-
Notifications
You must be signed in to change notification settings - Fork 3
Manual Setup
To set up the system manually, you need to know the following two things:
- How to run the different components
- Hot to initially configure them
This section aims to answer both topics.
To run Acheron, please clone the repo and either use your IDE or run ./mvnw spring-boot:run.
You need to export the following enviornment variables, the values of which you get from Hydra. See the configuration section below.
OAUTH2_CLIENT_ID=7f15f8b8-98d5-4d25-bb1b-d45614766e03
OAUTH2_CLIENT_SECRET=YCWwEAqnogn(O0uBFrqh$_9hsR
By default, Acheron runs on ports 8080 and 9090. The first port is the server port, used for serving the APIs. The second one is the admin port, used for configuration requests. You can change the server and admin ports by exporting the SERVER_PORT and ADMIN_PORT environment variables, respectively.
For example:
SERVER_PORT=9000 ./mvnw spring-boot:run
If you want to run a single instance, you can export SPRING_CLOUD_BUS_ENABLED=false to remove the need for the broker. In that case, do not run RabbitMQ.
$ docker run --name acheron_cassandra -p 9042:9042 -d cassandra:3.9
docker run -d --hostname acheron_rabbit_1 --name acheron_rabbit -p 5672:5672 -p 15672:15672 rabbitmq:3-management
First time:
$ SYSTEM_SECRET=awesomesecretthatislongenoughtonotbeignored docker-compose up
From then on:
$ SYSTEM_SECRET=awesomesecretthatislongenoughtonotbeignored docker-compose start
Acheron stores configuration in Apache Cassandra. To create the store, simply run the following command in the project's root:
$ docker exec acheron_cassandra cqlsh --request-timeout=3600 -e "$(cat src/main/db/cassandra/ddl.cql)"
Add the Hydra route via the /admin/routes endpoint, making sure you replace the URLs should you have a different set up:
$ curl -i -X POST -H "Content-Type: application/json" -d '{
"id": "hydra_realm1",
"http_methods": [
"POST"
],
"path": "/hydra/realm1/**",
"service_id": "hydra_realm1",
"url": "http://localhost:4444",
"keep_prefix": false,
"retryable": false,
"override_sensitive_headers": true,
"sensitive_headers": []
}' "http://localhost:9090/admin/routes"
You need to create an OAuth2 client to allow Acheron to make requests to Hydra.
Connect to Hydra:
$ docker exec -i -t hydra_hydra_1 /bin/bash
Create the Acheron client:
$ hydra clients create -n "acheron" \
-g client_credentials \
-r token \
-a hydra.clients
Client ID: 991635e3-c17a-4960-90f1-9908d4a8b333
Client Secret: ihLMuaB59cGkAqqD,pxKd&4LBL
The client ID and client secret need to be exported as environment variables prior to running Acheron. See the instructions for running Acheron.
Create a policy that gives the permission to Acheron to create OAuth2 clients. Replace <client_id> with the client ID obtained in the previous step:
$ hydra policies create --allow \
-a "create,delete" \
-r "rn:hydra:clients,rn:hydra:clients:<.*>" \
-s "<client_id>"