... | ... | @@ -30,7 +30,31 @@ As described in the [architecture](architecture) page, there are several compone |
|
|
|
|
|
The Node application (API and queue processing) is the [certcache](https://code.stanford.edu/et/certcache/) repository.
|
|
|
|
|
|
The AWS API Gateway and SQS configuration is handled by [Terraform](https://terraform.io) using a custom [certcache](https://code.stanford.edu/tf_modules/certcache) module; for IT Lab the general configuration is in the [pacific-aws](https://code.stanford.edu/et/pacific-aws/) project.
|
|
|
The AWS API Gateway and SQS configuration is handled by [Terraform](https://terraform.io) using a custom [certcache](https://code.stanford.edu/tf_modules/certcache) module. The definition in our various environments should look like:
|
|
|
|
|
|
### `itlab` certcache
|
|
|
|
|
|
module "certcache" {
|
|
|
source = "git://code.stanford.edu/tf_modules/certcache.git"
|
|
|
stages = [ "itlab" ]
|
|
|
role_name = "hosting"
|
|
|
}
|
|
|
|
|
|
### `authnz-x` certcache
|
|
|
|
|
|
module "certcache" {
|
|
|
source = "git://code.stanford.edu/tf_modules/certcache.git"
|
|
|
stages = [ "dev", "test", "int", "uat" ]
|
|
|
role_name = "authnz-x-worker"
|
|
|
}
|
|
|
|
|
|
### `authnz` certcache
|
|
|
|
|
|
module "certcache" {
|
|
|
source = "git://code.stanford.edu/tf_modules/certcache.git"
|
|
|
stages = [ "prod" ]
|
|
|
role_name = "authnz-prod-worker"
|
|
|
}
|
|
|
|
|
|
The container image is built on a base Debian Stretch + NodeJS [image](https://code.stanford.edu/et/core-node/), using a [Packer](https://packer.io/) [build project](https://code.stanford.edu/et/core-certcache/).
|
|
|
|
... | ... | @@ -38,6 +62,8 @@ The container image is built on a base Debian Stretch + NodeJS [image](https://c |
|
|
|
|
|
The CertCache image is currently run as a container using [fleet](https://github.com/coreos/fleet) unit; it will migrate to [Kubernetes](https://kubernetes.io/) in the near future. The unit file is used to start and stop the container, and to register the container with a load balancer (the LB is also used for SSL offload).
|
|
|
|
|
|
*NOTE*: certcache has not yet been tested in a load balanced pool, so only one instance should be run in each environment.
|
|
|
|
|
|
The unit definition is in the [itlab-apps](https://code.stanford.edu/et/itlab-apps) project as [certcache/units/certcache.service](https://code.stanford.edu/et/itlab-apps/blob/master/certcache/units/certache.service), along with an [envvars](https://code.stanford.edu/et/itlab-apps/blob/master/certcache/envvars) file to define the runtime environment.
|
|
|
|
|
|
CertCache uses the following environment variables
|
... | ... | |