Makefile, dockerfile, and Anaconda configuration to quickly deploy AIT projects.
This script is a collection of Makefiles in three layers.
-
The Makefile at the root of the repo is for configurating and deploying AIT.
-
The Makefile in sql_scripts is for the configuration of the kmc SADB database tables. SQL Config
-
The Makefiles in the kmc directory are for the configuration and deployment of KMC-Crypto-Service and KMC-Crypto-Client. KMC Deployment
- make
- git
- bash
- wget
- A web browser (For AIT-GUI)
- python
- pyjks (for key-dump target, not run by default for convenience)
Within the repo, run make.
Make will handle cloning, configuring, and installing necessary repos.
Run make with the flag DEV=true (i.g. make AIT-Core DEV=true). You can optionally modify the DEV variable within the makefile, which lets you omit passing the DEV flag.
Run make with the flags DEV=true TOX=true.
| Target | Description |
|---|---|
| interactive | Runs ait-server, simulators, and firefox |
| server | Runs ait-server and will fork to the background. Useful for servers |
| nofork | Runs ait-server and does not fork. Useful for development, monitoring, testing, docker. |
| AIT-Core TEST=true | Run AIT-Core pytest tests |
| AIT-Core DEV=true | Install AIT-Core with Poetry and other development dependencies |
| AIT-Core DEV=true TOX=true | Run the AIT-Core Tox pipeline |
| clean | Kills all ait-server instances, sims, and deletes conda evironments. |
| Variable | Effect |
|---|---|
| project_url | url to the project AIT Customization and deployment repository. Comment the line to use AIT defaults. |
| miniconda_url | URL to the installer of the miniconda python distribution installer. This is mandatory. |
| ait_core_url | Url to the AIT-core repository. This variable is mandatory. |
| ait_gui_url | Url to the AIT GUI repository. Comment this line to disable the plugin. |
| ait_dsn_url | Url to the AIT DSN repository. Comment this line to disable the plugin. |
| python_version | Version of python to use. Must be compatible across all plugins and AIT-Core. |
| DEV | When true, installs AIT-Core using Poetry, along with extra dependencies. |
| TOX | When true, runs tox if DEV is passed. |
Build the image and then run the container with the -d option.
- Run docker build. The make file will perform the setup automatically.
- Run make locally and then docker build. The docker build file will copy your local deployment into the container. This is perferred if your project repo is not public or requires authentication.
While logged into the EC2 instance:
crontab -e
Add an entry: @reboot cd ~/AIT_Quick_Deploy/ && make
ait-server will automatically start and fork on the next reboot.
You can now restart the EC2 instance or start ait-server by running run make and then logging out of the instance.
| Port | Protocol | Purpose |
|---|---|---|
| 8080 | TCP | AIT-GUI |
| 8443 | TCP + mtls | KMC-Crypto-Service |
| 3306 | TCP + mtls-option | KMC-Crypto-Client mariadb |
| ???? | UDP/TCP | Customizable AIT ports |
Q: Why not just use git subtree/module?
A: Good question, I often ask myself every day. git subtree comming soon!
Q: Why not just use GUIX or NIX?
A: Good question, I often ask myself every day. GUIX comming soon!
Q: What distro should I run AIT in?
A: Pretty much any, unless you're running KMC, in which case you need a RHEL8.5 compatible distro (Alma, Rocky, etc...)
Q: There seems to be a kernel lock in the RPM.
A: I know.
Q: Can I run AIT+KMC-Crypto-Client in a RHEL8 Docker container?
A: No. Kernel lock.
Q: Can the MariaDB be hosted on a third machine?
A: Yes. You'll need to modify the sql scripts to point to your box.
Q: My AIT+KMC hangs for a long time when initializing the encrypter plugin, then gives me a 503 authentication error!
A: Your firewalls are probably blocking you.