Dockerize Identus (#85)

Signed-off-by: FabioPinheiro <[email protected]>

README.md

@@ -4,7 +4,10 @@ Identus provides components to develop decentralized identity solutions that adh
 
 ## Quick Start Guide and Documentation
 
-To quickly get up and running and explore the project's capabilities, please look at the ⚡[Quick Start Guide](https://hyperledger.github.io/identus-docs/docs/quick-start/). You can also find more details by reading the project 📄[Documentation](https://hyperledger.github.io/identus-docs/).
+To quickly get up and running and explore the project's capabilities:
+- Follow the instructions in 💻 [dockerize-identus.md](identus-docker/dockerize-identus.md) to have a local environment up and running.
+- Try the ⚡[Quick Start Guide](https://hyperledger.github.io/identus-docs/docs/quick-start/) to explore the capabilities of Identus step by step.
+- Find more details about any topic you need by reading the project's 📄 [Documentation](https://hyperledger.github.io/identus-docs/).
 
 ## Project Roadmap 
 

identus-docker/docker-compose.yaml

@@ -0,0 +1,127 @@
+services:
+  db:
+    image: postgres:13
+    environment:
+      POSTGRES_MULTIPLE_DATABASES: "pollux,connect,agent,node_db"
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    volumes:
+      - pg_data_db:/var/lib/postgresql/data
+      - ./postgres-init-script.sh:/docker-entrypoint-initdb.d/init-script.sh
+      - ./postgres-max_conns.sql:/docker-entrypoint-initdb.d/max_conns.sql
+    healthcheck:
+      test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "agent" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  prism-node:
+    image: ghcr.io/input-output-hk/prism-node:2.4.1
+    environment:
+      NODE_PSQL_HOST: db:5432
+      NODE_REFRESH_AND_SUBMIT_PERIOD:
+      NODE_MOVE_SCHEDULED_TO_PENDING_PERIOD:
+      NODE_WALLET_MAX_TPS:
+        # NODE_PSQL_USERNAME: postgres
+        # NODE_PSQL_HOST: database-prism-node.cluster-cv1pad4ulozd.eu-central-1.rds.amazonaws.com:5432
+        # NODE_PSQL_PASSWORD: Gu3sa7hJEIu4URQSZcH4
+        # NODE_PSQL_DATABASE: postgres
+    depends_on:
+      db:
+        condition: service_healthy
+
+  cloud-agent:
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.40.0
+    ports:
+      - "8085:8085" # API endpoint
+      - "8090:8090" # DIDComm endpoint
+    environment:
+      POLLUX_DB_HOST: db
+      POLLUX_DB_PORT: 5432
+      POLLUX_DB_NAME: pollux
+      POLLUX_DB_USER: postgres
+      POLLUX_DB_PASSWORD: postgres
+      CONNECT_DB_HOST: db
+      CONNECT_DB_PORT: 5432
+      CONNECT_DB_NAME: connect
+      CONNECT_DB_USER: postgres
+      CONNECT_DB_PASSWORD: postgres
+      AGENT_DB_HOST: db
+      AGENT_DB_PORT: 5432
+      AGENT_DB_NAME: agent
+      AGENT_DB_USER: postgres
+      AGENT_DB_PASSWORD: postgres
+      PRISM_NODE_HOST: prism-node
+      PRISM_NODE_PORT: 50053
+      POLLUX_STATUS_LIST_REGISTRY_PUBLIC_URL: http://cloud-agent:8085
+      DIDCOMM_SERVICE_URL: http://cloud-agent:8090
+      REST_SERVICE_URL: http://cloud-agentl:8085
+      # VAULT_ADDR:
+      # VAULT_TOKEN:
+      SECRET_STORAGE_BACKEND: postgres
+      DEV_MODE: true
+      # DEFAULT_WALLET_ENABLED:
+      # DEFAULT_WALLET_SEED:
+      # DEFAULT_WALLET_WEBHOOK_URL:
+      # DEFAULT_WALLET_WEBHOOK_API_KEY:
+      # DEFAULT_WALLET_AUTH_API_KEY:
+      # GLOBAL_WEBHOOK_URL:
+      # GLOBAL_WEBHOOK_API_KEY:
+      # WEBHOOK_PARALLELISM:
+      # ADMIN_TOKEN:
+      # API_KEY_SALT:
+      API_KEY_ENABLED: false
+      # API_KEY_AUTHENTICATE_AS_DEFAULT_USER:
+      # API_KEY_AUTO_PROVISIONING:
+    depends_on:
+      db:
+        condition: service_healthy
+      prism-node:
+        condition: service_started
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://cloud-agent:8085/_system/health" ]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+
+  ################
+  ### MEDIATOR ###
+  ################
+
+  mongo:
+    image: mongo:6.0
+    ports:
+      - "27017:27017"
+    command: [ "--auth" ]
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=admin
+      - MONGO_INITDB_ROOT_PASSWORD=admin
+      - MONGO_INITDB_DATABASE=mediator
+    volumes:
+      - ./mongo-initdb.js:/docker-entrypoint-initdb.d/initdb.js
+
+  identus-mediator:
+    image: ghcr.io/hyperledger/identus-mediator:1.0.0
+    ports:
+      - "8080:8080"
+    environment:
+      # Creates the identity:
+      # These keys are for demo purpose only for production deployments generate keys
+      # Please follow the README file in the Mediator repository for guidelines on How to generate JWK format keys
+      # KEY_AGREEMENT KEY_AUTHENTICATION are using format JOSE(JWK) OKP type base64urlsafe encoded keys
+      - KEY_AGREEMENT_D=Z6D8LduZgZ6LnrOHPrMTS6uU2u5Btsrk1SGs4fn8M7c
+      - KEY_AGREEMENT_X=Sr4SkIskjN_VdKTn0zkjYbhGTWArdUNE4j_DmUpnQGw
+      - KEY_AUTHENTICATION_D=INXCnxFEl0atLIIQYruHzGd5sUivMRyQOzu87qVerug
+      - KEY_AUTHENTICATION_X=MBjnXZxkMcoQVVL21hahWAw43RuAG-i64ipbeKKqwoA
+      - SERVICE_ENDPOINTS=http://identus-mediator:8080;ws://identus-mediator:8080/ws
+      - MONGODB_USER=admin
+      - MONGODB_PASSWORD=admin
+      - MONGODB_PROTOCOL=mongodb
+      - MONGODB_HOST=mongo
+      - MONGODB_PORT=27017
+      - MONGODB_DB_NAME=mediator
+    depends_on:
+      - "mongo"
+
+volumes:
+  pg_data_db:

identus-docker/dockerize-identus.md

@@ -0,0 +1,79 @@
+# Dockerize Identus
+
+This Docker Compose setup includes five containers with the following names:
+
+- `identus-docker-cloud-agent-1`
+- `identus-docker-mongo-1`
+- `identus-docker-prism-node-1`
+- `identus-docker-db-1`
+- `identus-docker-identus-mediator-1`
+
+## Useful Commands
+
+### Start the Identus
+
+- `docker compose up` - Starts the containers and creates any necessary volumes.
+- `docker compose up -d` - Starts the containers in the background and creates any necessary volumes.
+
+### Stop the Identus
+
+- `docker compose stop` - Stops the containers.
+- `docker compose down` - Removes the containers.
+- `docker compose down -v` - Removes the containers and deletes the volumes (all data in the database will be lost).
+
+### Inspect Containers
+
+- `docker ps -a` - Shows all containers.
+
+## Network
+
+This Docker Compose setup creates a default network in bridge mode to the host machine, called `identus-docker_default`. It binds ports `8080`, `8085` and `8090` to the host machine, making them accessible externally.
+
+All other services are not exposed directly to the host. For example, the Cloud Agent service communicates directly with the PRISM node within this internal network.
+
+To access the Cloud Agent REST API and the DIDComm endpoint, use the open ports on the host machine. Note that name resolution is crucial for DIDComm to function correctly.
+
+### Name Resolution to IP
+
+The name `cloud-agent` is also the hostname of the Cloud Agent's Docker instance. However, from outside the Docker network (on the host machine), the name `cloud-agent` is not resolvable.
+
+We use that hostname for Out-of-Band (OOB) invitations and other tasks by configuring environment variables as follows:
+
+```
+DIDCOMM_SERVICE_URL: http://cloud-agent:8090
+REST_SERVICE_URL: http://cloud-agent:8085
+```
+
+The same applies to the Identus Mediator, using the following environment variable:
+
+```
+SERVICE_ENDPOINTS=http://identus-mediator:8080;ws://identus-mediator:8080/ws
+```
+
+---
+
+### **IMPORTANT NOTE**
+
+To use the OOB invitation, the names must be resolvable. If you are running or developing an application on the host machine, it's necessary to define those names. The easiest way to achieve this is by adding entries to the `/etc/hosts` file, like so:
+
+```
+127.0.0.1	localhost cloud-agent identus-mediator
+```
+
+### Ports
+
+This Docker image will only open three ports:
+
+- `8080` - Mediator: DIDComm endpoint.
+- `8085` - Cloud Agent: API endpoint for the Agent API.
+- `8090` - Cloud Agent: DIDComm endpoint.
+
+The port `8085` should not be publicly accessible.
+
+### Considerations for Other Network Drivers
+
+Other Docker network drivers, like `macvlan`, could be useful for running multiple instances for testing purposes, making them appear as different machines on your local network. However, these drivers are not supported on Docker Desktop for Mac and Windows.
+
+---
+
+Let me know if there are any specific adjustments or additional sections you'd like to add!

identus-docker/mongo-initdb.js

@@ -0,0 +1,37 @@
+db.createUser({
+    user: "admin",
+    pwd: "admin",
+    roles: [
+        { role: "readWrite", db: "mediator" }
+    ]
+});
+
+const database = 'mediator';
+const collectionDidAccount = 'user.account';
+const collectionMessages = 'messages';
+const collectionMessagesSend = 'messages.outbound';
+
+// The current database to use.
+use(database);
+
+// Create  collections.
+db.createCollection(collectionDidAccount);
+db.createCollection(collectionMessages);
+db.createCollection(collectionMessagesSend);
+
+//create index
+db.getCollection(collectionDidAccount).createIndex({ 'did': 1 }, { unique: true });
+// Only enforce uniqueness on non-empty arrays
+db.getCollection(collectionDidAccount).createIndex({ 'alias': 1 }, { unique: true, partialFilterExpression: { "alias.0": { $exists: true } } });
+db.getCollection(collectionDidAccount).createIndex({ "messagesRef.hash": 1, "messagesRef.recipient": 1 });
+
+// There are 2 message types  `Mediator`  and `User` Please follow the Readme for more details in the section Mediator storage
+const expireAfterSeconds = 7 * 24 * 60 * 60; // 7 day * 24 hours * 60 minutes * 60 seconds
+db.getCollection(collectionMessages).createIndex(
+    { ts: 1 },
+    {
+        name: "message-ttl-index",
+        partialFilterExpression: { "message_type": "Mediator" },
+        expireAfterSeconds: expireAfterSeconds
+    }
+)

identus-docker/postgres-init-script.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+set -u
+
+function create_user_and_database() {
+	local database=$1
+	local app_user=${database}-application-user
+	echo "  Creating user and database '$database'"
+
+	# Check if user exists
+	user_exists=$(psql -U "$POSTGRES_USER" -tAc "SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = '$app_user'")
+	if [ "$user_exists" != "1" ]; then
+		psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+			      CREATE USER "$app_user" WITH PASSWORD 'password';
+		EOSQL
+	else
+		echo "  User '$app_user' already exists, skipping creation."
+	fi
+
+	# Check if database exists
+	db_exists=$(psql -U "$POSTGRES_USER" -tAc "SELECT 1 FROM pg_database WHERE datname = '$database'")
+	if [ "$db_exists" != "1" ]; then
+		psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+			        CREATE DATABASE $database;
+		EOSQL
+	else
+		echo "  Database '$database' already exists, skipping creation."
+	fi
+
+	# Grant privileges
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+		      \c $database
+		      ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO "$app_user";
+	EOSQL
+}
+
+if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
+	echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
+	for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
+		create_user_and_database $db
+	done
+	echo "Multiple databases created"
+fi

identus-docker/postgres-max_conns.sql

@@ -0,0 +1 @@
+ALTER SYSTEM SET max_connections = 500;