ui fixes
This commit is contained in:
master
@@ -1,47 +1,118 @@
|
||||
# Installation guide (Docker Compose + air-gap)
|
||||
# Installation Guide
|
||||
|
||||
This guide explains how to run StellaOps from this repository using deterministic deployment bundles under `deploy/`.
|
||||
How to run Stella Ops from this repository using Docker Compose.
|
||||
|
||||
## Prerequisites
|
||||
- Docker Engine with Compose v2.
|
||||
- Enough disk for container images plus scan artifacts (SBOMs, logs, caches).
|
||||
- For production-style installs, plan for persistent volumes (PostgreSQL + object storage) and a secrets provider.
|
||||
|
||||
## Connected host (dev / evaluation)
|
||||
- Docker Engine with Compose v2 (`docker compose version`)
|
||||
- Enough disk for container images plus scan artifacts (SBOMs, logs, caches)
|
||||
- For production-style installs, plan for persistent volumes (PostgreSQL + object storage) and a secrets provider
|
||||
|
||||
StellaOps ships reproducible Compose profiles pinned to immutable digests.
|
||||
## Quick path (automated setup scripts)
|
||||
|
||||
```bash
|
||||
cd deploy/compose
|
||||
cp env/dev.env.example dev.env
|
||||
docker compose --env-file dev.env -f docker-compose.dev.yaml config
|
||||
docker compose --env-file dev.env -f docker-compose.dev.yaml up -d
|
||||
The fastest way to get running. The setup scripts validate prerequisites, configure the environment, start infrastructure, build solutions, build Docker images, and launch the full platform.
|
||||
|
||||
**Windows (PowerShell 7):**
|
||||
|
||||
```powershell
|
||||
.\scripts\setup.ps1 # full setup
|
||||
.\scripts\setup.ps1 -InfraOnly # infrastructure only (PostgreSQL, Valkey, RustFS, Rekor, Zot)
|
||||
```
|
||||
|
||||
Verify:
|
||||
**Linux / macOS:**
|
||||
|
||||
```bash
|
||||
docker compose --env-file dev.env -f docker-compose.dev.yaml ps
|
||||
./scripts/setup.sh # full setup
|
||||
./scripts/setup.sh --infra-only # infrastructure only
|
||||
```
|
||||
|
||||
Defaults are defined by the selected env file. For the dev profile, the UI listens on `https://localhost:8443` by default; see `devops/compose/env/dev.env.example` for the full port map.
|
||||
The scripts will:
|
||||
1. Check prerequisites (dotnet 10.x, node 20+, docker, git)
|
||||
2. Offer to install hosts file entries automatically
|
||||
3. Copy `env/stellaops.env.example` to `.env` if needed (works out of the box)
|
||||
4. Start infrastructure and wait for healthy containers
|
||||
5. Build .NET solutions and Docker images
|
||||
6. Launch the full platform with health checks
|
||||
|
||||
## Air-gapped host (Compose profile)
|
||||
Open **https://stella-ops.local** when setup completes.
|
||||
|
||||
Use the air-gap profile to avoid outbound hostnames and to align defaults with offline operation:
|
||||
## Manual path (step by step)
|
||||
|
||||
### 1. Environment file
|
||||
|
||||
```bash
|
||||
cd deploy/compose
|
||||
cp env/airgap.env.example airgap.env
|
||||
docker compose --env-file airgap.env -f docker-compose.airgap.yaml config
|
||||
docker compose --env-file airgap.env -f docker-compose.airgap.yaml up -d
|
||||
cd devops/compose
|
||||
cp env/stellaops.env.example .env
|
||||
```
|
||||
|
||||
For offline bundles, imports, and update workflows, use:
|
||||
The example file ships with working local-dev defaults. For production, change `POSTGRES_PASSWORD` and review all values.
|
||||
|
||||
### 2. Hosts file
|
||||
|
||||
Stella Ops services bind to unique loopback IPs so all can use port 443 without collisions. Add the entries from `devops/compose/hosts.stellaops.local` to your hosts file:
|
||||
|
||||
- **Windows:** `C:\Windows\System32\drivers\etc\hosts` (run editor as Administrator)
|
||||
- **Linux / macOS:** `sudo sh -c 'cat devops/compose/hosts.stellaops.local >> /etc/hosts'`
|
||||
|
||||
### 3. Start infrastructure
|
||||
|
||||
```bash
|
||||
cd devops/compose
|
||||
docker compose -f docker-compose.dev.yml up -d
|
||||
docker compose -f docker-compose.dev.yml ps # verify all healthy
|
||||
```
|
||||
|
||||
### 4. Start the full platform
|
||||
|
||||
```bash
|
||||
docker compose -f docker-compose.stella-ops.yml up -d
|
||||
```
|
||||
|
||||
Optional overlays:
|
||||
|
||||
```bash
|
||||
# With Sigstore transparency log
|
||||
docker compose -f docker-compose.stella-ops.yml --profile sigstore up -d
|
||||
|
||||
# With telemetry stack (Prometheus, Tempo, Loki)
|
||||
docker compose -f docker-compose.stella-ops.yml -f docker-compose.telemetry.yml up -d
|
||||
```
|
||||
|
||||
### 5. Verify
|
||||
|
||||
```bash
|
||||
docker compose -f docker-compose.stella-ops.yml ps
|
||||
curl -k https://stella-ops.local # should return the Angular UI
|
||||
```
|
||||
|
||||
## Air-gapped deployments
|
||||
|
||||
For offline/air-gapped environments, use the sealed CI compose file and offline telemetry overlay:
|
||||
|
||||
```bash
|
||||
# Sealed CI environment (authority, signer, attestor in isolation)
|
||||
docker compose -f docker-compose.sealed-ci.yml up -d
|
||||
|
||||
# Offline observability (no external endpoints)
|
||||
docker compose -f docker-compose.stella-ops.yml -f docker-compose.telemetry-offline.yml up -d
|
||||
|
||||
# Tile proxy for air-gapped Sigstore verification
|
||||
docker compose -f docker-compose.stella-ops.yml -f docker-compose.tile-proxy.yml up -d
|
||||
```
|
||||
|
||||
For offline bundles, imports, and update workflows, see:
|
||||
- `docs/OFFLINE_KIT.md`
|
||||
- `docs/modules/airgap/guides/overview.md`
|
||||
- `docs/modules/airgap/guides/importer.md`
|
||||
- `docs/modules/airgap/guides/controller.md`
|
||||
|
||||
## Regional compliance overlays
|
||||
|
||||
| Region | Testing | Production |
|
||||
|--------|---------|------------|
|
||||
| China (SM2/SM3/SM4) | `docker-compose.compliance-china.yml` + `docker-compose.crypto-sim.yml` | `docker-compose.compliance-china.yml` + `docker-compose.sm-remote.yml` |
|
||||
| Russia (GOST) | `docker-compose.compliance-russia.yml` + `docker-compose.crypto-sim.yml` | `docker-compose.compliance-russia.yml` + `docker-compose.cryptopro.yml` |
|
||||
| EU (eIDAS) | `docker-compose.compliance-eu.yml` + `docker-compose.crypto-sim.yml` | `docker-compose.compliance-eu.yml` |
|
||||
|
||||
See `devops/compose/README.md` for detailed compliance deployment instructions.
|
||||
|
||||
## Hardening: require Authority for Concelier job triggers
|
||||
|
||||
@@ -54,14 +125,9 @@ CONCELIER_AUTHORITY__ALLOWANONYMOUSFALLBACK=false
|
||||
|
||||
Store the client secret outside source control (Docker secrets, mounted file, or Kubernetes Secret). For audit fields and alerting guidance, see `docs/modules/concelier/operations/authority-audit-runbook.md`.
|
||||
|
||||
## Quota / licensing (optional)
|
||||
|
||||
Quota enforcement is configuration-driven. For the current posture and operational implications, see:
|
||||
- `docs/QUOTA_OVERVIEW.md`
|
||||
- `docs/QUOTA_ENFORCEMENT_FLOW.md`
|
||||
- `docs/license-jwt-quota.md`
|
||||
|
||||
## Next steps
|
||||
- Quick start: `docs/quickstart.md`
|
||||
|
||||
- Quickstart: `docs/quickstart.md`
|
||||
- Developer setup details: `docs/dev/DEV_ENVIRONMENT_SETUP.md`
|
||||
- Architecture overview: `docs/ARCHITECTURE_OVERVIEW.md`
|
||||
- Detailed technical index: `docs/technical/README.md`
|
||||
- Compose profiles reference: `devops/compose/README.md`
|
||||
|
||||
Reference in New Issue
Block a user