mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 13:10:42 +00:00

History

Till Wegmueller c8b27bf196 feat: add deployment configurations for multiple platforms Add comprehensive deployment support for: - Docker: Multi-stage Dockerfile with security hardening - Docker Compose: Production-ready compose file with volume persistence - Kubernetes: Complete Helm chart with configurable values, ingress, PVC - Linux: systemd service unit with extensive security hardening - FreeBSD: rc.d init script with proper daemon management - illumos/Solaris: SMF manifest with service contract management Each platform includes: - Installation scripts/manifests - Configuration examples - Management instructions - Security best practices - Troubleshooting guides The Helm chart provides: - Configurable resources and autoscaling - Security contexts and pod security - Health checks (liveness/readiness probes) - Ingress with TLS support - Persistent volume claims - Service account management All deployments follow security best practices: - Non-root user execution - Minimal privileges - Read-only root filesystems where applicable - Resource limits - Network policies Added DEPLOYMENT.md with comprehensive deployment guide covering all platforms, configuration options, and production checklist. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-29 15:30:46 +01:00
..
barycenter.xml	feat: add deployment configurations for multiple platforms	2025-11-29 15:30:46 +01:00
README.md	feat: add deployment configurations for multiple platforms	2025-11-29 15:30:46 +01:00

Till Wegmueller c8b27bf196

feat: add deployment configurations for multiple platforms

Add comprehensive deployment support for:
- Docker: Multi-stage Dockerfile with security hardening
- Docker Compose: Production-ready compose file with volume persistence
- Kubernetes: Complete Helm chart with configurable values, ingress, PVC
- Linux: systemd service unit with extensive security hardening
- FreeBSD: rc.d init script with proper daemon management
- illumos/Solaris: SMF manifest with service contract management

Each platform includes:
- Installation scripts/manifests
- Configuration examples
- Management instructions
- Security best practices
- Troubleshooting guides

The Helm chart provides:
- Configurable resources and autoscaling
- Security contexts and pod security
- Health checks (liveness/readiness probes)
- Ingress with TLS support
- Persistent volume claims
- Service account management

All deployments follow security best practices:
- Non-root user execution
- Minimal privileges
- Read-only root filesystems where applicable
- Resource limits
- Network policies

Added DEPLOYMENT.md with comprehensive deployment guide covering
all platforms, configuration options, and production checklist.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-29 15:30:46 +01:00

barycenter.xml

feat: add deployment configurations for multiple platforms

2025-11-29 15:30:46 +01:00

README.md

feat: add deployment configurations for multiple platforms

2025-11-29 15:30:46 +01:00

README.md

illumos/Solaris Deployment

This directory contains SMF (Service Management Facility) manifest for running Barycenter on illumos and Solaris systems.

Installation

Install Rust and build the binary:

# On OmniOS/OpenIndiana, install rust from pkgsrc
pkg install rust
cargo build --release

Create the barycenter user:

useradd -d /var/barycenter -s /usr/bin/false -c "Barycenter IdP" barycenter

Create required directories:

mkdir -p /opt/barycenter/bin
mkdir -p /etc/barycenter
mkdir -p /var/barycenter/data
chown -R barycenter:barycenter /var/barycenter

Install the binary:

cp target/release/barycenter /opt/barycenter/bin/
chmod 755 /opt/barycenter/bin/barycenter

Install the configuration:

cp config.toml /etc/barycenter/config.toml
chown root:barycenter /etc/barycenter/config.toml
chmod 640 /etc/barycenter/config.toml

Edit /etc/barycenter/config.toml and update paths:

[database]
url = "sqlite:///var/barycenter/crabidp.db?mode=rwc"

[keys]
jwks_path = "/var/barycenter/data/jwks.json"
private_key_path = "/var/barycenter/data/private_key.pem"

Import the SMF manifest:

svccfg import deploy/illumos/barycenter.xml

Enable the service:
```
svcadm enable barycenter
```

Management

Check status:

svcs -l barycenter

View logs:

svcs -L barycenter  # Show log file location
tail -f /var/svc/log/application-barycenter:default.log

Restart service:

svcadm restart barycenter

Stop service:

svcadm disable barycenter

Clear maintenance state:

svcadm clear barycenter

Configuration

Modifying Service Properties

To change the config file location:

svccfg -s barycenter setprop application/config_file = /custom/path/config.toml
svcadm refresh barycenter
svcadm restart barycenter

To change the data directory:

svccfg -s barycenter setprop application/data_dir = /custom/data/dir
svcadm refresh barycenter
svcadm restart barycenter

Environment Variables

To set environment variables, edit the manifest and modify the method_environment section:

<method_environment>
    <envvar name='RUST_LOG' value='debug' />
    <envvar name='CRABIDP__SERVER__PUBLIC_BASE_URL' value='https://idp.example.com' />
</method_environment>

Then reimport:

svccfg import deploy/illumos/barycenter.xml
svcadm refresh barycenter
svcadm restart barycenter

Troubleshooting

Service won't start:

# Check the service log
svcs -L barycenter
tail -50 /var/svc/log/application-barycenter:default.log

# Check service state
svcs -x barycenter

Permission issues: Ensure the barycenter user has write access to the data directory:

chown -R barycenter:barycenter /var/barycenter
chmod 755 /var/barycenter

SMF Features

SMF provides:

Automatic restart on failure
Dependency management
Log file rotation
Process contract management
Property-based configuration