Built by Maven

Bootstrap Modules

bootstrap-common

Definitions

  • certbot.json
    • Install Certbot
      • Certificate files
        • pfx keystore
          • {dataDir}/{serverDomain}.pfx
        • pem
          • Linux /etc/letsencrypt/live/{serverDomain}/fullchain.pem/privkey.pem
          • Windows C:/Certbot/live/{serverDomain}/fullchain.pem/privkey.pem
    • OS support
      • Linux
      • Windows
    • Properties
      • certEmail - email used by Let’s Encrypt for important account notifications
      • keystorePw - password used for PFX file
      • serverDomain - Eg. dev.rswk.ch
  • dev.json
    • Install platform development tools
    • OS support
      • Linux
      • Windows
    • Properties
      • nexusDomain - Eg. dev.rswk.ch
      • nexusPassword
      • nexusProtocol - Eg. https
      • nexusUser
  • engine-*.json
    • Definitions for managing meta-engine based servers
    • Flags
      • engine-server.json
        • certbot - Install certbot and certificate for serverDomain
      • engine-server-update.json
        • engineUpdate - Run update tasks, see updateTasks property
    • OS support
      • Linux
      • Windows
    • Properties
      • General
        • serviceName - Name of engine service
      • engine-import.json
        • importFixture - Name of file to import, eg. fixture will import {moduleDir}/config/engine/fixture.json
      • engine-main.json
        • javaArgs - Additional java executable arguments, eg. -Djavax.net.ssl.trustStore="{trustStoreFile}"
        • mainArgs - Main arguments, eg. -update clone
        • serviceClassPath
        • serviceConfig
        • serviceConfigClass
        • serviceLauncherClass
      • engine-server-update.json
        • updateTasks - Update tasks to run, eg. clone
  • firewall.json
    • Basic firewall rules
      • Linux ufw
      • Windows Windows Defender Firewall
    • OS support
      • Linux
      • Windows
    • Ports
      • HTTP 80/TCP
      • HTTPS 443/TCP
      • RDP 3389/TCP (Windows only)
      • SSH 22/TCP (Linux only)
  • httpd.json
    • Install HTTPD
    • Configs
      • {moduleDir}/config/httpd-vhosts.conf
      • {moduleDir}/config/httpd.conf
    • OS support
      • Linux
      • Windows
    • Properties
      • serverAdmin - ServerAdmin
      • serverDomain - Eg. dev.rswk.ch
  • java.json
  • nssm.json
    • Install NSSM
    • OS support
      • Windows
  • ntp.json
    • Enable NTP using europe.pool.ntp.org
    • OS support
      • Linux
      • Windows
  • openssl.json
  • sqlite.json
    • Download xerial/sqlite-jdbc JAR.
      • Includes native SQLite libraries for various platforms
      • Manually include JAR in serviceClassPath to have SQLite in meta-engine
    • OS support
      • Linux
      • Windows
  • utils.json

bootstrap-dev-server

Development server for organizations using platform with Fossil, Jenkins and Nexus.

Definitions

  • dev-server.json
  • dev-server-after.json
    • Empty by default. Override to run any organization specific actions after server is installed

Manual steps dev-server

  • Setup Fossil SCM server
    • Copy fossil repository files from previous development server to /var/lib/platform/data/scm. This does not work with files from local developer environment!
    • Create new repository files
      • fossil init mycompany.fossil -A admin
      • fossil init mycompany-bootstrap.fossil -A admin
      • Password for admin user is printed to console
      • Open https://dev.mycompany.ch/scm/mycompany (repeat for mycompany-bootstrap)
        • Login with admin user
        • See the Admin section for all available settings
          • Change password to be same on all repositories (or adapt Jenkins credentials)
        • Add additional users for your organization
        • Change access settings as needed and see security audit for capability summary
  • Setup Jenkins build server
    • See boostrap.log for Jenkins admin password
    • Open https://dev.mycompany.ch/jenkins
    • Install suggested plugins
    • Finish setup with admin user or create a different user
    • Manage Jenkins
      • Manage plugins
        • Available
          • Lockable Resource
          • Maven Integration
        • Install and restart
      • Configure System
        • Lockable Resources Manager > Add Lockable Resource
          • Name Xvfb
      • Global Tool Configuration
        • JDK
          • Name jdk17
          • Disable Install automatically
          • JAVA_HOME /var/lib/platform/tool/jdk17
        • Maven
          • Name default
          • Disable Install automatically
          • MAVEN_HOME /var/lib/platform/tool/maven
      • Manage Credentials > Jenkins > Global credentials
        • Add Credentials
          • Secret text
            • ID npm
              • _authToken for your NPM repository
          • Username with password
            • ID scm
              • admin user and the password for your Fossil repositories
            • ID scm-platform
              • platform user and platform password
        • Add any other credentials you need stored in Jenkins
    • To import existing job configurations
      • Create directory named after the job in Jenkins home directory
        • /var/lib/platform/data/jenkins/jobs
      • Copy job config as config.xml into directory
      • Manage Jenkins > Reload Configuration from Disk
      • To automate it during bootstrap process, see platform-bootstrap/platform/bootstrap-dev-server/definitions/dev-server-after.json
  • Setup Nexus software repository
    • Open https://dev.mycompany.ch/nexus
    • Login with admin
      • See boostrap.log for Nexus admin password
    • Follow setup wizard
      • Set password to nexusPassword property used in boostrap.json
      • Disable anonymous access
    • Server configuration
      • Repository
        • Cleanup Policies
          • Create Cleanup Policy
            • Name Maven_150
            • Format maven2
            • Component usage 150
          • Create Cleanup Policy
            • Name Maven_14
            • Format maven2
            • Component usage 14
          • Create Cleanup Policy
            • Name NPM_150
            • Format npm
            • Component usage 150
        • Repositories
          • Add Maven_150 to maven-central, maven-releases repositories
          • Add Maven_14 to maven-snapshots repository
          • Create repository
            • maven2 (hosted)
              • bootstrap
                • Version policy Mixed
                • Deployment policy Allow redeploy
                • Add cleanup policy Maven_150
              • thirdparty with release policy
                • Version policy Release
            • maven2 (proxy)
              • google
                • Remote storage https://maven.google.com/
                • Add cleanup policy Maven_150
              • platform-maven-releases
                • Remote storage https://dev.rswk.ch/nexus/repository/maven-releases/
                • Add cleanup policy Maven_150
              • platform-maven-snapshots
                • Remote storage https://dev.rswk.ch/nexus/repository/maven-snapshots/
                • Version policy Snapshot
                • Add cleanup policy Maven_14
              • platform-maven-thirdparty
                • Note: Needed for the patched ch.rswk.dagger dependencies
                • Remote storage https://dev.rswk.ch/nexus/repository/thirdparty/
                • Add cleanup policy Maven_150
            • npm (hosted)
              • npm
                • Deployment policy Allow redeploy
                • Add cleanup policy NPM_150
            • npm (proxy)
              • npm-registry
                • Remote storage https://registry.npmjs.org
                • Add cleanup policy NPM_150
              • platform-npm
                • Remote storage https://dev.rswk.ch/nexus/repository/npm/
                • Add cleanup policy NPM_150
            • npm (group)
              • npm-public
                • Member repostories 
                  npm
platform-npm
npm-registry
            • raw (hosted)
              • mycompany-site
                • Content Disposition inline
                • Maven site is deployed to this repository
          • Select maven-public
            • Group > Member repositories 
              maven-releases
maven-snapshots
thirdparty
platform-thirdparty
platform-releases
platform-snapshots
maven-central
google
    • Security > Realms
      • Add npm Bearer Token Realm to Active realms
    • System > Tasks > Create task
      • Admin - Compact blob store
      • Name Compact default
      • Blob store default
      • Task frequency Weekly
      • Time to run this task 2:00
      • Days to run this task Sunday
  • Restart server

Cheatsheet dev-server

  • Nexus
    • Backup and Restore
    • npm Security
      • To generate NPM token, run this in a folder without existing .npmrc and after deleting the global .npmrc in your user profile. Afterwards, copy the generated token from global .npmrc and set the environment variable 
        npm login --registry=https://dev.mycompany.ch/nexus/repository/npm-public/
  • SCM
    • To trust additional certificates on Windows, add them to C:\tool\fossil\cacert.pem

bootstrap-dev-vm

Developer environment with all tools and utilities to work on platform and applications based on it.

Definitions

  • dev-vm.json
    • Install developer environment
    • Flags
      • ideau to install IDEA Ultimate instead of Community edition
    • OS support
      • Linux
      • Windows
    • Properties
      • npmToken
      • scmPassword
      • scmUser
  • dev-vm-after.json
    • Empty by default. Override to run any actions after environment is installed

Manual steps dev-vm

  • Linux
    • Logout and login to activate environment variables
  • Windows
    • Close and reopen PowerShell/Terminal to activate environment variables
    • Virus & threat protection in start menu
      • Virus & threat protection settings > Manage Settings
      • Exclusions > Add or remove exclusions
        • C:\data
        • C:\scm
        • C:\tool
  • Run full Maven build
    • platform
      • Linux ~/scm/platform
      • Windows C:\scm\platform
    • Run mvn -DskipTests
  • Setup IDEA
    • Linux /var/lib/platform/tool/idea/bin/idea.sh
    • Windows C:\tool\idea\bin\idea64.exe
    • Open
      • Linux ~/scm/platform
      • Windows C:\scm\platform
    • File > Project Structure
      • Project SDK > Add SDK > JDK
        • Linux /var/lib/platform/tool/jdk17
        • Windows C:\tool\jdk17
      • Project language level > 17
    • File > Settings
      • Build, Execution, Deployment
        • Build Tools > Maven
          • Always update snapshots
          • Maven home path
            • Linux /var/lib/platform/tool/maven
            • Windows C:\tool\maven
          • Importing
            • Automatically download Sources, Documentation
        • Compiler > Annotation Processors
          • Enable annotation processing
      • Editor
        • Color Scheme (Optional, use with IntelliJ Light theme)
          • Import Scheme > IDEA color scheme
            • Linux ~/scm/platform/bootstrap/bootstrap-dev-vm/src/main/resources/bootstrap/config/colorscheme.icls
            • Windows C:\scm\platform\bootstrap\bootstrap-dev-vm\src\main\resources\bootstrap\config\colorscheme.icls
        • Code Style > Java
          • Import Scheme > IDEA code style XML
            • Linux ~/scm/platform/bootstrap/bootstrap-dev-vm/src/main/resources/bootstrap/config/codestyle.xml
            • Windows C:\scm\platform\bootstrap\bootstrap-dev-vm\src\main\resources\bootstrap\config\codestyle.xml
        • General
          • Appearance
            • Show Whitespace > Leading
          • Code Completion
            • Show parameter name hints on completion
            • Show full method signatures
        • Inspections
          • Import Profile
            • Linux ~/scm/platform/bootstrap/bootstrap-dev-vm/src/main/resources/bootstrap/config/inspection.xml
            • Windows C:\scm\platform\bootstrap\bootstrap-dev-vm\src\main\resources\bootstrap\config\inspection.xml
      • Tools > Actions on Save
        • Reformat code
        • Optimize imports
    • Note that most of these settings have to be set for each repository you open!
  • Setup Klogg
    • Tools > Highlighters
      • Configure highlighters > Import
        • Linux ~/scm/platform/bootstrap/bootstrap-common/src/main/resources/bootstrap/config/klogg.conf
        • Windows C:\scm\platform\bootstrap\bootstrap-common\src\main\resources\bootstrap\config\klogg.conf
      • Select imported Default highlighters
  • Setup Visual Studio Code
    • Linux Visual Studio Code in app menu
    • Windows C:\tool\vscode\Code.exe
    • Add SCM root to Workspace
      • Linux ~/scm/
      • Windows C:\scm
    • Install extensions
      • Ctrl+Shift+X > Search

Cheatsheet dev-vm

  • WiFi Hotpost for local testing with mobile devices
    • Windows Settings > Network > Mobile hotspot
      • Set SSID and Password and turn on
      • Change adapter options > Microsoft WiFi Direct Virtual Adapter > Properties > Internet Protocol Version 4
        • IP 192.168.1.1
        • DNS 192.168.1.1
    • Install Simple DNS Plus
    • Setup Simple DNS
      • Records > New Zone > Primary Zone > Forward Zone > rswk.ch
      • Right click rswk.ch > New A-Record > localhost.platform.rswk.ch with IP 192.168.1.1
    • If you are running in a VM, make sure to forward the necessary ports

bootstrap-watchdog-server

meta-engine based server with meta-admin client. Acts as a central watchdog instance for other meta-engine based servers.

Definitions

  • watchdog-server.json
    • Install server
    • OS support
      • Linux
      • Windows
    • Flags
      • peer
  • watchdog-server-copy.json
    • Helper to copy server binaries and web clients
  • watchdog-server-update.json
    • Update server
    • OS support
      • Linux
      • Windows
  • watchdog-server-wipe.json
    • Uninstall server, including all data
    • OS support
      • Linux
      • Windows

Cheatsheet

  • Execute Bootstrap module
    • Linux Bash with bootstrap-myapp-server-1.0.zip in directory /var/tmp
      • Extract archive 
        sudo apt install -y unzip
find /var/tmp -name 'bootstrap-*.zip' -exec unzip {} -d /var/tmp/bootstrap \;
cd /var/tmp/bootstrap
      • Execute bootstrap script 
        chmod +x bootstrap.sh
sudo ./bootstrap.sh
    • Windows PowerShell/Terminal as Admin with bootstrap-myapp-server-1.0.zip in directory C:/tmp
      • Extract archive 
        Set-Variable ProgressPreference SilentlyContinue
Expand-Archive -LiteralPath (Get-ChildItem C:\tmp | Where-Object {$_.Name -like 'bootstrap-*.zip'}).FullName -DestinationPath C:\tmp\bootstrap
cd C:\tmp\bootstrap
      • Set execution policy (if needed) and execute bootstrap script 
        Set-ExecutionPolicy Unrestricted
.\bootstrap.ps1