Use this mode if you want to run ESAP in Docker containers on a host machine where it can be accessed remotely.
- this will install ESAP on a server, including a nginx webserver in a Docker container.
- you need to register your instance at IAM (see screenshot further down the page).
prerequisites
- git
- Docker & docker-compose
- curl
Installation
STEP 1 (automatic) - install_esap.sh
curl -fsSL https://git.astron.nl/astron-sdc/esap-api-gateway/-/raw/master/esap/deploy/install_esap.sh -o install_esap.sh && chmod +x install_esap.sh && ./install_esap.shThis creates 2 directories:
~/esap_root contains the source code
~/esap_shared contains shared configuration and configuration databases
STEP 2 (manual configuration)
Your ESAP-GUI frontend needs to know where your ESAP-API backend is before the frontend is compiled into a Javascript bundle.
nano ~/esap_root/esap-gui/src/contexts/GlobalContext.jsLook for this snippet of code in GlobalContext.js and make sure that the api_host of production is
set correctly.
const api_host =
process.env.NODE_ENV === "development"
? "http://localhost:5555/esap-api/"
: "<your_host>:8000/esap-api/";Registering at IAM
You need to register your instance of ESAP as a client at IAM for <your_host> on this website: https://iam-escape.cloud.cnaf.infn.it/manage/dev/dynreg
The only important setting is a Redirect URI, which in this screenshot example is http://192.168.22.3/esap-api/oidc/callback/. Where http://192.168.22.3 should be <your_host>.
After clicking 'save', copy the Client ID and Client Secret, you need those in the next step.
Fill in OIDC settings
Fill inOIDC_RP_CIENT_ID and OIDC_RP_CLIENT_SECRET that you received from your own IAM registration.
And fill in the redirect urls' to your ESAP-GUI frontend.
nano ~/esap_shared/oidc.envOIDC_RP_CLIENT_ID=<your-new-client-id>
OIDC_RP_CLIENT_SECRET=<your-new-client-secret>
LOGIN_REDIRECT_URL=<your_host>/esap-gui/login
LOGOUT_REDIRECT_URL=<your_host>/esap-gui/logout
LOGIN_REDIRECT_URL_FAILURE=<your_host>/esap-gui/errorSTEP 3 (automatic) - run_esap.sh
curl -fsSL https://git.astron.nl/astron-sdc/esap-api-gateway/-/raw/master/esap/deploy/run_esap.sh -o run_esap.sh && chmod +x run_esap.sh && ./run_esap.shThis builds the frontend and spins up the Docker containers
STEP 4 (manual) - adding a superuser for the admin app
You can use the Django admin app to change the configuration of ESAP. (See the 'ESAP configuration' documentation). But you need to create a 'superuser' with admin rights for that.
Execute the following docker command to create a superuser with admin rights and follow the instructions on screen. Note that this is not your IAM account, it is recommended to create a user 'admin' for this.
docker exec -it esap_api_gateway python manage.py createsuperuser --settings=esap.settings.dockerYou should now be able to login with the superuser that you just created:
- admin app:
<your_host>/esap-api/admin/
Testing:
docker container ls should show the 2 containers
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26439ee6c80d esap_gui:latest "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 0.0.0.0:80->80/tcp esap_gui
e3d8162e444a esap_api_gateway:latest "/bin/sh -c 'exec gu…" 16 minutes ago Up 16 minutes 8000/tcp esap_api_gateway- backend:
<your_host>/esap-api/query/ - frontend:
<your_host>/esap-gui/
Updates
If you want to update your ESAP installation then you can rerun the two script commands.
This will not override your databases and configuration in the ~/esap_shared directory, unless you first delete them manually.
curl -fsSL https://git.astron.nl/astron-sdc/esap-api-gateway/-/raw/master/esap/deploy/install_esap.sh -o install_esap.sh && chmod +x install_esap.sh && ./install_esap.shcurl -fsSL https://git.astron.nl/astron-sdc/esap-api-gateway/-/raw/master/esap/deploy/run_esap.sh -o run_esap.sh && chmod +x run_esap.sh && ./run_esap.sh