment.
Not for this PR: @quartje can we give her a hostname?
The script can be safely run multiple times, e.g. to upgrade the database schema for new versions, or to update the middleware configuration