From 69182c6f3a7b835a871d9ee056a18eb1ec71e060 Mon Sep 17 00:00:00 2001 From: Malo <mtc@kereval.com> Date: Fri, 24 Nov 2023 14:31:49 +0100 Subject: [PATCH] CTS Installation update --- CTS/installation.md | 102 ++++++++++++++++++++------------------------ 1 file changed, 46 insertions(+), 56 deletions(-) mode change 100755 => 100644 CTS/installation.md diff --git a/CTS/installation.md b/CTS/installation.md old mode 100755 new mode 100644 index b5fdb4c..d4bb41c --- a/CTS/installation.md +++ b/CTS/installation.md @@ -1,13 +1,13 @@ --- title: Installation Manual subtitle: Certification Testing System -author: Anne-Gaëlle Bergé -function: Quality Engineer -date: 2020-05-25 -toolversion: 1.3 +author: Malo Toudic +function: Developer +date: 2022-04-14 +toolversion: 1.6 version: 1.00 status: Approved -reference: KER2-MAN-IHE-CTS_1_3 +reference: KER2-MAN-IHE-CTS_1_6 customer: Federal Office For Public Health --- @@ -22,7 +22,7 @@ running SIA test sessions. ## Scope -This document and associated Certification Testing System are relevant to the Swiss Interoperability Assessment Scheme (SIAS) 1.3. +This document and associated Certification Testing System are relevant to the Swiss Interoperability Assessment Scheme (SIAS) 1.6. It is intended to authorized laboratories that will run a SIA test session. ## Virtual Machine characteristics @@ -117,7 +117,7 @@ Fill out the form with the following parameters and hit “Requestâ€. * Common Name (CN) shall match the full qualifier domain name of the CTS environment. * Other mandatory parameters shall fill out to match your organization and country. * If the system under test supports SNI, you need to generate another certificate for the second -hostname that can be used to reach your CTS environment. + hostname that can be used to reach your CTS environment. ### Load the certificate on CTS @@ -149,7 +149,7 @@ Enter the commands (enter 'password' when asked): ``` $> sudo su $> cd /etc/letsencrypt/live/<domainname> - $> openssl pkcs12 -export -inkey privkey.pem -in cert.pem -certfile chain.pem -out cert.p12 +$> openssl pkcs12 -export -inkey privkey.pem -in cert.pem -certfile chain.pem -out cert.p12 ``` Then replace idp-backchannel.p12 and idp-browser.p12 in /opt/shibboleth-idp/credentials by cert.p12 @@ -175,7 +175,7 @@ $> sudo docker restart shibboleth-idp #### Configure TLS simulators in GSS ``` -psql -U gazelle gss -c "UPDATE tls_simulator SET certificate_id = <id_of_the_new_certificate> WHERE certificate_id = 23" +psql -U gazelle -h localhost gss -c "UPDATE tls_simulator SET certificate_id = <id_of_the_new_certificate> WHERE certificate_id = 23" ``` Where <id_of_the_new_certificate> is the id of the certificate created in the "Generate certificates in GSS" section of this document. This id is displayed in the GUI. @@ -230,8 +230,8 @@ link to each page of the manual is available (PDF icon). The following tools are installed on the virtual machine: * __Gazelle Test Management (configured to work as Test Management and Gazelle Master Model)__ is the tool used during the connectathons. It is used to manage -the users, the systems under test and the test sessions. SIA conformance tests are also stored in this tool. -It embeds the SIA test cases and the IHE concepts. + the users, the systems under test and the test sessions. SIA conformance tests are also stored in this tool. + It embeds the SIA test cases and the IHE concepts. * __Patient Manager__ is a simulator which integrates the IHE profiles which deals with patient and encounter management (CH:PIXV3, CH:XCPD, and CH:PDQV3 are configured) * __SVS Simulator__ is a simulator for the SVS profile. It is used by the other applications of the Gazelle test bed as a value set repository. * __Gazelle HL7 Validator__ is a validation tool for HL7v3-based messages @@ -241,7 +241,7 @@ It embeds the SIA test cases and the IHE concepts. * __Demographic Data Server__ is used to generate fake demographics for testing purposes * __EVS Client__ is the graphical interface to Gazelle validation services. * __Gazelle Webservice Tester__ has been designed with the purpose of executing SoapUI projects against the systems under test. It also stores the -message exchanged between the systems under test and the SoapUI mocks + message exchanged between the systems under test and the SoapUI mocks * __Schematron Validator__ is a schematron-based conformance checker * __HPD Simulator__ emulates the CH:HPD actors and offers a validation service for the messages produced in the context of this profile * __XD\* Client__ offers validators for verifying the conformance of the XD* messages @@ -251,59 +251,43 @@ message exchanged between the systems under test and the SoapUI mocks * __CAS__ service for singe-sign-on login * __Nagios__ is a service monitoring configured to check the availability of the tools installed in the virtual machine * A number of SoapUI mocks are also available, they emulates EPR actors playing the role of responder: - * Assertion Provider - * ADR Provider - * PPQ Repository - * Metadata Update Responder - * ATC Patient Audit Record Repository - * XDS Document Registry - * XCA Responding Gateway + * Assertion Provider + * ADR Provider + * PPQ Repository + * Metadata Update Responder + * ATC Patient Audit Record Repository + * XDS Document Registry + * XCA Responding Gateway * A library for TLS tests with SNI extension used to test authentication with this extension. -The following binaries are deployed in the Jboss7-2: /usr/local/jboss7-2/standalone/deployments directory. +The following binaries are deployed via docker: | __Application__ | __Binary name__ | __version__ | __Database__ | |-------------------------|---------------------------|-------------|-------------------------| | Demographic Data Server | DemographicDataServer.ear | 4.2.2 | demographic-data-server | -| EVS Client | EVSClient.ear | 5.12.1 | evs-client-prod -| Gazelle Webservice Tester | gazelle-websesrvice-tester.ear | 1.7.1 | gazelle-webservice-tester | -| Schematron Validator | SchematronValidator.ear | 2.5.0 | schematron-validator-prod | -| Authentication Simulator | authentication-simulator.ear | 0.1.2 | authentication-simulator | - - -The following binaries are deployed in Jboss 7-proxy server: /usr/local/jboss7-proxy/standalone/deployment/. - -| __Application__ | __Binary name__ | __version__ | __Database__ | -|------------------------|---------------------------|-------------|-----------------------| +| EVS Client | EVSClient.ear | 5.13.4 | evs-client-prod | +| Gazelle Webservice Tester | gazelle-websesrvice-tester.ear | 1.7.4 | gazelle-webservice-tester | +| Schematron Validator | SchematronValidator.ear | 2.5.0 | schematron-validator-prod | +| Authentication Simulator | authentication-simulator.ear | 0.1.2 | authentication-simulator | | Assertion manager Gui | AssertionManagerGui.ear | 4.1.0 | assertion-manager | -| Test Management | gazelle-tm.ear | 5.12.1 | gazelle | -| Patient Manager | PAMSimulator.ear | 9.11.7 | pam-simulator | +| Test Management | gazelle-tm.ear | 6.1.1 | gazelle | +| Patient Manager | PAMSimulator.ear | 9.15.2 | pam-simulator | | SVS Simulator | SVSSimulator.ear | 2.3.0 | svs-simulator | -| Gazelle HL7 Validator | GazelleHL7v2Validator.ear | 3.5.1 | gazelle-hl7-validator | -| Gazelle Security Suite | gazelle-gss.ear | 6.2.4 | gss | - -The following binaries are deployed in Jboss 7 server: /usr/local/jboss7/standalone/deployment/. - -| __Application__ | __Binary name__ | __version__ | __Database__ | -|------------------------|---------------------------|-------------|-----------------------| -| CDA Generator | CDAGenerator.ear | 2.2.1 | cda-generator | -| HPDSimulator | HPDSimulator.ear | 2.2.1 | hpd-simulator | -| XDStarClient | XDStarClient.ear | 2.5.4 | xdstar-client | -| IDP Adaptor | idp-adapter.ear | 0.1.1 | NO DB | - - -The following binaries are deployed in tomcat 8 server: /var/lib/tomcat8/webapps/ - -| __Application__ | __Binary name__ | __version__ | __Database__ | -|-----------------|----------------------|-------------|--------------| +| Gazelle HL7 Validator | GazelleHL7v2Validator.ear | 3.7.3 | gazelle-hl7-validator | +| Gazelle Security Suite | gazelle-gss.ear | 6.3.0 | gss | +| CDA Generator | CDAGenerator.ear | 2.2.2 | cda-generator | +| HPDSimulator | HPDSimulator.ear | 2.4.1 | hpd-simulator | +| XDStarClient | XDStarClient.ear | 2.5.8 | xdstar-client | +| IDP Adaptor | idp-adapter.ear | 0.1.1 | NO DB | | XDSTools7 | xdstools7.war | 7.2.8 | NO DB | | Apereo CAS | sso.war | | Connect to gazelle | +| Gazelle FHIR Validator | FhirValidator.ear | 3.0.3 | gazelle-fhir-validator | -The following binary is deployed in Wildfly 10 server: /usr/local/wildfly10/standalone/deployments +The following binary is deployed in Wildfly 14 server: /usr/local/wildfly10-fhirvalr4/standalone/deployments -| __Application__ | __Binary name__ | __version__ | __Database__ | -|-----------------|----------------------|-------------|--------------| -| Gazelle FHIR Validator | FhirValidator.ear | 3.0.3 | gazelle-fhir-validator | +| __Application__ | __Binary name__ | __version__ | __Database__ | +|---------------------------|----------------------|-------------|--------------| +| Gazelle FHIR Validator R4 | FhirValidator.ear | 4.1.6 | gazelle-fhir-validator | All the web services required by the applications are on the virtual machine. No access will be done to Gazelle’s servers. @@ -422,7 +406,9 @@ Clone the virtual machine of the reference environment. Start it Download the packaging scripts on the VM from the SVN repository : https://svn.ihe-europe.net/gazelle/scripts/vm-packaging/branches/CTS -`svn checkout https://svn.ihe-europe.net/gazelle/scripts/vm-packaging/branches/CTS packaging-scripts/` +``` +svn checkout https://svn.ihe-europe.net/gazelle/scripts/vm-packaging/branches/CTS packaging-scripts/ +``` There is two main scripts : - cleanup_data_for_distribution.sh : Delete all data not needed for the CTS @@ -432,7 +418,9 @@ Both need to be executed with root access (sudo). First, execute the clean up scripts : -`sudo ./cleanup_data_for_distribution.sh` +``` +sudo ./cleanup_data_for_distribution.sh +``` Before executing the second script, some parameters need to be updated. Open the update_for_distribution.sh and update the following properties : * BOX_NEW_URL= the url for the CTS VM @@ -448,4 +436,6 @@ The following properties should not be changed as they are the url of the refere Save the file, then execute update_for_distribution.sh with sudo : -`sudo ./update_for_distribution.sh` +``` +sudo ./update_for_distribution.sh +``` -- GitLab