stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

refactor: JobEngine cleanup + crypto compose refactor + sprint plans + timeline merge prep

Browse Source 
- Remove zombie JobEngine WebService (no container runs it)
- Remove dangling STELLAOPS_JOBENGINE_URL, replace with RELEASE_ORCHESTRATOR_URL
- Update Timeline audit paths to release-orchestrator
- Extract smremote to docker-compose.crypto-provider.smremote.yml
- Rename crypto compose files for consistent naming
- Add crypto provider health probe API (CP-001) + tenant preferences (CP-002)
- Create sprint plans: crypto picker, VulnExplorer merge, scheduler plugins
- Timeline merge prep: ingestion worker relocated to infrastructure lib

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-08 13:45:19 +03:00
parent 59e7f25d96
commit 886ff6f9d2
118 changed files with 1593 additions and 17761 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
devops/compose/README.md
View File

@@ -52,11 +52,19 @@ Consolidated Docker Compose configuration for the StellaOps platform. All profil
### Crypto Provider Overlays
Each crypto provider is an optional compose overlay:
- `docker-compose.crypto-provider.smremote.yml` -- Chinese ShangMi (SM2/SM3/SM4) microservice (extracted from main stack)
- `docker-compose.crypto-provider.cryptopro.yml` -- Russian GOST via CryptoPro CSP
- `docker-compose.crypto-provider.crypto-sim.yml` -- Universal crypto simulator for dev/test
Usage: `docker compose -f docker-compose.stella-ops.yml -f docker-compose.crypto-provider.smremote.yml up -d`
| File | Purpose | Use Case |
|------|---------|----------|
| `docker-compose.crypto-sim.yml` | Universal crypto simulation | Testing without licensed crypto |
| `docker-compose.cryptopro.yml` | CryptoPro CSP (real GOST) | Production Russia deployments |
| `docker-compose.sm-remote.yml` | SM Remote service (real SM2) | Production China deployments |
| `docker-compose.crypto-provider.smremote.yml` | SmRemote microservice (SM2/SM3/SM4) | China deployments (router-integrated) |
| `docker-compose.crypto-provider.cryptopro.yml` | CryptoPro CSP (real GOST) | Production Russia deployments |
| `docker-compose.crypto-provider.crypto-sim.yml` | Universal crypto simulation | Testing without licensed crypto |
| `docker-compose.sm-remote.yml` | Standalone SM Remote with HSM support | China production with OSCCA-certified HSM |
### Additional Overlays
@@ -435,17 +443,17 @@ PLAYWRIGHT_BASE_URL=https://stella-ops.local \
```bash
docker compose -f docker-compose.stella-ops.yml \
-f docker-compose.compliance-china.yml \
-f docker-compose.crypto-sim.yml up -d
-f docker-compose.crypto-provider.crypto-sim.yml up -d
```
**For Production (real SM crypto):**
```bash
docker compose -f docker-compose.stella-ops.yml \
-f docker-compose.compliance-china.yml \
-f docker-compose.sm-remote.yml up -d
-f docker-compose.crypto-provider.smremote.yml up -d
```
**With OSCCA-certified HSM:**
**With standalone SM Remote + OSCCA-certified HSM:**
```bash
# Set HSM connection details in environment
export SM_REMOTE_HSM_URL="https://sm-hsm.example.com:8900"
@@ -469,7 +477,7 @@ docker compose -f docker-compose.stella-ops.yml \
```bash
docker compose -f docker-compose.stella-ops.yml \
-f docker-compose.compliance-russia.yml \
-f docker-compose.crypto-sim.yml up -d
-f docker-compose.crypto-provider.crypto-sim.yml up -d
```
**For Production (CryptoPro CSP):**
@@ -477,7 +485,7 @@ docker compose -f docker-compose.stella-ops.yml \
# CryptoPro requires EULA acceptance
CRYPTOPRO_ACCEPT_EULA=1 docker compose -f docker-compose.stella-ops.yml \
-f docker-compose.compliance-russia.yml \
-f docker-compose.cryptopro.yml up -d
-f docker-compose.crypto-provider.cryptopro.yml up -d
```
**Requirements for CryptoPro:**
@@ -498,7 +506,7 @@ CRYPTOPRO_ACCEPT_EULA=1 docker compose -f docker-compose.stella-ops.yml \
```bash
docker compose -f docker-compose.stella-ops.yml \
-f docker-compose.compliance-eu.yml \
-f docker-compose.crypto-sim.yml up -d
-f docker-compose.crypto-provider.crypto-sim.yml up -d
```
**For Production:**
@@ -518,7 +526,7 @@ docker compose -f docker-compose.stella-ops.yml \
## Crypto Simulation Details
The `docker-compose.crypto-sim.yml` overlay provides a unified simulation service for all sovereign crypto profiles:
The `docker-compose.crypto-provider.crypto-sim.yml` overlay provides a unified simulation service for all sovereign crypto profiles:
| Algorithm ID | Simulation | Use Case |
|--------------|------------|----------|