diff --git a/bonita/content.md b/bonita/content.md index e96867525e29..1d7e33c73849 100644 --- a/bonita/content.md +++ b/bonita/content.md @@ -1,6 +1,6 @@ # What is Bonita? -Bonita (called Bonita BPM till 7.5) is an open-source business process management and workflow suite created in 2001. It was started in France National Institute for Research in Computer Science, and then had incubated several years inside the French computer science company Groupe Bull. Since 2009, the development of Bonita is supported by a company dedicated to this activity: Bonitasoft. +Bonita is an open-source business process management and workflow suite created in 2001. It was started in France National Institute for Research in Computer Science, and then had incubated several years inside the French computer science company Groupe Bull. Since 2009, the development of Bonita is supported by a company dedicated to this activity: Bonitasoft. > [wikipedia.org/wiki/Bonita_BPM](http://en.wikipedia.org/wiki/Bonita_BPM) @@ -14,397 +14,278 @@ Bonita (called Bonita BPM till 7.5) is an open-source business process managemen $ docker run --name bonita -d -p 8080:8080 %%IMAGE%% ``` -This will start a container running [Bonita runtime](https://documentation.bonitasoft.com/bonita/2021.2/tomcat-bundle): a Tomcat bundle with Bonita Engine + Bonita Portal. With no environment variables specified, it's as if you have launched the bundle on your host using startup.{sh|bat} (with security hardening on REST and HTTP APIs, cf Security part). Bonita uses a H2 database here. +This will start a container running [Bonita runtime](https://documentation.bonitasoft.com/bonita/latest/tomcat-bundle): a Tomcat bundle with Bonita Engine + Bonita Portal. With no environment variables specified, it's as if you have launched the bundle on your host using startup.{sh|bat} (with security hardening on REST and HTTP APIs, cf Security part). Bonita uses a H2 database here. You can access the Bonita Portal on http://localhost:8080/bonita and login using the default credentials: install / install ## Link Bonita to a database -### PostgreSQL +The H2 database allows the Bonita container to work out of the box, but it is not recommended outside a development environment. -PostgreSQL is the recommended database. +As PostgreSQL is the recommended database for qualification and production environments, follow one of these next sections to configure your Bonita container to run on PostgreSQL database. You can work with either a PostgreSQL Container, or PostgreSQL as an installed service. -[Set max_prepared_transactions to 100](https://documentation.bonitasoft.com/bonita/2021.2/database-configuration#_postgresql): +### PostgreSQL Container -```console -$ mkdir -p custom_postgres -$ echo '#!/bin/bash' > custom_postgres/bonita.sh -$ echo 'sed -i "s/^.*max_prepared_transactions\s*=\s*\(.*\)$/max_prepared_transactions = 100/" "$PGDATA"/postgresql.conf' >> custom_postgres/bonita.sh -$ chmod +x custom_postgres/bonita.sh -``` +From Bonita 2022.1 onwards, the Bonita docker image does not include configuration scripts to automatically create databases and users anymore. -Mount that directory location as /docker-entrypoint-initdb.d inside the PostgreSQL container: +Therefore the PostgreSQL container needs to be configured to work with Bonita before starting the Bonita container. The configuration of a PostgreSQL database to work with Bonita is described in details in the [database configuration page](https://documentation.bonitasoft.com/bonita/latest/runtime/database-configuration#postgres_setup). + Alternatively, Bonita provides a preconfigured [PostgreSQL image](https://hub.docker.com/r/bonitasoft/bonita-postgres) on docker-hub. + You can run the image with the following command: -```console -$ docker run --name mydbpostgres -v "$PWD"/custom_postgres/:/docker-entrypoint-initdb.d -e POSTGRES_PASSWORD=mysecretpassword -d postgres:11 +```bash +docker run --name mydbpostgres -h -d bonitasoft/bonita-postgres:12.6 ``` -See the [official PostgreSQL documentation](https://hub.docker.com/_/postgres/) for more details. +This image is built from the following [GitHub repository](https://github.com/Bonitasoft-Community/bonita-database-docker/tree/main/postgres/12), which can be further adapted/customized to suit your needs. -```console -$ docker run --name bonita_postgres --link mydbpostgres:postgres -d -p 8080:8080 %%IMAGE%% -``` +## %%STACK%% -### MySQL +Run `docker stack deploy -c stack.yml %%REPO%%` (or `docker-compose -f stack.yml up`), wait for it to initialize completely, and visit `http://swarm-ip:8080`, `http://localhost:8080`, or `http://host-ip:8080` (as appropriate). -There are known issues with the management of XA transactions by MySQL engine and driver: see MySQL bug [17343](http://bugs.mysql.com/bug.php?id=17343) +- Replace `` with the one used in the licence generation command +- leave double `$$` untouched -[Increase the packet size](https://documentation.bonitasoft.com/bonita/2021.2/database-configuration#_maximum_packet_size) which is set by default to 1M: +### PostgreSQL as an installed service -```console -$ mkdir -p custom_mysql -$ echo "[mysqld]" > custom_mysql/bonita.cnf -$ echo "max_allowed_packet=16M" >> custom_mysql/bonita.cnf -``` +If you don't want to run your database in a docker container, the following `env.txt` file needs to be configured and provided to the docker run command: -Mount that directory location as /etc/mysql/conf.d inside the MySQL container: - -```console -$ docker run --name mydbmysql -v "$PWD"/custom_mysql/:/etc/mysql/conf.d -e MYSQL_ROOT_PASSWORD=mysecretpassword -d mysql:8.0 +```properties +DB_VENDOR=postgres +DB_HOST=172.17.0.2 +DB_PORT=5432 +DB_NAME=custombonitadb +DB_USER=custombonitauser +DB_PASS=custombonitapass +BIZ_DB_NAME=custombusinessdb +BIZ_DB_USER=custombusinessuser +BIZ_DB_PASS=custombusinesspass ``` -See the [official MySQL documentation](https://hub.docker.com/_/mysql/) for more details. - -Start your application container to link it to the MySQL container: - -```console -$ docker run --name bonita_mysql --link mydbmysql:mysql -d -p 8080:8080 %%IMAGE%% +```bash +docker run --name=bonita -h --env-file=env.txt -d -p 8080:8080 %%IMAGE%% ``` -## Modify default credentials +## Start Bonita with custom security credentials -```console -$ docker run --name=bonita -e "TENANT_LOGIN=tech_user" -e "TENANT_PASSWORD=secret" -e "PLATFORM_LOGIN=pfadmin" -e "PLATFORM_PASSWORD=pfsecret" -d -p 8080:8080 %%IMAGE%% +```bash +docker run --name=bonita -h -e "TENANT_LOGIN=tech_user" -e "TENANT_PASSWORD=secret" -e "PLATFORM_LOGIN=pfadmin" -e "PLATFORM_PASSWORD=pfsecret" -d -p 8080:8080 %%IMAGE%% ``` -Now you can access the Bonita Portal on localhost:8080/bonita and login using: `tech_user` / `secret` - -## %%STACK%% - -Run `docker stack deploy -c stack.yml %%REPO%%` (or `docker-compose -f stack.yml up`), wait for it to initialize completely, and visit `http://swarm-ip:8080`, `http://localhost:8080`, or `http://host-ip:8080` (as appropriate). - -## Where to store data - -Most of the data are stored in a database and can be stored outside the Bonita container as described above using the PostgreSQL or MySQL container. However, some data remains inside the Bonita bundle. Bonita Home is a folder, called `bonita`, which contains configuration, working, and temporary folders and files. There are also log files inside the `logs` folder till Bonita 7.8. - -Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the `%%REPO%%` images to familiarize themselves with the options available, including: +Now you can access the Bonita Runtime on localhost:8080/bonita and login using: tech_user / secret -- Let Docker manage the storage of your data [by writing the files to disk on the host system using its own internal volume management](https://docs.docker.com/engine/tutorials/dockervolumes/#adding-a-data-volume). This is the default and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers. -- Create a data directory on the host system (outside the container) and [mount this to a directory visible from inside the container](https://docs.docker.com/engine/tutorials/dockervolumes/#mount-a-host-directory-as-a-data-volume). This places the database files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that directory permissions and other security mechanisms on the host system are set up correctly. +## Where data are stored -The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above: +Bonita uses tomcat that writes file to a working directory and a temp directory. -1. Create a data directory on a suitable volume on your host system, e.g. `/my/own/datadir`. -2. Start your `%%REPO%%` container like this: +It can be a good practice to mount the following folders into volumes - docker run --name some-%%REPO%% -v /my/own/datadir:/opt/bonita -d -p 8080:8080 %%IMAGE%%:tag +- `/opt/bonita/server/temp` +- `/opt/bonita/server/work` -The `-v /my/own/datadir:/opt/bonita` part of the command mounts the `/my/own/datadir` directory from the underlying host system as `/opt/bonita` inside the container, where Bonita will deploy the bundle and write data files by default. - -## Migrate from an earlier version of Bonita - -- Stop the container to perform a backup - - ```console - $ docker stop bonita_7.9.5_postgres - ``` - -- For containers < 7.3.0 : - - - Check where your data are stored - - ```console - $ docker inspect bonita_7.2.3_postgres - [...] - "Mounts": [ - { - "Source": "/home/user/Documents/Docker/Volumes/bonita_7.2.3_postgres", - "Destination": "/opt/bonita", - "Mode": "", - "RW": true - } - ], - [...] - ``` - - - Copy data from the filesystem - - ```console - $ cp -r bonita_7.2.3_postgres bonita_migration - ``` - -- Retrieve the DB container IP - - ```console - $ docker inspect --format '{{ .NetworkSettings.IPAddress }}' mydbpostgres - 172.17.0.26 - ``` - -- Dump the database - - ```console - $ export PGPASSWORD=mysecretpassword - $ pg_dump -O -x -h 172.17.0.26 -U postgres bonitadb > /tmp/bonitadb.sql - ``` - - Note that businessdb won't be updated with the migration tool but you may want to also backup/move it. - -- Load the dump - - ```console - $ export PGPASSWORD=mysecretpassword - $ psql -U postgres -h 172.17.0.26 -d postgres -c "CREATE USER newbonitauser WITH PASSWORD 'newbonitapass';" - $ psql -U postgres -h 172.17.0.26 -d postgres -c "CREATE DATABASE newbonitadb OWNER newbonitauser;" - $ export PGPASSWORD=newbonitapass - $ cat /tmp/bonitadb.sql | psql -U newbonitauser -h 172.17.0.26 newbonitadb - ``` - -- Retrieve the last migration tool - - - If you migrate to a version < 7.3.0 - - - get also the target version of the Bonita bundle - - ```console - cd bonita_migration - wget https://github.com/bonitasoft/bonita-platform-releases/releases/download/2021.2-u0/bonita-migration-distrib-2.55.0.zip - wget https://download.forge.ow2.org/bonita/BonitaBPMCommunity-7.2.4-Tomcat-7.0.67.zip - unzip bonita-migration-distrib-2.55.0.zip - unzip BonitaBPMCommunity-7.2.4-Tomcat-7.0.67.zip - ``` +## Environment variables - - Move the previous Home into the new bundle +When you start the bonita image, you can adjust the configuration of the Bonita instance by passing one or more environment variables on the docker run command line. - ```console - mv BonitaBPMCommunity-7.2.4-Tomcat-7.0.67/bonita/ BonitaBPMCommunity-7.2.4-Tomcat-7.0.67/bonita.orig - cp -r BonitaBPMCommunity-7.2.3-Tomcat-7.0.67/bonita/ BonitaBPMCommunity-7.2.4-Tomcat-7.0.67/bonita/ - ``` +### PLATFORM_LOGIN - - If you migrate to a version >= 7.3.0 +This optional environment variable is used in conjunction with PLATFORM_PASSWORD to define the username for the platform administrator. If it is not specified, the default username `platformAdmin` will be used. - ```console - cd bonita_migration - wget https://github.com/bonitasoft/bonita-platform-releases/releases/download/2021.2-u0/bonita-migration-distrib-2.55.0.zip - unzip bonita-migration-distrib-2.55.0.zip - ``` +### PLATFORM_PASSWORD -- Configure the migration tool +This environment variable is recommended for you to use the Bonita image. It sets the platform administrator password for Bonita. If it is not specified, the default password `platform` will be used. - ```console - $ cd bonita-migration-distrib-2.55.0 - ``` +### TENANT_LOGIN - edit the migration tool config to point towards the copy of bonita home and db +This optional environment variable is used in conjunction with TENANT_PASSWORD to define the username for the tenant administrator. If it is not specified, the default username `install` will be used. - ```console - $ vim Config.properties - ``` +### TENANT_PASSWORD - For example : +This environment variable is recommended for you to use the Bonita image. It sets the tenant administrator password for Bonita. If it is not specified, the default password `install` will be used. - db.vendor=postgres - db.url=jdbc:postgresql://172.17.0.26:5432/newbonitadb - db.driverClass=org.postgresql.Driver - db.user=newbonitauser - db.password=newbonitapass - # location of the bonita home (only useful when migration from version before 7.3.0) - bonita.home=/home/user/Documents/Docker/Volumes/bonita_migration/BonitaBPMCommunity-7.2.3-Tomcat-7.0.67/bonita +### MONITORING_USERNAME -- Launch the migration +This optional environment variable is used in conjunction with `MONITORING_PASSWORD` to define the access to endpoints protected with [BASIC Auth access](https://en.wikipedia.org/wiki/Basic_access_authentication): it is used for the JMX remote access. If it is not specified, the default monitoring username `monitoring` will be used. - ```console - $ cd bin - $ ./bonita-migration-distrib - ``` +### MONITORING_PASSWORD -- Launch the new container pointing towards the copy of DB and filesystem +This optional environment variable is used in conjunction with `MONITORING_USERNAME` to define the access to endpoints protected with [BASIC Auth access](https://en.wikipedia.org/wiki/Basic_access_authentication): it is used for the JMX remote access. If it is not specified, the default monitoring password `mon1tor1ng_adm1n` will be used. - - If < 7.3.0 +### HTTP_API - ```console - $ docker run --name=bonita_postgres --link mydbpostgres:postgres -e "DB_NAME=newbonitadb" -e "DB_USER=newbonitauser" -e "DB_PASS=newbonitapass" -v "$PWD"/bonita_migration:/opt/bonita/ -d -p 8081:8080 %%IMAGE%%:7.2.4 - ``` +This optional environment variable is used to enable/disable the Bonita HTTP API. The default value is false, which will deactivate the HTTP API. From Bonita 2022.1, HTTP API is protected with [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the following 2 parameters to configure Basic access authentication. - - If >= 7.3.0 +### HTTP_API_USERNAME - ```console - $ docker run --name=bonita_postgres --link mydbpostgres:postgres -e "DB_NAME=newbonitadb" -e "DB_USER=newbonitauser" -e "DB_PASS=newbonitapass" -d -p 8081:8080 %%IMAGE%%:2021.2-u0 - ``` +This optional environment variable is used to configure the HTTP API Basic access authentication username. The default value is `http-api`. -- Reapply specific configuration if needed, for example with a version >= 7.3.0 : +### HTTP_API_PASSWORD - ```console - $ docker exec -ti bonita_postgres /bin/bash - ``` +This optional environment variable is used to configure the HTTP API Basic access authentication password. There is no default value, and providing a value is mandatory if `HTTP_API=true`. - ```console - $ cd /opt/bonita/BonitaCommunity-2021.2-u0/setup - $ ./setup.sh pull - $ TENANT_LOGIN=tech_user - $ TENANT_PASSWORD=secret - $ PLATFORM_LOGIN=pfadmin - $ PLATFORM_PASSWORD=pfsecret - $ sed -e 's/^#userName\s*=.*/'"userName=${TENANT_LOGIN}"'/' \ - -e 's/^#userPassword\s*=.*/'"userPassword=${TENANT_PASSWORD}"'/' \ - -i platform_conf/current/tenants/1/tenant_engine/bonita-tenant-community-custom.properties - $ sed -e 's/^platform.tenant.default.username\s*=.*/'"platform.tenant.default.username=${TENANT_LOGIN}"'/' \ - -e 's/^platform.tenant.default.password\s*=.*/'"platform.tenant.default.password=${TENANT_PASSWORD}"'/' \ - -i platform_conf/current/platform_portal/platform-tenant-config.properties - $ sed -e 's/^#platformAdminUsername\s*=.*/'"platformAdminUsername=${PLATFORM_LOGIN}"'/' \ - -e 's/^#platformAdminPassword\s*=.*/'"platformAdminPassword=${PLATFORM_PASSWORD}"'/' \ - -i platform_conf/current/platform_engine/bonita-platform-community-custom.properties - $ sed -i -e 's/^#GET|/GET|/' -e 's/^#POST|/POST|/' -e 's/^#PUT|/PUT|/' -e 's/^#DELETE|/DELETE|/' -i platform_conf/current/tenants/1/tenant_portal/dynamic-permissions-checks.properties - $ ./setup.sh push - ``` +### JMX_REMOTE_ACCESS - ```console - $ docker restart bonita_postgres - ``` +This optional environment variable is used to enable/disable the access to the [JMX console](https://docs.oracle.com/en/java/javase/11/management/using-jconsole.html) from a remote machine. + Default value is `false`. + The host to connect to is the name / IP address of the bonita server, the port to connect to is 9000. + The credentials to connect are the environment variables [MONITORING_USERNAME](#MONITORING_USERNAME), [MONITORING_PASSWORD](#MONITORING_PASSWORD). -- Specific consideration regarding migration to Java 11 in Bonita 7.9 +### REMOTE_IP_VALVE_ENABLED - Bonita 7.9 docker image runs with Java 11. If you are migrating from an earlier version which runs Java 8, you should validate on a test environment that your custom code is compatible. Aside from just code incompatibility, special attention has to be given to the dependencies of the custom code, as they might not work in Java 11. +This optional environment variable allows to activate/deactivate [reverse proxy redirection](https://documentation.bonitasoft.com/bonita/latest/runtime/reverse-proxy-configuration). Default value is `false`. -For more details regarding Bonita migration, see the [documentation](https://documentation.bonitasoft.com/bonita/2021.2/migrate-from-an-earlier-version-of-bonita-bpm). +### ACCESSLOGS_STDOUT_ENABLED -## Security +This optional environment variable allows to activate/deactivate writing Tomcat access logs to standard output. Default value is `false`. -This Docker image activates both static and dynamic authorization checks by default on REST API. To be consistent, it also deactivates the HTTP API. +### ACCESSLOGS_FILES_ENABLED -- REST API authorization +This optional environment variable allows to activate/deactivate writing Tomcat access logs to a specific file. When activated, will write those logs to `/opt/bonita/logs/` *inside* the docker container. In practice, it is only useful when mounting a volume to the aforementioned directory. Default value is `false`. - - [Static authorization checking](https://documentation.bonitasoft.com/bonita/2021.2/rest-api-authorization#static_authorization) +### ACCESSLOGS_PATH - - [Dynamic authorization checking](https://documentation.bonitasoft.com/bonita/2021.2/rest-api-authorization#dynamic_authorization) +If `ACCESSLOGS_FILES_ENABLED=true`, this optional environment variable overrides the default path to the access log files. Default value is `/opt/bonita/logs`. -- [HTTP API](https://documentation.bonitasoft.com/bonita/2021.2/rest-api-authorization#_activating_and_deactivating_authorization) +### ACCESSLOGS_PATH_APPEND_HOSTNAME -For specific needs you can override this behavior by setting HTTP_API to true and REST_API_DYN_AUTH_CHECKS to false: +If `ACCESSLOGS_FILES_ENABLED=true`, this optional environment variable allows to append a subdirectory with the *hostname* to the full path of the directory to put access log files into. Default value is `false`. -```console -$ docker run -e HTTP_API=true -e REST_API_DYN_AUTH_CHECKS=false --name bonita -d -p 8080:8080 %%IMAGE%% -``` +### ACCESSLOGS_MAX_DAYS -## Environment variables +If `ACCESSLOGS_FILES_ENABLED=true`, this optional environment variable allows to automatically delete access log files after a certain number of days. Default value is `30`. -When you start the `bonita` image, you can adjust the configuration of the Bonita instance by passing one or more environment variables on the `docker run` command line. +### HTTP_MAX_THREADS -### `PLATFORM_PASSWORD` +This optional environment variable allows to specify the maximum Http thread number Tomcat will use to serve HTTP/1.1 requests. Directly modifies the *maxThreads* parameter in the *server.xml* file of the Tomcat inside the docker container. More information on the usefulness of this parameter can be found [here](https://tomcat.apache.org/tomcat-9.0-doc/config/http.html). Default value is `20`. -This environment variable [is recommended](https://documentation.bonitasoft.com/bonita/2021.2/tomcat-bundle#_platform_administrator) for you to use the Bonita image. It sets the platform administrator password for Bonita. If it is not specified, the default password `platform` will be used. +### JAVA_OPTS -### `PLATFORM_LOGIN` +This optional environment variable is used to customize JAVA_OPTS. The default value is -Xms1024m -Xmx1024m -XX:MaxPermSize=256m. The syntax to use is `-e JAVA_OPTS="-Xms2048m -Xmx2048m -XX:MaxPermSize=1024m"` -This optional environment variable is used in conjunction with `PLATFORM_PASSWORD` to define the username for the platform administrator. If it is not specified, the default user `platformAdmin` will be used. +### DB_VENDOR -### `TENANT_PASSWORD` +This environment variable is automatically set to postgres or mysql if the Bonita container is linked to a PostgreSQL or MySQL database using --link. The default value is h2. It can be overridden if you don't use the --link capability. -This environment variable [is recommended](https://documentation.bonitasoft.com/bonita/2021.2/tomcat-bundle#_tenant_administrator) for you to use the Bonita image. It sets the tenant administrator password for Bonita. If it is not specified, the default password `install` will be used. +### DB_HOST, DB_PORT -### `TENANT_LOGIN` +These variables are optional, used in conjunction to configure the bonita image to reach the database instance. There are automatically set if --link is used to run the container. -This optional environment variable is used in conjunction with `TENANT_PASSWORD` to define the username for the tenant administrator. If it is not specified, the default user of `install` will be used. +### DB_NAME, DB_USER, DB_PASS -### `REST_API_DYN_AUTH_CHECKS` +These variables are used in conjunction to define how Bonita should access its database for internal functioning. -This optional environment variable is used to enable/disable [dynamic authorization checking](https://documentation.bonitasoft.com/bonita/2021.2/rest-api-authorization#dynamic_authorization) on Bonita REST API. The default value is `true`, which will activate dynamic authorization checking. +`DB_NAME` default value is bonitadb. -### `HTTP_API` +`DB_USER` default value is bonitauser. -This optional environment variable is used to enable/disable the Bonita HTTP API. The default value is `false`, which will deactivate the HTTP API. +`DB_PASS` default value is bonitapass. -### `JAVA_OPTS` +### BIZ_DB_NAME, BIZ_DB_USER, BIZ_DB_PASS -This optional environment variable is used to customize JAVA_OPTS. The default value is `-Xms1024m -Xmx1024m`. +These variables are used in conjunction to define how Bonita should access the [Business Data](https://documentation.bonitasoft.com/bonita/latest/data/define-and-deploy-the-bdm) database. -### `ENSURE_DB_CHECK_AND_CREATION` +`BIZ_DB_NAME` default value is businessdb. -This optional environment variable is used to allow/disallow the SQL queries to automatically check and create the databases using the database administrator credentials. The default value is `true`. +`BIZ_DB_USER` default value is businessuser. -### `DB_VENDOR` +`BIZ_DB_PASS` default value is businesspass. -This environment variable is automatically set to `postgres` or `mysql` if the Bonita container is linked to a PostgreSQL or MySQL database using `--link`. The default value is `h2`. It can be overridden if you don't use the `--link` capability. +## Logger configuration -### `DB_HOST`, `DB_PORT` +**Since 2022.1** -These variables are optional, used in conjunction to configure the `bonita` image to reach the database instance. There are automatically set if `--link` is used to run the container. +The logger can be configured by mounting a volume on folder `/opt/bonita/conf/logs` containing the configuration files. -### `DB_NAME`, `DB_USER`, `DB_PASS` +the volume must contain the 2 files [log4j2-loggers.xml](https://raw.githubusercontent.com/bonitasoft/bonita-distrib/7.14.0/tomcat-resources/tomcat-distrib-for-bonita/src/main/resources/tomcat/server/conf/log4j2-loggers.xml) and [log4j2-appenders.xml](https://raw.githubusercontent.com/bonitasoft/bonita-distrib/7.14.0/docker/files/log4j2/log4j2-appenders.xml) -These variables are used in conjunction to create a new user, set that user's password, and create the `bonita` database. +Any change made to one of this 2 files is automatically hot-reloaded and taken into account immediately. -`DB_NAME` default value is `bonitadb`. +## Security -`DB_USER` default value is `bonitauser`. +This Docker image activates both static and dynamic authorization checks by default on REST API. To be consistent, it also deactivates the HTTP API. -`DB_PASS` default value is `bonitapass`. +- REST API authorization -### `BIZ_DB_NAME`, `BIZ_DB_USER`, `BIZ_DB_PASS` + - [Static authorization checking](https://documentation.bonitasoft.com/bonita/latest/rest-api-authorization#static_authorization) -These variables are used in conjunction to create a new user, set that user's password and create the `bonita` [business database](https://documentation.bonitasoft.com/bonita/2021.2/define-and-deploy-the-bdm#_business_data_model_bdm). +- [HTTP API](https://documentation.bonitasoft.com/bonita/latest/rest-api-authorization#_activating_and_deactivating_authorization) -`BIZ_DB_NAME` default value is `businessdb`. +For specific needs you can override this behavior by setting HTTP_API to true: -`BIZ_DB_USER` default value is `businessuser`. +```console +$ docker run -e HTTP_API=true -e HTTP_API_PASSWORD="My-Cust0m_S3cR3T" --name bonita -d -p 8080:8080 %%IMAGE%% +``` -`BIZ_DB_PASS` default value is `businesspass`. +## Update from an earlier version of Bonita -### `DB_ADMIN_USER`, `DB_ADMIN_PASS` +For updating from a version before 7.10.0, please refer to the [documentation](https://documentation.bonitasoft.com/bonita/latest/version-update/migrate-from-an-earlier-version-of-bonita) -These variables are optional, and used in conjunction to create users and databases through the administrator account used on the database instance. +- Stop the container to perform a database backup -`DB_ADMIN_USER` if no value is provided, this is automatically set to `root` with MySQL or `postgres` with PostgreSQL. + ```console + $ docker stop bonita + ``` -`DB_ADMIN_PASS` if no value is provided, this is automatically set using the value from the linked container: `MYSQL_ENV_MYSQL_ROOT_PASSWORD` or `POSTGRES_ENV_POSTGRES_PASSWORD`. +- Retrieve the DB container IP -### `DB_DROP_EXISTING`, `BIZ_DB_DROP_EXISTING` + ```console + $ docker inspect --format '{{ .NetworkSettings.IPAddress }}' mydbpostgres + 172.17.0.26 + ``` -`DB_DROP_EXISTING` and `BIZ_DB_DROP_EXISTING` can be used to drop existing databases in order to reuse an existing database instance. +- Dump the database -`DB_DROP_EXISTING` default value is `N`. + ```console + $ export PGPASSWORD=mysecretpassword + $ pg_dump -O -x -h 172.17.0.26 -U postgres bonitadb > /tmp/bonitadb.sql + ``` -`BIZ_DB_DROP_EXISTING` default value is `N`. + Note that businessdb won't be updated by the update tool but you may want to also backup/move it. -### `BONITA_SERVER_LOGGING_FILE`, `BONITA_SETUP_LOGGING_FILE` +- Load the dump -Since Bonita 7.9 `BONITA_SERVER_LOGGING_FILE` and `BONITA_SETUP_LOGGING_FILE` can be used to update logging configuration. + ```console + $ export PGPASSWORD=mysecretpassword + $ psql -U postgres -h 172.17.0.26 -d postgres -c "CREATE USER newbonitauser WITH PASSWORD 'newbonitapass';" + $ psql -U postgres -h 172.17.0.26 -d postgres -c "CREATE DATABASE newbonitadb OWNER newbonitauser;" + $ export PGPASSWORD=newbonitapass + $ cat /tmp/bonitadb.sql | psql -U newbonitauser -h 172.17.0.26 newbonitadb + ``` -`BONITA_SERVER_LOGGING_FILE` default value is `/opt/bonita/BonitaSubscription-${BONITA_VERSION}/server/conf/logging.properties`. +- Retrieve the last update tool -`BONITA_SETUP_LOGGING_FILE` default value is `/opt/bonita/BonitaSubscription-${BONITA_VERSION}/setup/logback.xml`. + ```console + wget https://github.com/bonitasoft/bonita-platform-releases/releases/download/2022.1-u0/bonita-update-tool-3.0.0.zip + unzip bonita-update-tool-3.0.0.zip + ``` -# How to extend this image +- Configure the update tool -If you would like to do additional initialization, you can add a `*.sh` script under `/opt/custom-init.d`. The `startup.sh` file will source any `*.sh` script found in this directory to do further initialization before starting the service. + ```console + $ cd bonita-update-tool-3.0.0 + ``` -For example, you can increase the log level : + edit the update tool configuration file `Config.properties` to point towards the database. -```console -$ mkdir -p custom_bonita -$ echo '#!/bin/bash' > custom_bonita/bonita.sh -$ echo 'sed -i "s/^org.bonitasoft.level = WARNING$/org.bonitasoft.level = FINEST/" /opt/bonita/BonitaCommunity-2021.2-u0/server/conf/logging.properties' >> custom_bonita/bonita.sh -$ chmod +x custom_bonita/bonita.sh + ```console + $ vim Config.properties + ``` -$ docker run --name bonita_custom -v "$PWD"/custom_bonita/:/opt/custom-init.d -d -p 8080:8080 %%IMAGE%% -``` + For example : -Since Bonita 7.9 you can also apply a custom `logging.properties` file like this : + ```properties + db.vendor=postgres + db.url=jdbc:postgresql://172.17.0.26:5432/newbonitadb + db.driverClass=org.postgresql.Driver + db.user=newbonitauser + db.password=newbonitapass + ``` -```console -docker run --name bonita \ - -v /path/to/logging.properties:/etc/logging.properties -e BONITA_SERVER_LOGGING_FILE=/etc/logging.properties \ - -d -p 8080:8080 %%IMAGE%% -``` +- Launch the update tool -Note: There are several ways to check the `bonita` logs. Till Bonita 7.8, one of them is + ```console + $ cd bin + $ ./bonita-update-tool + ``` -```console -$ docker exec -ti bonita_custom /bin/bash -tail -f /opt/bonita/BonitaCommunity-2021.2-u0/server/logs/bonita.`date +%Y-%m-%d`.log -``` +- Launch the new container pointing towards the copy of the database. -Since Bonita 7.9 bonita logs are redirected towards standard output and directly accessible using + ```console + $ docker run --name=bonita --link mydbpostgres:postgres -e "DB_NAME=newbonitadb" -e "DB_USER=newbonitauser" -e "DB_PASS=newbonitapass" -d -p 8081:8080 %%IMAGE%%:2022.1-u0 + ``` -```console -$ docker logs -f bonita -``` +For more details regarding Bonita update and for version before 7.10.0, see the [documentation](https://documentation.bonitasoft.com/bonita/latest/version-update/migrate-from-an-earlier-version-of-bonita). diff --git a/bonita/stack.yml b/bonita/stack.yml index 9a502717fff7..97994e559a26 100644 --- a/bonita/stack.yml +++ b/bonita/stack.yml @@ -1,9 +1,8 @@ -# Use tech_user/secret as user/password credentials version: '3' services: db: - image: postgres:11 + image: bonitasoft/bonita-postgres:12.6 environment: POSTGRES_PASSWORD: example restart: always @@ -11,13 +10,20 @@ services: - -c - max_prepared_transactions=100 bonita: - image: bonita + image: bonita:7.14.0 + hostname: custom-hostname.example.com ports: - 8080:8080 environment: - - POSTGRES_ENV_POSTGRES_PASSWORD=example - DB_VENDOR=postgres - DB_HOST=db + - DB_PORT=5432 + - DB_NAME=bonita + - DB_USER=bonita + - DB_PASS=bpm + - BIZ_DB_NAME=business_data + - BIZ_DB_USER=business_data + - BIZ_DB_PASS=bpm - TENANT_LOGIN=tech_user - TENANT_PASSWORD=secret - PLATFORM_LOGIN=pfadmin @@ -30,16 +36,14 @@ services: - -c - | set -e - echo 'Waiting for Postgres to be available' - export PGPASSWORD="$$POSTGRES_ENV_POSTGRES_PASSWORD" + echo 'Waiting for PostgreSQL to be available' maxTries=10 - while [ "$$maxTries" -gt 0 ] && ! psql -h "$$DB_HOST" -U 'postgres' -c '\l'; do - let maxTries-- + while [ "$$maxTries" -gt 0 ] && [ $$(echo 'QUIT' | nc -w 1 "$$DB_HOST" 5432; echo "$$?") -gt 0 ]; do sleep 1 + let maxTries-- done - echo if [ "$$maxTries" -le 0 ]; then echo >&2 'error: unable to contact Postgres after 10 tries' exit 1 fi - exec /opt/files/startup.sh + exec /opt/files/startup.sh /opt/bonita/server/bin/catalina.sh run