昨天介紹過Dependency Track這套軟體,今天就讓我們一起去安裝這個好用的軟體吧!
首先我們可以到Dependency Track的網站中,查看一下發布頁面。
從上圖可以看得到Dependency Track基本由一個API Server跟一個Frontend的介面構成。而Dependency Track雖然提供了一個集成版本(整合了API Server跟Frontend),但是它並不推薦使用集成版本去安裝。而各版本亦提供了Docker版本的安裝方式。
因此,我們會使用Docker去進行完整的安裝。
首先進入Dependency Track的Docker安裝的頁面。
我們使用最推薦的方式,亦即是Docker Compose的方式進行安裝。
直接Copy官方提供的YAML檔案,然後儲存在本機中找個適合的地方儲存為docker-compose.yml。稍後我們會再對檔案進行修改,以令整個安裝更順利。
version: '3.7'
#####################################################
# This Docker Compose file contains two services
# Dependency-Track API Server
# Dependency-Track FrontEnd
#####################################################
volumes:
dependency-track:
services:
dtrack-apiserver:
image: dependencytrack/apiserver
# environment:
# The Dependency-Track container can be configured using any of the
# available configuration properties defined in:
# https://docs.dependencytrack.org/getting-started/configuration/
# All properties are upper case with periods replaced by underscores.
#
# Database Properties
# - ALPINE_DATABASE_MODE=external
# - ALPINE_DATABASE_URL=jdbc:postgresql://postgres10:5432/dtrack
# - ALPINE_DATABASE_DRIVER=org.postgresql.Driver
# - ALPINE_DATABASE_USERNAME=dtrack
# - ALPINE_DATABASE_PASSWORD=changeme
# - ALPINE_DATABASE_POOL_ENABLED=true
# - ALPINE_DATABASE_POOL_MAX_SIZE=20
# - ALPINE_DATABASE_POOL_MIN_IDLE=10
# - ALPINE_DATABASE_POOL_IDLE_TIMEOUT=300000
# - ALPINE_DATABASE_POOL_MAX_LIFETIME=600000
#
# Optional LDAP Properties
# - ALPINE_LDAP_ENABLED=true
# - ALPINE_LDAP_SERVER_URL=ldap://ldap.example.com:389
# - ALPINE_LDAP_BASEDN=dc=example,dc=com
# - ALPINE_LDAP_SECURITY_AUTH=simple
# - ALPINE_LDAP_BIND_USERNAME=
# - ALPINE_LDAP_BIND_PASSWORD=
# - ALPINE_LDAP_AUTH_USERNAME_FORMAT=%s@example.com
# - ALPINE_LDAP_ATTRIBUTE_NAME=userPrincipalName
# - ALPINE_LDAP_ATTRIBUTE_MAIL=mail
# - ALPINE_LDAP_GROUPS_FILTER=(&(objectClass=group)(objectCategory=Group))
# - ALPINE_LDAP_USER_GROUPS_FILTER=(member:1.2.840.113556.1.4.1941:={USER_DN})
# - ALPINE_LDAP_GROUPS_SEARCH_FILTER=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
# - ALPINE_LDAP_USERS_SEARCH_FILTER=(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))
# - ALPINE_LDAP_USER_PROVISIONING=false
# - ALPINE_LDAP_TEAM_SYNCHRONIZATION=false
#
# Optional OpenID Connect (OIDC) Properties
# - ALPINE_OIDC_ENABLED=true
# - ALPINE_OIDC_ISSUER=https://auth.example.com/auth/realms/example
# - ALPINE_OIDC_USERNAME_CLAIM=preferred_username
# - ALPINE_OIDC_TEAMS_CLAIM=groups
# - ALPINE_OIDC_USER_PROVISIONING=true
# - ALPINE_OIDC_TEAM_SYNCHRONIZATION=true
#
# Optional HTTP Proxy Settings
# - ALPINE_HTTP_PROXY_ADDRESS=proxy.example.com
# - ALPINE_HTTP_PROXY_PORT=8888
# - ALPINE_HTTP_PROXY_USERNAME=
# - ALPINE_HTTP_PROXY_PASSWORD=
# - ALPINE_NO_PROXY=
#
# Optional HTTP Outbound Connection Timeout Settings. All values are in seconds.
# - ALPINE_HTTP_TIMEOUT_CONNECTION=30
# - ALPINE_HTTP_TIMEOUT_SOCKET=30
# - ALPINE_HTTP_TIMEOUT_POOL=60
#
# Optional Cross-Origin Resource Sharing (CORS) Headers
# - ALPINE_CORS_ENABLED=true
# - ALPINE_CORS_ALLOW_ORIGIN=*
# - ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS
# - ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
# - ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
# - ALPINE_CORS_ALLOW_CREDENTIALS=true
# - ALPINE_CORS_MAX_AGE=3600
deploy:
resources:
limits:
memory: 12288m
reservations:
memory: 8192m
restart_policy:
condition: on-failure
ports:
- '8081:8080'
volumes:
- 'dependency-track:/data'
restart: unless-stopped
dtrack-frontend:
image: dependencytrack/frontend
depends_on:
- dtrack-apiserver
environment:
# The base URL of the API server.
# NOTE:
# * This URL must be reachable by the browsers of your users.
# * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
# * When deploying to dedicated servers, please use the external IP or domain of the API server.
- API_BASE_URL=http://localhost:8081
# - "OIDC_ISSUER="
# - "OIDC_CLIENT_ID="
# - "OIDC_SCOPE="
# - "OIDC_FLOW="
# - "OIDC_LOGIN_BUTTON_TEXT="
# volumes:
# - "/host/path/to/config.json:/app/static/config.json"
ports:
- "8080:8080"
restart: unless-stopped
由於Dependency Track需要利用一個Database去儲存資料,所以我們必須為Dependency的設定添加一個資料庫。為求方便,一般資源許可的情況下,我會直接在同一個Docker Compose中同時設定一個獨立的Database。今次我們就為這個Docker Compose加入PostgreSQL的資料庫。
在docker-compose.yml檔案中,找到services:,然後在下方加入以下的內容。
dtrack-pgsql:
container_name: dtrack-pgsql
environment:
- POSTGRES_USER=dtrack
- POSTGRES_PASSWORD=changeme
image: 'postgres:14.5'
volumes:
- 'dtrack-pgsql:/var/lib/postgresql/data'
記得要注意YAML檔案的縮排,後文不再提醒。
由於我們需要儲存資料庫中的資料,所以我們加入了一個Volume,因此我們亦需要找到volumes:的部份,然後在下方加入
dtrack-pgsql:
由於Dependency Track必須等待PostgreSQL準備好才可啟動,因此我們需要找到image: dependencytrack/apiserver。然後在下方加入。
depends_on:
- dtrack-pgsql
接著,我們要為Dependency Track設定資料庫的連接。
先找到dtrack-apiserver下的# environment:,然後刪除#號取消註解。
然後再找到以下一段。
# - ALPINE_DATABASE_MODE=external
# - ALPINE_DATABASE_URL=jdbc:postgresql://postgres10:5432/dtrack
# - ALPINE_DATABASE_DRIVER=org.postgresql.Driver
# - ALPINE_DATABASE_USERNAME=dtrack
# - ALPINE_DATABASE_PASSWORD=changeme
# - ALPINE_DATABASE_POOL_ENABLED=true
# - ALPINE_DATABASE_POOL_MAX_SIZE=20
# - ALPINE_DATABASE_POOL_MIN_IDLE=10
# - ALPINE_DATABASE_POOL_IDLE_TIMEOUT=300000
# - ALPINE_DATABASE_POOL_MAX_LIFETIME=600000
更改為以下的內容。
- ALPINE_DATABASE_MODE=external
- ALPINE_DATABASE_URL=jdbc:postgresql://dtrack-pgsql:5432/dtrack
- ALPINE_DATABASE_DRIVER=org.postgresql.Driver
- ALPINE_DATABASE_USERNAME=dtrack
- ALPINE_DATABASE_PASSWORD=changeme
- ALPINE_DATABASE_POOL_ENABLED=true
- ALPINE_DATABASE_POOL_MAX_SIZE=20
- ALPINE_DATABASE_POOL_MIN_IDLE=10
- ALPINE_DATABASE_POOL_IDLE_TIMEOUT=300000
- ALPINE_DATABASE_POOL_MAX_LIFETIME=600000
注意 ALPINE_DATABASE_URL的更改。
由於Jenkins已經占用了本機的8080 Port,所以我們亦要更改Dependency Track Frontend服務的Port。
先找到 8080:8080,然後修改為8082:8080。
最後,由於API服務跟Frontend各有獨立的網址。因此要取消CORS驗證才可以正常使用。
找到以下的內容。
# - ALPINE_CORS_ENABLED=true
# - ALPINE_CORS_ALLOW_ORIGIN=*
# - ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS
# - ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
# - ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
# - ALPINE_CORS_ALLOW_CREDENTIALS=true
# - ALPINE_CORS_MAX_AGE=3600
然後取消註解,變成以下內容。
- ALPINE_CORS_ENABLED=true
- ALPINE_CORS_ALLOW_ORIGIN=*
- ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS
- ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
- ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
- ALPINE_CORS_ALLOW_CREDENTIALS=true
- ALPINE_CORS_MAX_AGE=3600
完成後的docker-compose.yaml應該會像下面的檔案。
version: '3.7'
#####################################################
# This Docker Compose file contains two services
# Dependency-Track API Server
# Dependency-Track FrontEnd
#####################################################
volumes:
dependency-track:
dtrack-pgsql:
services:
dtrack-pgsql:
container_name: dtrack-pgsql
environment:
- POSTGRES_USER=dtrack
- POSTGRES_PASSWORD=changeme
image: 'postgres:14.5'
volumes:
- 'dtrack-pgsql:/var/lib/postgresql/data'
dtrack-apiserver:
image: dependencytrack/apiserver
depends_on:
- dtrack-pgsql
container_name: dtrack-apiserver
environment:
# The Dependency-Track container can be configured using any of the
# available configuration properties defined in:
# https://docs.dependencytrack.org/getting-started/configuration/
# All properties are upper case with periods replaced by underscores.
#
# Database Properties
- ALPINE_DATABASE_MODE=external
- ALPINE_DATABASE_URL=jdbc:postgresql://dtrack-pgsql:5432/dtrack
- ALPINE_DATABASE_DRIVER=org.postgresql.Driver
- ALPINE_DATABASE_USERNAME=dtrack
- ALPINE_DATABASE_PASSWORD=changeme
- ALPINE_DATABASE_POOL_ENABLED=true
- ALPINE_DATABASE_POOL_MAX_SIZE=20
- ALPINE_DATABASE_POOL_MIN_IDLE=10
- ALPINE_DATABASE_POOL_IDLE_TIMEOUT=300000
- ALPINE_DATABASE_POOL_MAX_LIFETIME=600000
#
# Optional LDAP Properties
# - ALPINE_LDAP_ENABLED=true
# - ALPINE_LDAP_SERVER_URL=ldap://ldap.example.com:389
# - ALPINE_LDAP_BASEDN=dc=example,dc=com
# - ALPINE_LDAP_SECURITY_AUTH=simple
# - ALPINE_LDAP_BIND_USERNAME=
# - ALPINE_LDAP_BIND_PASSWORD=
# - ALPINE_LDAP_AUTH_USERNAME_FORMAT=%s@example.com
# - ALPINE_LDAP_ATTRIBUTE_NAME=userPrincipalName
# - ALPINE_LDAP_ATTRIBUTE_MAIL=mail
# - ALPINE_LDAP_GROUPS_FILTER=(&(objectClass=group)(objectCategory=Group))
# - ALPINE_LDAP_USER_GROUPS_FILTER=(member:1.2.840.113556.1.4.1941:={USER_DN})
# - ALPINE_LDAP_GROUPS_SEARCH_FILTER=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
# - ALPINE_LDAP_USERS_SEARCH_FILTER=(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))
# - ALPINE_LDAP_USER_PROVISIONING=false
# - ALPINE_LDAP_TEAM_SYNCHRONIZATION=false
#
# Optional OpenID Connect (OIDC) Properties
# - ALPINE_OIDC_ENABLED=true
# - ALPINE_OIDC_ISSUER=https://auth.example.com/auth/realms/example
# - ALPINE_OIDC_USERNAME_CLAIM=preferred_username
# - ALPINE_OIDC_TEAMS_CLAIM=groups
# - ALPINE_OIDC_USER_PROVISIONING=true
# - ALPINE_OIDC_TEAM_SYNCHRONIZATION=true
#
# Optional HTTP Proxy Settings
# - ALPINE_HTTP_PROXY_ADDRESS=proxy.example.com
# - ALPINE_HTTP_PROXY_PORT=8888
# - ALPINE_HTTP_PROXY_USERNAME=
# - ALPINE_HTTP_PROXY_PASSWORD=
# - ALPINE_NO_PROXY=
#
# Optional HTTP Outbound Connection Timeout Settings. All values are in seconds.
# - ALPINE_HTTP_TIMEOUT_CONNECTION=30
# - ALPINE_HTTP_TIMEOUT_SOCKET=30
# - ALPINE_HTTP_TIMEOUT_POOL=60
#
# Optional Cross-Origin Resource Sharing (CORS) Headers
- ALPINE_CORS_ENABLED=true
- ALPINE_CORS_ALLOW_ORIGIN=*
- ALPINE_CORS_ALLOW_METHODS=GET, POST, PUT, DELETE, OPTIONS
- ALPINE_CORS_ALLOW_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
- ALPINE_CORS_EXPOSE_HEADERS=Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
- ALPINE_CORS_ALLOW_CREDENTIALS=true
- ALPINE_CORS_MAX_AGE=3600
deploy:
resources:
limits:
memory: 12288m
reservations:
memory: 8192m
restart_policy:
condition: on-failure
ports:
- '8081:8080'
volumes:
- 'dependency-track:/data'
restart: unless-stopped
dtrack-frontend:
image: dependencytrack/frontend
container_name: dtrack-frontend
depends_on:
- dtrack-apiserver
environment:
# The base URL of the API server.
# NOTE:
# * This URL must be reachable by the browsers of your users.
# * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
# * When deploying to dedicated servers, please use the external IP or domain of the API server.
- API_BASE_URL=http://localhost:8081
# - "OIDC_ISSUER="
# - "OIDC_CLIENT_ID="
# - "OIDC_SCOPE="
# - "OIDC_FLOW="
# - "OIDC_LOGIN_BUTTON_TEXT="
# volumes:
# - "/host/path/to/config.json:/app/static/config.json"
ports:
- "8082:8080"
restart: unless-stopped
然後在Terminal中進入docker-compose.yml檔案的位置,然後運行以下指令。
docker-compose up -d
如果運行成功,應該會看到如下的畫面。
Starting dtrack-pgsql ... done
Starting dtrack-apiserver ... done
Starting dtrack-frontend ... done
接著我們到http://localhost:8082看看,如果能夠看到以下畫面就代表啟動成功。
在Username及Password中輸入admin登入。
第一次登錄時,需要修改Password。
修改成功後,用新密碼登入。應該可以看到Dashboard的畫面。
Dependency Track的安裝有點複雜,今天先講解安裝的流程及當中的注意事項。明天,我們將會一起學習如何使用它。
由於太晚才準備鐵人賽,有點卡文了。但是又不想整個系列的質量下降,接下來幾天可能要爆肝了(哭...)。可以的話給點Like跟訂閱支持一下吧。
iThome鐵人賽
看影片追技術