Merge pull request #20 from DIMSI-IS/MergeTmpOusmanePierre

Production v0.2.0 from local sources

.gitattributes

@@ -0,0 +1,4 @@
+# Set line endings for shell scripts to LF
+*.sh text eol=lf
+*.env text eol=lf
+*.yml text eol=lf

.gitignore

@@ -1,5 +1,12 @@
 # Avoid compromising secret information
-common/**
 flower/**
 mariadb/**
-keycloak/**
+keycloak/**
+src/core/.env.dev
+src/core/.env.dev.tmpl
+src/core/.env.production.tmpl
+src/core/dev.entrypoint.sh
+src/core/dev.Dockerfile
+
+common/secret/**
+install.sh

README.md

@@ -2,7 +2,7 @@
 
 ## <img src="https://user-images.githubusercontent.com/49555363/194335646-85c5513e-cceb-4cc5-99f7-406c7a987156.svg" height="32px">
 
-Latest version  | 0.1.0
+Latest version  | 0.2.0
 ------------- | -------------
 Documentation  | https://backroll.readthedocs.io
 
@@ -18,18 +18,77 @@ It's also
 - No agent on guests nor KVM hosts
 - Fully containerized with minimum maintenance needed
 
-## Our demo made during the CloudSTack European User Group (APRIL) 2022
+## Our demo made during the CloudStack European User Group (APRIL) 2022
 [![Watch the video](http://i3.ytimg.com/vi/Jg40h1YjALk/hqdefault.jpg)](https://www.youtube.com/watch?v=Jg40h1YjALk)
 
 ## What do I need?
-BackROLL 0.1.0 requires at least
-- A MySQL/MariaDB database
+BackROLL 0.2.0 requires at least
 - A server which can run Docker
+- A MySQL/MariaDB database ( the default configuration deploys a mariaDB with docker compose )
 - An OpenID provider (Keycloak, Google/Microsoft, Okta, etc.)
 
 ## Get Started
+### Docker and Docker compsoe
+Backroll requires Docker and Docker Compose. Please refer to the official Docker documentation to install them.\
+Install Docker https://docs.docker.com/engine/install/ \
+Install Docker compose https://docs.docker.com/compose/install/linux/
+
+### Quick install
+This method uses a preconfigured oauth provider in docker, for production environment please use your production oauth provider or harden the preconfigured oauth provider with SSL certificate, secure password, etc..
+
+Download the install-prod.sh script
+```bash
+wget https://github.com/DIMSI-IS/BackROLL/releases/download/v.0.2.0/install-prod.sh
+```
+Allow the script execution
+```bash
+sudo chmod +x install-prod.sh
+```
+Start the script
+```bash
+sudo ./install-prod.sh
+```
+Change directory to the backroll install directory
+```bash
+cd your_backroll_path/install/
+```
+Start the docker-compose.yml, this will start all the containers.
+```bash
+sudo docker compose up -d
+```
+Verify that your container are running
+```bash
+sudo docker ps
+```
+
+
+## Backroll with Cloudstack
+### Configure the Backroll Plugin
+
+**Cloudstack Global Settings**\
+In Cloudstack's Global settings, fill the fields with the appropriate value:
+
+- Backup framework provider plugin: _backroll_
+- Backup plugin backroll config appname: _Name of your app name used for backroll api_
+- Backup plugin backroll config password: _Secret for the backroll_api found in your oauth provider._
+- Backup plugin backroll config url: _URL of your backroll_
+
+
+**Cloudstack user**\
+Backroll uses an API key and secret to communicate with Cloudstack.\
+In Cloudstack, under accounts, create a user dedicated to backroll.\
+Generate API Keys and Secret.
+
+
+**Backroll side**\
+In the backroll UI, under Configuration select Connectors.\
+Add a new connector and fill the field with the appropriate information:
+
+- Name: *Name of your connector*
+- Endpoint URL: *URL of your cloudstack instance*
+- Login: *API_key of your user dedicated to backroll*
+- Password: *API_secret of your user dedicated to backroll*
 
-Coming soon... :smirk:
 
 ## Documentation
 The [latest documentation](https://backroll.readthedocs.io/) is hosted at Read The Docs, containing user guides, tutorials, and an API reference.

common/config/core/env

@@ -1,15 +1,15 @@
 ### DATABASE CONFIGURATION [MANDATORY] ###
-DB_IP=
-DB_PORT=
-DB_USER_NAME=
-DB_USER_PASSWORD=
-DB_BASE=
+DB_IP=IP_DATABASE_TO_REPLACE
+DB_PORT=PORT_DATABASE_TO_REPLACE
+DB_USER_NAME=USERNAME_DATABASE_TO_REPLACE
+DB_USER_PASSWORD=PASSWORD_DATABASE_TO_REPLACE
+DB_BASE=NAME_DATABASE_TO_REPLACE
 
 ### FLOWER AUTH CONFIGURATION [OPTIONAL] ###
 FLOWER_USER=
 FLOWER_PASSWORD=
 
 ### OPENID [MANDATORY] ###
-OPENID_ISSUER=
-OPENID_CLIENTID=
-OPENID_CLIENTSECRET=
+OPENID_CLIENTID=backroll-api
+OPENID_CLIENTSECRET=CLIENT_SECRET_TO_REPLACE
+OPENID_ISSUER=http://IP_TO_REPLACE:8081/realms/backroll

common/config/database/env

@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=ROOT_DATABASE_TO_REPLACE
+MARIADB_DATABASE=NAME_DATABASE_TO_REPLACE
+MARIADB_USER=USERNAME_DATABASE_TO_REPLACE
+MARIADB_PASSWORD=PASSWORD_DATABASE_TO_REPLACE

common/config/sso/Dockerfile

@@ -0,0 +1,9 @@
+FROM quay.io/keycloak/keycloak:20.0.0
+
+# Fixes logout "invalid parameter: redirect_uri" error but the user name doesn’t show up in the backroll navigation bar.
+#FROM quay.io/keycloak/keycloak:17.0
+
+COPY realm.json /tmp/
+RUN /opt/keycloak/bin/kc.sh import --file /tmp/realm.json
+
+CMD [ "start-dev" ]

common/config/sso/env

@@ -0,0 +1,2 @@
+KEYCLOAK_ADMIN=KEYCLOAK_ADMIN_USERNAME
+KEYCLOAK_ADMIN_PASSWORD=KEYCLOAK_ADMIN_PASSWORD_ENV

common/config/sso/realm.json

@@ -0,0 +1,30 @@
+{
+    "realm": "backroll",
+    "enabled": true,
+    "users": [
+      {
+        "username": "KEYCLOACK_DEFAULT_USER_USERNAME",
+        "enabled": true,
+        "credentials": [{ "type": "password", "value": "KEYCLOACK_DEFAULT_USER_PASSWORD" }]
+      }
+    ],
+    "clients": [
+      {
+        "clientId": "backroll-front",
+        "enabled": true,
+        "publicClient": true,
+        "baseUrl": "http://IP_TO_REPLACE:8080/admin/dashboard",
+        "redirectUris": ["http://IP_TO_REPLACE:8080/*"],
+        "webOrigins": ["*"]
+      },
+      {
+        "clientId": "backroll-api",
+        "enabled": true,
+        "clientAuthenticatorType": "client-secret",
+        "secret": "CLIENT_SECRET_TO_REPLACE",
+        "redirectUris": ["http://IP_TO_REPLACE:5050/*"],
+        "webOrigins": ["*"],
+        "serviceAccountsEnabled": true
+      }
+    ]
+  }

common/config/ui/env

@@ -1,5 +1,5 @@
 ### BACKROLL UI CONFIGURATION [MANDATORY] ###
-API_ENDPOINT_URL=
-OPENID_ISSUER=
-OPENID_CLIENTID=
-OPENID_REALM=
+API_ENDPOINT_URL=http://IP_TO_REPLACE:5050
+OPENID_ISSUER=http://IP_TO_REPLACE:8081
+OPENID_REALM=backroll
+OPENID_CLIENTID=backroll-front

development/docker-compose.yml

@@ -3,17 +3,22 @@ version: "2.3"
 ### This docker-compose file is intended for localhost development ###
 
 services:
+  ## Optional if you already have a working keycloak environment
   sso:
     restart: always
-    image: jboss/keycloak:16.1.1
+    #image: dimsicloud/backroll:${BACKROLL_VERSION:-latest}
+    build: ../common/config/sso
+    #image: jboss/keycloak:16.1.1
     networks:
       - backroll-network
     expose:
-      - "8081"
+      - 8081
+      - 9990
     ports:
-      - "8081:8080"
+      - 8081:8080
+      - 9990:9990
     env_file:
-      - ./common/config/sso/env
+      - ../common/config/sso/env
 
   redis:
     restart: always
@@ -35,19 +40,23 @@ services:
     command: uvicorn app:app --host 0.0.0.0 --port 5050 --reload
     environment:
       DEBUG: 1
+      PYTHONUNBUFFERED: 1
     networks:
       - backroll-network
     volumes:
-      - ./common/secret/:/root/.ssh:ro
+      - ../common/secret/:/root/.ssh:ro
       - ../src/core:/usr/src/app
+      - /mnt:/mnt
     expose:
       - "5050"
     ports:
       - 5050:5050
     depends_on:
       - "redis"
     env_file:
-      - ./common/config/core/env
+      - ../common/config/core/env
+    logging:
+      driver: local
 
 
   worker_primary:
@@ -56,10 +65,8 @@ services:
     build: ../src/core
     working_dir: /usr/src/app
     command: watchmedo auto-restart --directory=./ --pattern=*.py --recursive -- celery -A app.celery worker -n worker -Q default --concurrency=4
-    environment:
-      DEBUG: 1
     volumes:
-      - ./common/secret/:/root/.ssh:ro
+      - ../common/secret/:/root/.ssh:ro
       - /mnt:/mnt
       - ../src/core:/usr/src/app
     environment:
@@ -69,7 +76,7 @@ services:
     depends_on:
       - "backroll_api"
     env_file:
-      - ./common/config/core/env
+      - ../common/config/core/env
 
 
   worker_secondary:
@@ -78,10 +85,8 @@ services:
     build: ../src/core
     working_dir: /usr/src/app
     command: watchmedo auto-restart --directory=./ --pattern=*.py --recursive -- celery -A app.celery worker -n worker2 -Q backup_tasks --concurrency=2
-    environment:
-      DEBUG: 1
     volumes:
-      - ./common/secret/:/root/.ssh:ro
+      - ../common/secret/:/root/.ssh:ro
       - /mnt:/mnt
       - ../src/core:/usr/src/app
     environment:
@@ -94,7 +99,7 @@ services:
       - "backroll_api"
       - "worker_primary"
     env_file:
-      - ./common/config/core/env
+      - ../common/config/core/env
 
 
   flower:
@@ -118,7 +123,7 @@ services:
       - "backroll_api"
       - "worker_primary"
     env_file:
-      - ./common/config/core/env
+      - ../common/config/core/env
 
 
   beat:
@@ -137,7 +142,7 @@ services:
       - "backroll_api"
       - "worker_secondary"
     env_file:
-      - ./common/config/core/env
+      - ../common/config/core/env
 
   front:
     restart: on-failure
@@ -159,7 +164,7 @@ services:
     depends_on:
       - "backroll_api"
     env_file:
-      - ./common/config/ui/env
+      - ../common/config/ui/env
 
 networks:
   backroll-network: