Versions Compared

Version Old Version 2 New Version 3
Changes made by

Adnan Alkallas

Adnan Alkallas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Sign in to Nexus Support portal.

  2. Go to Nexus Smart ID Clients (Personal and Hermod) > Smart ID Messaging  and select a Hermod version to download the *.zip file. 

  3. Unpack the *.zip file.

  4. Open the extracted folder, for example, 3.x.y.RELEASE
    The folder contains the Hermod installation file and a simple-setup file to set up a default configuration. 

  5. Unpack simple-setup.zip

  6. Store docker image somewhere so for Kubernetes cluster needs to pull from.

Create

...

Storage YML file

Edit the file hermod-deploymentconfig with the correct values for your environment.
Important! The actual values must match the specific deployment scenarios. The hermod-depoyment code below is only intended as an example. It will be used to store Hermod configuration file.

Example: hermod-deploymentconfig.yml

Code Block
apiVersion: v1
itemskind: -PersistentVolumeClaim
apiVersionmetadata:
apps/v1   kindannotations:
Deployment   metadatafinalizers:
    annotations:
      deployment.- kubernetes.io/revision: "2"pvc-protection
  name: hermod-config
  generationnamespace: 3test
spec:
   labelsaccessModes:
  - ReadWriteOnce
  appresources:
hermod    requests:
name: hermod     namespacestorage: test1Gi
  specstorageClassName: default
   replicasvolumeMode: 1Filesystem
  volumeName:  revisionHistoryLimit: 2hermod-config

Create Hermod deployment YML file

Edit the file hermod-deployment with the correct values for your environment.
Important! The actual values must match the specific deployment scenarios. The hermod-depoyment code below is only intended as an example. 

Example: hermod-deployment.yml

Code Block
apiVersion: v1
items:
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "2"
    generation: 3
    labels:
      app: hermod
    name: hermod
    namespace: test
  spec:
    replicas: 1
    revisionHistoryLimit: 2
    selector:
      matchLabels:
        app: hermod
    strategy:
      rollingUpdate:
        maxSurge: 1
        selectormaxUnavailable: 0
      matchLabelstype: RollingUpdate
    template:
  app: hermod   metadata:
 strategy:       rollingUpdatelabels:
          maxSurgeapp: hermod
1          maxUnavailable: 0configmap-version: "1"
        typeannotations:
 RollingUpdate     template:    prometheus.io/scrape: "true"
 metadata:         labels:prometheus.io/scheme: "http"
          appprometheus.io/path: hermod"prometheus"
          configmap-versionprometheus.io/port: "120400"
        annotationsname: hermod
      spec:
      prometheus.io/scrape: "true" containers:
        - prometheus.io/schemeargs: "http"
          image: prometheusnexusgocontainerregistry.azurecr.io/nexus-personal/path: "prometheus"hermod:3.7.0.RELEASE
           prometheus.io/portimagePullPolicy: "20400"
Always
       name: hermod  args:
    spec:      - --spring.profiles.active=native
 containers:         - args:--spring.datasource.url=${DB_URI}
           image: nexusgocontainerregistry.azurecr.io/nexus-personal/hermod:3.7.0.RELEASE- --spring.datasource.username=${DB_USERNAME}
          imagePullPolicy: Always- --spring.datasource.password=${DB_PASSWORD}
          argsname: hermod
          ports:
 - --spring.profiles.active=native        - containerPort: 20400
- --spring.datasource.url=${DB_URI}           - --spring.datasource.username=${DB_USERNAME}protocol: TCP
          - --spring.datasource.password=${DB_PASSWORDresources: {}
          nameenv:
hermod          - ports:name: JAVA_OPTS
            value: -Xms256m - containerPort: 20400Xmx512m -XX:MaxMetaspaceSize=512m -XX:CompressedClassSpaceSize=64m
              -Xss256k -Xmn8m   -XX:InitialCodeCacheSize=4m -XX:ReservedCodeCacheSize=64m
   protocol: TCP           resources: {}-XX:MaxDirectMemorySize=64m
          - envname: DB_URI
         - name: JAVA_OPTS  valueFrom:
          value: -Xms256m -Xmx512m -XX:MaxMetaspaceSize=512m -XX:CompressedClassSpaceSize=64m secretKeyRef:
              -Xss256k -Xmn8m -XX:InitialCodeCacheSize=4m -XX:ReservedCodeCacheSize=64mkey: DB_URI
                name: -XX:MaxDirectMemorySize=64mhermod-secret-test-postgres
          - name: DB_URIUSERNAME
            valueFrom:
              secretKeyRef:
                key: DB_URIUSERNAME
                name: hermod-secret-test-postgres
          - name: DB_USERNAMEPASSWORD
            valueFrom:
              secretKeyRef:
                key: DB_USERNAMEPASSWORD
                name: hermod-secret-test-postgres
          readinessProbe:
           - namehttpGet: DB_PASSWORD
              path: /ms
      valueFrom:        port: 20400
     secretKeyRef:       initialDelaySeconds: 20
        key: DB_PASSWORD   timeoutSeconds: 5
            nameperiodSeconds: hermod-secret-test-postgres30
          readinessProbesecurityContext:
            httpGetprivileged: false         
     path: /ms       runAsNonRoot: true
          port: 20400 runAsUser: 1000
          initialDelaySecondsterminationMessagePath: 20/dev/termination-log
            timeoutSecondsvolumeMounts:
5            - periodSecondsname: hermod-config
30           securityContext:   mountPath: /home/docker/config
        privilegedvolumes:
false        - name: hermod-config
          configMap:
runAsNonRoot: true           name: hermod
runAsUser: 1000       dnsPolicy: ClusterFirst
  terminationMessagePath: /dev/termination-log     restartPolicy: Always
    volumeMounts:    securityContext: {}
       - nameterminationGracePeriodSeconds: pvc-hermod30
kind: List
metadata: {}
resourceVersion: ""
selfLink:        mountPath: /home/docker/config
        volumes:
        - name: pvc-hermod
          configMap:
            ""

Create Hermod configuration YML file

Edit the file hermod-configuration with the correct values for your environment.

Important!  The actual values must match the specific deployment scenarios such as configure clientId, public URL, TLS/SSL and url, username, password for the specified database. The code below is only intended as an example. 

Example: hermod-configuration.yml

Code Block
kind: ConfigMap
apiVersion: v1
metadata:
  name: hermod
  namespace: test
data:
   dnsPolicyapplication.yml: ClusterFirst
  |-

    restartPolicylogging:
Always      level:
  securityContext: {}     org.springframework.context.annotation.AnnotationConfigApplicationContext: ERROR
  terminationGracePeriodSeconds: 30 kind: List metadata: {}
resourceVersion org.springframework.boot.SpringApplication: ""
selfLink: ""

Create Hermod configuration YML file

Edit the config

Code Block
kind: ConfigMap
apiVersion: v1
metadata:
  name: hermod
  namespace: test
data:
  application.yml: |-ERROR
        org.springframework.cloud.config.client: ERROR
        org.springframework.web.reactive.function.client.WebClient: TRACE
        logging:com.netflix: INFO
       level: reactor.netty.http.client: TRACE
        org.springframework.context.annotation.AnnotationConfigApplicationContextcom.nexusgroup: ERRORTRACE
        org.springframework.boot.SpringApplicationcom.relayrides: ERRORINFO
        org.springframework.cloud.config.clientmongodb.driver: ERRORTRACE
        orgcom.springframeworknexusgroup.webplugout.reactivemessage.functionserver.clientfilters.WebClientVersionHttpFilter: TRACEERROR
        com.netflix.nexusgroup.cod.hermod.service.MessagePlugoutService: INFOERROR
        reactororg.nettyhibernate.http.clientstat: TRACEDEBUG
        com#org.apache.nexusgrouphttp: TRACE
        com.relayridespattern:
INFO         org.mongodb.driver: TRACE
        com.nexusgroup.plugout.message.server.filters.VersionHttpFilter: ERRORconsole: "%d{yyyy-MM-dd}T%d{HH:mm:ss.SSS}Z ${LOG_LEVEL_PATTERN:- %5p} [%t] %-40.40logger{39} [%mdc] : %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}"
    
    com.nexusgroup.cod.hermod.service.MessagePlugoutService: ERROR
 server:
      servlet:
      org.hibernate.stat: DEBUG context-path: /
      #org.apache.httperror:
 TRACE       patterninclude-message: always
       console: "%d{yyyy-MM-dd}T%d{HH:mm:ss.SSS}Z ${LOG_LEVEL_PATTERN:- %5p} [%t] %-40.40logger{39} [%mdc] : %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}"
 include-binding-errors: never
        include-stacktrace: never
        serverinclude-exception: false

    servletspringdoc:
        context-pathoverride-with-generic-response: /false
      errorapi-docs:
        include-messageenabled: alwaysfalse
        include-binding-errorsswagger-ui:
never         include-stacktrace: neverenabled: false

    spring:
    include-exception:
false      springdocjpa:
      override-with-generic-response  properties:
false       api-docs:   hibernate:
     enabled: false       swaggershow-uisql: false
       enabled: false    format-sql: true
spring:            jpagenerate-statistics: false
        propertieshibernate:
          hibernateddl-auto: validate
      cloud:
     dialect: org.hibernate.dialect.PostgreSQLDialect  kubernetes:
          show-sqlreload:
false             format-sqlenabled: true
    management:
       generate-statistics: falseinfo:
        hibernateenv:
          ddl-autoenabled: validatetrue
      cloudendpoints:
        kubernetesweb:
          reloadexposure:
            enabledinclude: truehealth, info, refresh, prometheus
      managementendpoint:
      info  prometheus:
          envenabled: true

    application:

   enabled   rest:
true        endpointsclient:
          web:keep-a-live-timeout: -1
          exposureconnection-timeout: 8

          include: health, info, refresh, prometheushermod:
    
   endpoint:         prometheusscheduler:
          enabledexec:
true      application:      threads: 100
rest:
        clientrest:
          keep-a-live-timeout: -1uribase:
          connection-timeout: 8

 hide-exceptions: false

   hermod:     # Hide sensitive/long data in event logs?
  scheduler:      events:
    exec:      hide-sensitive: true
    
threads: 100       # All clients rest:have moved to HermodCfg server. Use the scripts in ../hermodcfg/  uribase:to add/modify/list
          hideallowed-exceptionsclients:
false          # Hide sensitive/long data in event logs?X-Api-Key: aGVybW9kLXRlc3Q6NzliNjU3NTA4Nzc3NDA4YmE0MDZmMzU0M2NhODdmYWRiNzQyY2Y2Yzc2MTM0NzQxODlkYmVmMjk1YTI1MjMyYw==
          -  eventsclient-id: hermod-test
         hide-sensitive: true  key: 56UGzk8qZm67YDhkzwuEfpYkLMubram8P9KryXGG9PEa76Xnku5Z6B7c8MKAf66X
      # Enable CORS on /rest/ms endpoint ?  # Optional username:password to be supplied for cors:basic authentication in callbacks
          enabled: false # callback-basic-auth: username:password
       allowed-origins: 'https://doc.nexusgroup.com'    # The callback URL base for this path-patterns: '/rest/command/**,/rest/command/poll/**'specific client
            allowed-headers: '*'callback-url: http://hermod:20400
    
    
        # Message server URLlibrary andsettings
API-key to HermodCfg server which also can host client configuration message-server-library:
    
          hermod-cfg-server:
       # Make sure you also change the certificates above
  enabled: true        public-url: https://<my-hermod-server>:20400/ms
 url: http://hermodcfg:20490
          api-key: CUkrhHzqZRCPvuKbHMZs4PSq73pdnU2Jre5NdYDML7JPJqc2s42JZqqxPhW8wa6c

Create Hermod service YML file

Edit the file hermod-service with the correct values for your environment.

Example: hermod-service.yml

Code Block
apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:
    labels:
     # Allapp: clientshermod
have moved to HermodCfg server.name: Usehermod
the scripts in ../hermodcfg/ to add/modify/list
 namespace: test
  spec:
    allowed-clientsports:
    - nodePort:  30400
  # X-Api-Key: aGVybW9kLXRlc3Q6NzliNjU3NTA4Nzc3NDA4YmE0MDZmMzU0M2NhODdmYWRiNzQyY2Y2Yzc2MTM0NzQxODlkYmVmMjk1YTI1MjMyYw==    port: 20400
     - client-idprotocol: hermod-testTCP
      targetPort: 20400
    keyselector:
56UGzk8qZm67YDhkzwuEfpYkLMubram8P9KryXGG9PEa76Xnku5Z6B7c8MKAf66X      app: hermod
     callback-urlsessionAffinity: http://hermod:20400None
    type: NodePort
kind: List
metadata: {}
resourceVersion:  content-provider-url: http://hermod-testapp:20488/hermod-testapp/rest/content
    
    
        # Message server library settings
        message-server-library:
    
          # Make sure you also change the certificates above
           public-url: https://hermod-test.go.nexusgroup.com/ms""
selfLink: ""

Create Hermod DB secret YML file

Edit the file hermod-service with the correct values for your environment.

Example: hermod-secret.yml

Code Block
apiVersion: v1
data:
  DB_URI: amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg==
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"DB_URI":"amRiYzpzcWxzZXJ2ZXI6Ly9uZ2F6LWRldnNxbDAxZC5kYXRhYmFzZS53aW5kb3dzLm5ldDoxNDMzO2RhdGFiYXNlPWhlcm1vZC1kZXY7dXNlcj1oZXJtb2R1c2VyO3Bhc3N3b3JkPWNvZGEhUUFaeHN3MjtlbmNyeXB0PXRydWU7dHJ1c3RTZXJ2ZXJDZXJ0aWZpY2F0ZT1mYWxzZTtob3N0TmFtZUluQ2VydGlmaWNhdGU9Ki5kYXRhYmFzZS53aW5kb3dzLm5ldDtsb2dpblRpbWVvdXQ9MzA7Cg=="},"kind":"Secret","metadata":{"annotations":{},"name":"hermod-secret","namespace":"default"}}
  name: hermod-secret-test
  namespace: test
type: Opaque