This repository aims to bootstrap an environment to demonstrate the use of EverTrust's products.
The distribution packages the following components by default :
- A Stream instance, preconfigured with a software key vault.
- An Horizon instance, preconfigured with enrollment profiles and Stream as a PKI connector.
It can also use profiles to add components to the installation dynamically. Refer to the Profiles section for more information.
As this project is based on Docker Compose, the only requirement is to have a fairly recent Docker engine installed locally. It supports both arm64 and amd64 architectures. Bootstrapping the project is straightforward :
-
The first step is to clone the repository to your local machine :
git clone https://github.com/evertrust/playground.git -
Then, you'll need to configure licenses for both Stream and Horizon. The Compose project expects the following license files to be present :
stream.licin thestream/licensedirectory : The Stream license filehorizon.licin thehorizon/license: The Horizon license file
-
Configure DNS entries to resolve to your local computer. The simplest way is to edit your
/etc/hostsfile, but you could also use a local DNS server such asdnsmasq:127.0.0.1 horizon.lab 127.0.0.1 stream.lab -
Docker will need to fetch Horizon, Stream and binaries from an authenticated repository. Copy the
.env.examplefile to.env:cp .env.example .env
And replace the contents of the file with your credentials, such as :
REPOSITORY_USER=<your username> REPOSITORY_PASSWORD=<your password>
Once done, you'll need to login to the registry :
source .env docker login registry.evertrust.io -u $REPOSITORY_USER -p $REPOSITORY_PASSWORD
-
Finally, you can start the project :
docker compose up -d
Make sure ports 80 and 443 are not already in use on your local machine.
WARNING: When starting the project for the first time, Compose will need to build the containers from scratch. It may fail if you haven't bootstrapped a Buildx runner first with :
docker buildx create --use --bootstrap --name localThe following services are exposed once the project is up and running :
- Horizon : https://horizon.lab
- Stream : https://stream.lab
To log in, if you opted in for database seeding, a default administrator account is created on both products. The default credentials are administrator / evertrust.
Profiles is a Docker Compose feature used to enable or disable components on the fly. It allows the installation to stay lightweight while taking many scenarios into account in this playground.
To enable a profile, pass the --profile parameter to the docker compose command :
docker compose --profile <profile> up -dclient boots a container with the EverTrust client installed. It is useful to test the client's integration with Horizon and Stream.
To gain access to the webserver running in the container, add the following line to your /etc/hosts :
127.0.0.1 webserver.lab
-
Navigate to https://webserver.lab:8443. A bogus certificate should be presented.
-
Run a shell into the container :
docker compose exec demo-client bash -
Run the automation script :
horizon-cli automate enroll --automation-policy DemoAutomationPolicyServer
-
After validating the enrollment, the https://webserver.lab:8443 should present an Horizon-issued certificate.
ansible boots a container with the Ansible collection installed.
-
Run a shell into the container :
docker compose exec demo-ansible bash -
Run
ansible-playbookto install a webserver and provision a certificate for it :ansible-playbook playbook-deploy-apache.yaml
The GitHub Action in the .github/workflows/bump.yml file is used to bump the version of the project.
It is triggered manually by specifying the source and target versions of Stream and Horizon.
After it run, a pull request on the branch used to trigger the workflow is created with the changes.
To run the workflow, a token with the following permissions is required on Horizon, Stream and Playground repositories :
contents:readpull_request:write
The token must be stored in a CI_TOKEN secret in the repository.
