Skip to content

Commit

Permalink
Docker compose config for demo CTFE
Browse files Browse the repository at this point in the history
The previous instructions have rotted and no longer work. This aims to fill in the gap of a HelloWorld deployment for CTFE. This is explicitly NOT a guide on how to deploy this in a production setting. This is a docker version of the updated instructions from #1061
  • Loading branch information
mhutchinson authored and roger2hk committed Apr 30, 2023
1 parent 6924af8 commit 51858e4
Show file tree
Hide file tree
Showing 3 changed files with 160 additions and 0 deletions.
73 changes: 73 additions & 0 deletions trillian/examples/deployment/docker/ctfe/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Dockerized Test Deployment

This brings up a CTFE with its own trillian instance and DB server for users to
get a feel for how deploying CTFE works. This is not recommended as a way of
serving production logs!

## Requirements

- Docker and Docker Compose Plugin
- go tooling
- git checkouts of:
- github.com/google/trillian
- github.com/google/certificate-transparency-go

The instructions below assume you've checked out the repositories within
`~/git/`, but if you have them in another location then just use a different
path when you run the command.

## Deploying

We will use 2 terminal sessions to the machine you will use for hosting the
docker containers. Each of the code stanzas below will state which terminal to
use. This makes it easier to see output logs and to avoid repeatedly changing
directory.

First bring up the trillian instance and the database:

```bash
# Terminal 1
cd ~/git/certificate-transparency-go/trillian/examples/deployment/docker/ctfe/
docker compose up
```

This brings up everything except the CTFE. Now to provision the logs.

```bash
# Terminal 2
cd ~/git/trillian/
docker exec -i ctfe_db_1 mysql -pzaphod -Dtest < ./storage/mysql/schema/storage.sql
```

The CTFE requires some configuration files. First prepare a directory containing
these, and expose it as a docker volume. These instructions prepare this config
at `/tmp/ctfedocker` but if you plan on keeping this test instance alive for
more than a few hours then pick a less temporary location on your filesystem.

```bash
# Terminal 2
CTFE_CONF_DIR=/tmp/ctfedocker
mkdir ${CTFE_CONF_DIR}
TREE_ID=$(go run github.com/google/trillian/cmd/createtree@master --admin_server=localhost:8090)
sed "s/@TREE_ID@/$TREE_ID/" ~/git/certificate-transparency-go/trillian/examples/deployment/docker/ctfe/ct_server.cfg > ${CTFE_CONF_DIR}/ct_server.cfg
cp ./trillian/testdata/fake-ca.cert ${CTFE_CONF_DIR}
docker volume create --driver local --opt type=none --opt device=${CTFE_CONF_DIR}--opt o=bind ctfe_config
```

Now that this configuration is available, you can bring up the CTFE:

```bash
# Terminal 1
<Ctrl C> # kill the previous docker compose up command
docker compose --profile frontend up
```

This will bring up the whole stack. Assuming there are no errors in the log,
then the following command should return an empty tree head with HTTP status
code 200:

```bash
# Terminal 2
curl -i localhost:8080/testlog/ct/v1/get-sth
```

15 changes: 15 additions & 0 deletions trillian/examples/deployment/docker/ctfe/ct_server.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
config {
log_id: @TREE_ID@
prefix: "testlog"
roots_pem_file: "/ctfe-config/fake-ca.cert"
public_key: {
der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b"
}
private_key: {
[type.googleapis.com/keyspb.PrivateKey] {
der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xd8\x8a\x49\xa2\x15\x3c\xbe\xb5\xb7\x6c\x63\xdc\xfd\xc0\x36\x64\x24\x88\xc3\x57\x9d\xfa\xd4\xa8\x70\x78\x32\x72\x29\x1a\xb1\x6f\xa1\x44\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b"
}
}
max_merge_delay_sec: 86400
expected_merge_delay_sec: 120
}
72 changes: 72 additions & 0 deletions trillian/examples/deployment/docker/ctfe/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
version: "3.1"

services:
db:
image: mariadb
restart: always
environment:
- MYSQL_ROOT_PASSWORD=zaphod
- MYSQL_DATABASE=test
- MYSQL_USER=test
- MYSQL_PASSWORD=zaphod
ports:
- "3306:3306"
healthcheck:
test: mysql --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --silent --execute "SHOW DATABASES;"
interval: 3s
timeout: 2s
retries: 5

trillian-log-server:
image: gcr.io/trillian-opensource-ci/log_server
command: [
"--storage_system=mysql",
"--mysql_uri=test:zaphod@tcp(db:3306)/test",
"--rpc_endpoint=0.0.0.0:8090",
"--http_endpoint=0.0.0.0:8091",
"--alsologtostderr",
]
restart: always
ports:
- "8090:8090"
- "8091:8091"
depends_on:
- db

trillian-log-signer:
image: gcr.io/trillian-opensource-ci/log_signer
command: [
"--storage_system=mysql",
"--mysql_uri=test:zaphod@tcp(db:3306)/test",
"--rpc_endpoint=0.0.0.0:8090",
"--http_endpoint=0.0.0.0:8091",
"--force_master",
"--alsologtostderr",
]
restart: always
ports:
- "8092:8091"
depends_on:
- db
- trillian-log-server

ctfe:
image: gcr.io/trillian-opensource-ci/ctfe
profiles: ["frontend"]
command: [
"--log_rpc_server=trillian-log-server:8090",
"--log_config=/ctfe-config/ct_server.cfg",
"--http_endpoint=0.0.0.0:8091",
"--alsologtostderr",
]
restart: always
ports:
- "8080:8091"
volumes:
- ctfe_config:/ctfe-config:ro
depends_on:
- trillian-log-server

volumes:
ctfe_config:
external: true

0 comments on commit 51858e4

Please sign in to comment.