Set up a virtual environment with by running
python -m venv .venvfrom the command line. Now you can activate it with
source .venv/bin/activateNext, install the dependencies (Django, Jose etc)
pip install -r requirements.txtThe management backend uses some 'external' services for config, authentication and monitoring, namely RadiusDesk, Keycloak and Prometheus. For development, we can host these services locally and point the backend to their local URLs. These need to be setup and running first before running the backend.
Keycloak manages user authorisation and authentication on both the backend and frontend.
Follow the instructions at https://www.keycloak.org/getting-started/getting-started-docker for getting a local keycloak server up and running in a Docker container. Create a new realm called 'inethi-global-services'. You'll need to add two new clients, one for the backend and one for the frontend, so that both can log in via keycloak.
Frontend: Add a client with ID 'manage-ui'. Leave most of the settings as they are i.e. no client authentication, standard flow etc. This is a public client, because the keycloak.js client doesn't support confidential clients. You'll have to configure some URLs, assuming the frontend is running at http://localhost:3000:
- Home URL:
http://localhost:3000 - Valid Redirect URLs:
http://localhost:3000/* - Valid post logout redirect URIs:
+(Same as redirect URLs) - Web Origins:
+
Backend: Add a client with ID 'manage-backend'. This can be a private client, so client authentication and authorization are checked. Similarly, you want to configure redirect urls, this time using the backend url:
- Home URL:
http://localhost:8000 - Valid Redirect URLs:
http://localhost:8000/* - Valid post logout redirect URIs:
+ - Web Origins:
+
Lastly and add an admin user with a username of your choice. Assign this user a new role, called 'admin'. This user will be able to log in to the backend to access Django's admin interface.
The CommuNethi app is designed to run alongside a RadiusDesk server. It provides some existing functionality in a new UI as well as extended functionality. To avoid syncing errors, it connects to the same mysql database that is used by radiusdesk, which needs some extra configuration:
First follow the instructions for running radiusdesk in a docker container. Then make sure that the mariadb container exposes its database at port 3306, so that django can connect to it. This may involve editing radiusdesk's docker-compose.yml file.
Double check the database is exposed by running
mysql -h localhost -P 3306 -u rd --password=rdIf you're running the backend for the first time, you will have to migrate changes to the database with
python manage.py migrate --database=default
python manage.py migrate --database=metrics_dbYou need to configure the backend to communicate with the keycloak server by registering both frontend and backend clients in the .env file, for example:
KEYCLOAK_URL="http://localhost:8000"
KEYCLOAK_REALM="inethi-global-services"
KEYCLOAK_CLIENT_ID="manage-backend"
KEYCLOAK_CLIENT_SECRET="<CLIENT_SECRET>"
DRF_KEYCLOAK_CLIENT_ID="manage-ui"Now you can run the server, using
python manage.py runserverThe base url should redirect you to the keycloak server, where you can log in using the credentials you set up initially. After that, you should be able to access the admin site.
The backend sends periodic pings to its registered devices using Celery. To schedule periodic tasks and start a worker process, run
python -m celery -A backend beat -l info
python -m celery -A backend worker -l infoEnsure you have docker and python on your system.
Add your keycloak public key in the keys folder and add a .env file in backend as per example.env. Add a .env file to users and wallet in a similar way by checking the .env.example files in each directory.
Do the prerequisites first then:
cd backenddocker compose up inethi-manage-mysql -ddocker compose build --no-cachedocker compose up inethi-manage -d
- Check private key format:
openssl pkey -pubin -in keycloak_public.pem -text -noout