A service to manage federations between different FATE sites
make all
The generated deliverables are placed in the output folder.
- Modify
.envfile to change the image name, and then
set -a; source .env; set +a
make docker-build
- Optionally push the image
make docker-push
- Start the service
docker-compose up
- Modify
.envfile to change the image names, and then
docker-compose pull
docker-compose up
The server cert is used for accepting connection from site portals and the client cert is used for connecting to site portals.
As an example, this guide uses StepCA CLI to sign and get the certificate.
- Make sure your StepCA CA server is running. Put your CA
ca.crtintotls/certfolder. Use command below to get your CA cert.
step ca root
- Then
cdtotls/certfolder, run commands below to create certificates and keys (replace<CommonName>(e.g. fmlmanager.fate.org) and<CertValidTime>(e.g. 8760h) with your configuration):
step ca certificate <CommonName> --san localhost --san <ServerName> server.crt server.key --not-after=<CertValidTime>
step ca certificate <CommonName> client.crt client.key --not-after=<CertValidTime>
- For the server cert, the
localhostSAN name is required because our sever may call itself via the localhost address. - For the server cert, the
<ServerName>should be the address that Site Portal use to connect to this service. - You can optionally add your other address and dns names as SANs in the command line.
If you want to use other methods to generate the certificates and keys, one thing to note is for server.crt server.key, make sure the SAN field includes the localhost and a valid <ServerName>.
cdto the project root folder
docker-compose -f docker-compose-https.yml up
The are helms chart developed for installing fml-manager with the FATE exchange components together. Currently, it is used by the lifecycle-manager service. Refer to the documents in the lifecycle-manager.