google · roger2hk · Apr 30, 2023 · Apr 25, 2023 · Apr 25, 2023 · Apr 30, 2023
@@ -0,0 +1,73 @@
+# Dockerized Test Deployment
+
+This brings up a CTFE with its own trillian instance and DB server for users to
+get a feel for how deploying CTFE works. This is not recommended as a way of
+serving production logs!
+
+## Requirements
+
+- Docker and Docker Compose Plugin
+- go tooling
+- git checkouts of:
+  - github.com/google/trillian
+  - github.com/google/certificate-transparency-go
+
+The instructions below assume you've checked out the repositories within
+`~/git/`, but if you have them in another location then just use a different
+path when you run the command.
+
+## Deploying
+
+We will use 2 terminal sessions to the machine you will use for hosting the
+docker containers. Each of the code stanzas below will state which terminal to
+use. This makes it easier to see output logs and to avoid repeatedly changing
+directory.
+
+First bring up the trillian instance and the database:
+
+```bash
+# Terminal 1
+cd ~/git/certificate-transparency-go/trillian/examples/deployment/docker/ctfe/
+docker compose up
+```
+
+This brings up everything except the CTFE. Now to provision the logs.
+
+```bash
+# Terminal 2
+cd ~/git/trillian/
+docker exec -i ctfe-db mysql -pzaphod -Dtest < ./storage/mysql/schema/storage.sql
+```
+
+The CTFE requires some configuration files. First prepare a directory containing
+these, and expose it as a docker volume. These instructions prepare this config
+at `/tmp/ctfedocker` but if you plan on keeping this test instance alive for
+more than a few hours then pick a less temporary location on your filesystem.
+
+```bash
+# Terminal 2
+CTFE_CONF_DIR=/tmp/ctfedocker
+mkdir ${CTFE_CONF_DIR}
+TREE_ID=$(go run github.com/google/trillian/cmd/createtree@master --admin_server=localhost:8090)
+sed "s/@TREE_ID@/$TREE_ID/" ~/git/certificate-transparency-go/trillian/examples/deployment/docker/ctfe/ct_server.cfg > ${CTFE_CONF_DIR}/ct_server.cfg
+cp ./trillian/testdata/fake-ca.cert ${CTFE_CONF_DIR}
+docker volume create --driver local --opt type=none --opt device=${CTFE_CONF_DIR} --opt o=bind ctfe_config
+```
+
+Now that this configuration is available, you can bring up the CTFE:
+
+```bash
+# Terminal 1
+<Ctrl C> # kill the previous docker compose up command
+docker compose --profile frontend up
+```
+
+This will bring up the whole stack. Assuming there are no errors in the log,
+then the following command should return tree head for tree size 0.
+
+```bash
+# Terminal 2
+cd ~/git/certificate-transparency-go
+go run ./client/ctclient get-sth --log_uri http://localhost:8080/testlog
+```
+
@@ -0,0 +1,15 @@
+config {
+	log_id: @TREE_ID@
+	prefix: "testlog"
+	roots_pem_file: "/ctfe-config/fake-ca.cert"
+	public_key: {
+		der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b"
+	}
+	private_key: {
+		[type.googleapis.com/keyspb.PrivateKey] {
+			der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xd8\x8a\x49\xa2\x15\x3c\xbe\xb5\xb7\x6c\x63\xdc\xfd\xc0\x36\x64\x24\x88\xc3\x57\x9d\xfa\xd4\xa8\x70\x78\x32\x72\x29\x1a\xb1\x6f\xa1\x44\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b"
+		}
+	}
+	max_merge_delay_sec: 86400
+	expected_merge_delay_sec: 120
+}
@@ -0,0 +1,73 @@
+version: "3.1"
+
+services:
+  db:
+    container_name: ctfe-db
+    image: mariadb
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD=zaphod
+      - MYSQL_DATABASE=test
+      - MYSQL_USER=test
+      - MYSQL_PASSWORD=zaphod
+    ports:
+      - "3306:3306"
+    healthcheck:
+      test: mysql --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --silent --execute "SHOW DATABASES;"
+      interval: 3s
+      timeout: 2s
+      retries: 5
+
+  trillian-log-server:
+    image: gcr.io/trillian-opensource-ci/log_server
+    command: [
+      "--storage_system=mysql",
+      "--mysql_uri=test:zaphod@tcp(db:3306)/test",
+      "--rpc_endpoint=0.0.0.0:8090",
+      "--http_endpoint=0.0.0.0:8091",
+      "--alsologtostderr",
+    ]
+    restart: always
+    ports:
+      - "8090:8090"
+      - "8091:8091"
+    depends_on:
+      - db
+
+  trillian-log-signer:
+    image: gcr.io/trillian-opensource-ci/log_signer
+    command: [
+      "--storage_system=mysql",
+      "--mysql_uri=test:zaphod@tcp(db:3306)/test",
+      "--rpc_endpoint=0.0.0.0:8090",
+      "--http_endpoint=0.0.0.0:8091",
+      "--force_master",
+      "--alsologtostderr",
+    ]
+    restart: always
+    ports:
+      - "8092:8091"
+    depends_on:
+      - db
+      - trillian-log-server
+
+  ctfe:
+    image: gcr.io/trillian-opensource-ci/ctfe
+    profiles: ["frontend"]
+    command: [
+      "--log_rpc_server=trillian-log-server:8090",
+      "--log_config=/ctfe-config/ct_server.cfg",
+      "--http_endpoint=0.0.0.0:8091",
+      "--alsologtostderr",
+    ]
+    restart: always
+    ports:
+      - "8080:8091"
+    volumes:
+      - ctfe_config:/ctfe-config:ro
+    depends_on:
+      - trillian-log-server
+
+volumes:
+  ctfe_config:
+    external: true