Open-zaak en open-notificaties docker-compose setup

Amsterdam · Jan 31, 2022 · b744293 · b744293
1 parent 1ffb2cb
commit b744293
Show file tree

Hide file tree

Showing 21 changed files with 11,541 additions and 0 deletions.
diff --git a/open-zaak/.gitignore b/open-zaak/.gitignore
@@ -0,0 +1,5 @@
+.idea
+.pyc
+__pycache__/
+.vscode/
+.DS_Store
diff --git a/open-zaak/Jenkinsfile b/open-zaak/Jenkinsfile
@@ -0,0 +1,110 @@
+#!groovy
+
+def tag_image_as(docker_image_url, tag) {
+  // Tag image, push to repo, remove local tagged image
+  script {
+    docker.image("${docker_image_url}:${env.COMMIT_HASH}").push(tag)
+    sh "docker rmi ${docker_image_url}:${tag} || true"
+  }
+}
+
+def deploy(app_name, environment) {
+  // Deploys the app to the given environment
+  build job: 'Subtask_Openstack_Playbook',
+    parameters: [
+        [$class: 'StringParameterValue', name: 'INVENTORY', value: environment],
+        [$class: 'StringParameterValue', name: 'PLAYBOOK', value: 'deploy.yml'],
+        [$class: 'StringParameterValue', name: 'PLAYBOOKPARAMS', value: "-e cmdb_id=app_${app_name}"],
+    ]
+}
+
+def tag_and_deploy(docker_image_url, app_name, environment) {
+  // Tags the Docker with the environment, en deploys to the same environment
+  script {
+    tag_image_as(docker_image_url, environment)
+    deploy(app_name, environment)
+  }
+}
+
+def build_image(docker_image_url, source) {
+  // Builds the image given the source, and pushes it to the Amsterdam Docker registry
+  script {
+    def image = docker.build("${docker_image_url}:${env.COMMIT_HASH}",
+      "--no-cache " +
+      "--shm-size 1G " +
+      "--build-arg COMMIT_HASH=${env.COMMIT_HASH} " +
+      "--build-arg BRANCH_NAME=${env.BRANCH_NAME} " +
+      " ${source}")
+    image.push()
+    tag_image_as(docker_image_url, "latest")
+  }
+}
+
+def remove_image(docker_image_url) {
+    // delete original image built on the build server
+    script {
+      sh "docker rmi ${docker_image_url}:${env.COMMIT_HASH} || true"
+    }
+}
+
+pipeline {
+  agent any
+  environment {
+    PRODUCTION = "production"
+    ACCEPTANCE = "acceptance"
+
+    OPEN_ZAAK_IMAGE_URL = "${DOCKER_REGISTRY_NO_PROTOCOL}/open-zaak"
+    OPEN_ZAAK_SOURCE = "./open-zaak"
+    OPEN_ZAAK_NAME = "open-zaak"
+
+    OPEN_NOTIFICATIES_IMAGE_URL = "${DOCKER_REGISTRY_NO_PROTOCOL}/open-notificaties"
+    OPEN_NOTIFICATIES_SOURCE = "./open-notificaties"
+    OPEN_NOTIFICATIES_NAME = "open-notificaties"
+
+  }
+
+  stages {
+    stage("Checkout") {
+      steps {
+        checkout scm
+        script {
+          env.COMMIT_HASH = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
+        }
+      }
+    }
+
+    stage("Build docker images") {
+      steps {
+        build_image(env.OPEN_ZAAK_IMAGE_URL, env.OPEN_ZAAK_SOURCE)
+        build_image(env.OPEN_NOTIFICATIES_IMAGE_URL, env.OPEN_NOTIFICATIES_SOURCE)
+      }
+    }
+
+    stage("Push and deploy acceptance images") {
+      when {
+        not { buildingTag() }
+        branch 'master'
+      }
+      steps {
+        tag_and_deploy(env.OPEN_ZAAK_IMAGE_URL, env.OPEN_ZAAK_NAME, env.ACCEPTANCE)
+        tag_and_deploy(env.OPEN_NOTIFICATIES_IMAGE_URL, env.OPEN_NOTIFICATIES_NAME, env.ACCEPTANCE)
+      }
+    }
+
+    stage("Push and deploy production images") {
+      // Only deploy to production if there is a tag
+      when { buildingTag() }
+      steps {
+        tag_and_deploy(env.OPEN_ZAAK_IMAGE_URL, env.OPEN_ZAAK_NAME, env.PRODUCTION)
+        tag_and_deploy(env.OPEN_NOTIFICATIES_IMAGE_URL, env.OPEN_NOTIFICATIES_NAME, env.PRODUCTION)
+      }
+    }
+  }
+
+  post {
+    always {
+        remove_image(env.OPEN_ZAAK_IMAGE_URL)
+        remove_image(env.OPEN_NOTIFICATIES_IMAGE_URL)
+    }
+  }
+}
diff --git a/open-zaak/config/cmis_mapper.json b/open-zaak/config/cmis_mapper.json
@@ -0,0 +1,62 @@
+{
+    "ZAAKTYPE_MAP": {
+        "object_type_id": "cmis:objectTypeId",
+        "url": "drc:zaaktype__url",
+        "identificatie": "drc:zaaktype__identificatie"
+    },
+    "ZAAK_MAP": {
+        "object_type_id": "cmis:objectTypeId",
+        "url": "drc:zaak__url",
+        "identificatie": "drc:zaak__identificatie",
+        "zaaktype": "drc:zaak__zaaktypeurl",
+        "bronorganisatie": "drc:zaak__bronorganisatie"
+    },
+    "DOCUMENT_MAP": {
+        "object_type_id": "cmis:objectTypeId",
+        "uuid": "drc:document__uuid",
+        "bronorganisatie": "drc:document__bronorganisatie",
+        "identificatie": "drc:document__identificatie",
+        "titel": "drc:document__titel",
+        "bestandsnaam": "drc:document__bestandsnaam",
+        "formaat": "drc:document__formaat",
+        "bestandsomvang": "cmis:contentStreamLength",
+        "versie": "drc:document__versie",
+        "beschrijving": "drc:document__beschrijving",
+        "verzenddatum": "drc:document__verzenddatum",
+        "taal": "drc:document__taal",
+        "indicatie_gebruiksrecht": "drc:document__indicatiegebruiksrecht",
+        "verwijderd": "drc:document__verwijderd",
+        "status": "drc:document__status",
+        "ontvangstdatum": "drc:document__ontvangstdatum",
+        "informatieobjecttype": "drc:document__informatieobjecttype",
+        "auteur": "drc:document__auteur",
+        "vertrouwelijkheidaanduiding": "drc:document__vertrouwelijkaanduiding",
+        "begin_registratie": "drc:document__begin_registratie",
+        "integriteit_algoritme": "drc:document__integriteitalgoritme",
+        "integriteit_datum": "drc:document__integriteitdatum",
+        "integriteit_waarde": "drc:document__integriteitwaarde",
+        "ondertekening_soort": "drc:document__ondertekeningsoort",
+        "ondertekening_datum": "drc:document__ondertekeningdatum",
+        "link": "drc:document__link",
+        "creatiedatum": "drc:document__creatiedatum",
+        "lock": "drc:document__lock",
+        "kopie_van": "drc:kopie_van"
+    },
+    "OBJECTINFORMATIEOBJECT_MAP": {
+        "object_type_id": "cmis:objectTypeId",
+        "uuid": "drc:oio__uuid",
+        "object_type": "drc:oio__object_type",
+        "besluit": "drc:oio__besluit",
+        "zaak": "drc:oio__zaak",
+        "informatieobject": "drc:oio__informatieobject"
+    },
+    "GEBRUIKSRECHTEN_MAP": {
+        "object_type_id": "cmis:objectTypeId",
+        "uuid": "drc:gebruiksrechten__uuid",
+        "einddatum": "drc:gebruiksrechten__einddatum",
+        "omschrijving_voorwaarden": "drc:gebruiksrechten__omschrijving_voorwaarden",
+        "informatieobject": "drc:gebruiksrechten__informatieobject",
+        "startdatum": "drc:gebruiksrechten__startdatum",
+        "kopie_van": "drc:gebruiksrechten__kopie_van"
+    }
+}
diff --git a/open-zaak/docker-compose.yml b/open-zaak/docker-compose.yml
@@ -0,0 +1,113 @@
+version: "3.5"
+
+services:
+  db:
+    image: mdillon/postgis
+    ports:
+      - 5432:5432
+    environment:
+      - POSTGRES_HOST_AUTH_METHOD=trust
+      - POSTGRES_DB=openzaak
+      - POSTGRES_USER=openzaak
+      - POSTGRES_PASSWORD=openzaak
+    networks:
+      - open_zaken_network
+    volumes:
+      - ./docker/postgres.entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
+      - openzaak-data:/var/lib/postgresql/data
+
+  redis:
+    image: redis
+    ports:
+      - 6379:6379
+    networks:
+      - open_zaken_network
+      - zaken_network
+
+  rabbitmq:
+    image: rabbitmq:3.7-alpine
+    environment:
+      - RABBITMQ_DEFAULT_USER=guest
+      - RABBITMQ_DEFAULT_PASS=guest
+    networks:
+      - open_zaken_network
+
+  openzaak_local:
+    image: openzaak/open-zaak
+    networks:
+      - open_zaken_network
+      - zaken_network
+    ports:
+      - 80:8000
+    env_file:
+      - ./open-zaak/.env
+    depends_on:
+      - db
+      - redis
+    volumes:
+      - ./config:/app/config
+      - ./open-zaak/db:/app/src/db
+
+  #
+  # OPEN NOTIFICATIES
+  #
+
+  open_notificaties_database:
+    image: mdillon/postgis
+    ports:
+      - 5433:5432
+    env_file:
+      - open-notificaties/.env
+    environment:
+      - POSTGRES_HOST_AUTH_METHOD=trust
+      - POSTGRES_DB=open_notificaties
+      - POSTGRES_USER=openzaak
+      - POSTGRES_PASSWORD=openzaak
+    networks:
+      - open_zaken_network
+    volumes:
+      - open-notificaties-data:/var/lib/postgresql/data
+
+  open_notificaties_celery:
+    image: openzaak/open-notificaties
+    command: /celery_worker.sh
+    env_file:
+      - open-notificaties/.env
+    environment:
+      - DJANGO_SETTINGS_MODULE=nrc.conf.docker
+      - CACHE_DEFAULT=redis:6379/0
+      - CACHE_AXES=redis:6379/1
+      - RABBITMQ_HOST=rabbitmq
+      - PUBLISH_BROKER_URL=amqp://guest:guest@rabbitmq:5672//
+      - CELERY_BROKER_URL=amqp://guest:guest@rabbitmq:5672//
+      - CELERY_RESULT_BACKEND=amqp://guest:guest@rabbitmq:5672//
+      - CELERY_LOGLEVEL=DEBUG
+      - SUBPATH=${SUBPATH:-/}
+    networks:
+      - open_zaken_network
+    depends_on:
+      - open_notificaties_database
+      - redis
+      - rabbitmq
+
+  open_notificaties:
+    image: openzaak/open-notificaties
+    ports:
+      - 8888:8000
+    env_file:
+      - open-notificaties/.env
+    networks:
+      - open_zaken_network
+    depends_on:
+      - open_notificaties_database
+      - redis
+
+networks:
+  zaken_network:
+    external: true
+  open_zaken_network:
+    external: true
+
+volumes:
+  openzaak-data:
+  open-notificaties-data:
diff --git a/open-zaak/docker/alfresco/alfresco-global.properties b/open-zaak/docker/alfresco/alfresco-global.properties
@@ -0,0 +1,52 @@
+# Required to isolate logs folder
+dir.root=/usr/local/tomcat/alf_data
+
+# Copied from https://github.com/Alfresco/acs-community-packaging/blob/master/docker-alfresco/Dockerfile
+alfresco-pdf-renderer.root=/usr/bin/
+alfresco-pdf-renderer.exe=${alfresco-pdf-renderer.root}/alfresco-pdf-renderer
+
+# Disabled below
+# jodconverter.enabled=true
+# jodconverter.portNumbers=8100
+# jodconverter.officeHome=/opt/libreoffice5.4/
+
+img.root=/usr/lib64/ImageMagick-7.0.7
+img.coders=/usr/lib64/ImageMagick-7.0.7/modules-Q16HDRI/coders
+img.config=/usr/lib64/ImageMagick-7.0.7/config-Q16HDRI
+img.exe=/usr/bin/convert
+
+# Smart Folders Config Properties
+smart.folders.enabled=true
+
+# Trashcan cleaner
+trashcan-cleaner.cron=0 30 * * * ?
+trashcan-cleaner.keepPeriod=P1D
+
+# Required if you are using CMIS Client
+alfresco.restApi.basicAuthScheme=true
+
+# Disable some stuff that is not needed.
+audit.enabled=true
+audit.alfresco-access.enabled=true
+audit.cmischangelog.enabled=true
+replication.enabled=false
+ftp.enabled=false
+nfs.enabled=false
+cifs.enabled=false
+lucene.indexer.cacheEnabled=false
+lucene.indexer.contentIndexingEnabled=false
+sync.mode=OFF
+syncService.mode=OFF
+activities.feed.notifier.enabled=false
+activities.feed.max.ageMins=60
+ooo.enabled=false
+jodconverter.enabled=false
+db.schema.update=true
+index.recovery.mode=AUTO
+system.thumbnail.generate=false
+index.subsystem.name=solr4
+trashcan-cleaner.deleteBatchCount=1000
+system.content.eagerOrphanCleanup=true
+org.alfresco.integrations.google.docs=false
+org.alfresco.integrations.share.google.docs=false
+alfresco.index.transformContent=false
diff --git a/open-zaak/docker/postgres.entrypoint-initdb.d/0001-open-zaak.sql b/open-zaak/docker/postgres.entrypoint-initdb.d/0001-open-zaak.sql
@@ -0,0 +1,3 @@
+-- CREATE USER openzaak;
+-- CREATE DATABASE openzaak;
+-- GRANT ALL PRIVILEGES ON DATABASE openzaak TO openzaak;
diff --git a/open-zaak/docker/postgres.entrypoint-initdb.d/0002-open-zaak-extensions.sh b/open-zaak/docker/postgres.entrypoint-initdb.d/0002-open-zaak-extensions.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "openzaak" <<-EOSQL
+    CREATE EXTENSION postgis;
+    CREATE EXTENSION pg_trgm;
+EOSQL
diff --git a/open-zaak/docker/postgres.entrypoint-initdb.d/0010-alfresco.sql b/open-zaak/docker/postgres.entrypoint-initdb.d/0010-alfresco.sql
@@ -0,0 +1,3 @@
+CREATE USER alfresco;
+CREATE DATABASE alfresco;
+GRANT ALL PRIVILEGES ON DATABASE alfresco TO alfresco;
diff --git a/open-zaak/docker/volumes/.gitkeep b/open-zaak/docker/volumes/.gitkeep
diff --git a/open-zaak/open-notificaties/.env b/open-zaak/open-notificaties/.env
@@ -0,0 +1,19 @@
+SECRET_KEY=${SECRET_KEY:-7(h1r2hk)8z9+05edulo_3qzymwbo&c24=)qz7+_@3&2sp=u%i}
+IS_HTTPS=no
+ALLOWED_HOSTS=*
+# SUBPATH=${SUBPATH:-/localhost}
+NOTIFICATIONS_DISABLED=True
+DEBUG=yes
+DJANGO_SETTINGS_MODULE=nrc.conf.docker
+
+CACHE_DEFAULT=openzaak_redis:6379/0
+CACHE_AXES=openzaak_redis:6379/0
+
+DB_HOST=open_notificaties_database
+DB_NAME=open_notificaties
+DB_USER=openzaak
+DB_PASSWORD=openzaak
+
+POSTGRES_DB=open_notificaties_database
+POSTGRES_USER=openzaak
+POSTGRES_PASSWORD=openzaak
diff --git a/open-zaak/open-notificaties/Dockerfile b/open-zaak/open-notificaties/Dockerfile
@@ -0,0 +1,14 @@
+FROM openzaak/open-notificaties
+
+ENV REQUESTS_CA_BUNDLE /etc/ssl/certs/ca-certificates.crt
+
+# Setup Certificates for ADP/Motiv
+ADD certificates/adp_rootca.crt /usr/local/share/ca-certificates/adp_rootca.crt
+ADD certificates/nl_root.crt /usr/local/share/ca-certificates/nl_root.crt
+RUN chmod 644 /usr/local/share/ca-certificates/adp_rootca.crt \
+    && chmod 644 /usr/local/share/ca-certificates/nl_root.crt \
+    && update-ca-certificates --fresh
+
+# TODO: this is a mock cmis_mapper, based on https://github.com/open-zaak/open-zaak/blob/master/config/cmis_mapper.json
+# Update this once we have received the definite mapping
+ADD cmis/cmis_mapper.json /app/cmis/cmis_mapper.json