Child pages
  • Atlas 3.1 Project
Skip to end of metadata
Go to start of metadata
Primary Mentor

Backup Mentor

TBD
Assigned toTBD

Background

The OpenMRS Atlas provides a voluntary registry of OpenMRS implementations all over the world. The server code was written using PHP and has been adapted a few times over the past decade. During GSoC 2016, a new version of the Atlas server code was written in nodejs as the Atlas 3.0 Project, but this new, node-based server code was never fully deployed. During 2017, the OpenMRS infrastructure was migrated and updated so all services are deployed using Docker and single-signon was switched to use LDAP. As a result, some of the functionality of the PHP-based Atlas has been lost.

Purpose

The goal of this project is to address the remaining tasks to bring the node-based OpenMRS Atlas into production. This will include some code changes, some additional features (e.g., LDAP support), and dockerizing the application.

Required Skills

  • Nodejs
  • Ability to write and refactor a REST API
  • Basic Javascript and HTML

Objectives

  • Add LDAP support for OpenMRS ID

  • Dockerize the application
  • All features, including basic administrative functions should be performed through REST API calls
  • Support downloadable images (help users create an image for a slide deck without creating a burden on the server)

  • Refactor marker images to be uploaded (confirm type, limit size) so they can be served securely

  • Prevent javascript injections (including when displaying user-uploaded images)

Extra Credit

Resources


Infrastructure provided

  • Staging LDAP with users in both atlas-user and atlas-admin groups
  • Staging server (docker host)
  • Bamboo pipeline deploying image to docker hub AND docker image to staging server
  • LDAP credentials
  • SMTP credentials
  • S3 bucket to store - and serve - images (if desired)
  • Backup with current data (atlas 2.1)


6 Comments

  1. While I cannot be a 'full' mentor (on nodejs and rest api), I can certainly help with any infra questions (docker, deployment, CI, testing servers, requirements). I'd love to get Atlas to 3.1 deployed.

  2. About ldap.

    Atlas 2.0 (the prod one in atlas.openmrs.org) was using some sort of SSO with id.openmrs.org . Instead of fixing it, I'd like login to go straight from ldap for both authentication and authorization.

    Atlas 2.0 is in:
    https://github.com/openmrs/openmrs-contrib-ansible-docker-compose/tree/master/files/atlas

    LDAP is in:
    https://github.com/openmrs/openmrs-contrib-ansible-docker-compose/tree/master/files/ldap

    Both should be runnable locally.


    Atlas 3.1 needs to be deployed on the same way.

    Our ldap server is not accessible from outside our infrastructure, but I'm happy to create a new machine for you to deploy Atlas 3.1 and a copy of our LDAP. I can create them, but I need to know one or two weeks before hand.

    I don't really know much about the schema we have for ldap, but this page is supposed to make sense:
    https://wiki.openmrs.org/display/ISM/OpenMRS+ID+LDAP+Explained

    And I have these configs on crowd (some sort of intermediate between jira/confluence and ldap):



    I do assume there will be two types of users in atlas: one that can only edit/delete their own location, and admin one that can edit or delete any location. Admins should be part of ldap group 'atlas-admin'. But that would be extra (big grin)

  3. I'm creating a VM named 'ruiru' to be a copy of our ldap. Docker configuration will be identical to prod (https://github.com/openmrs/openmrs-contrib-ansible-docker-compose/tree/master/files/ldap), and I will be copying the data from prod soon.

    I'm also creating another VM for atlas-stg, named 'kisumu'. The docker configuration comes from: https://github.com/openmrs/openmrs-contrib-ansible-docker-compose/tree/master/files/atlas-stg  . The student selected will have ssh access to this machine.

    I will organise the docker repository, tag and build as soon as there's a git repository ready. So any commit to the master of your repository will be automatically deployed to the staging server.

    LDAP will only be accessible from kisumu machine, but you should be able to run it locally (without tls, though).


    https://docs.openmrs.org/infrastructure/vms.html



  4. So connectivity between kisumu and ruiru should be correct.

    root@kisumu:~# telnet ldap-stg.openmrs.org 636
    Trying 129.114.104.137...
    Connected to ruiru.openmrs.org.
    Escape character is '^]'.
    ^CConnection closed by foreign host.


    Atlas-stg has now variables for SMTP and LDAP. The docker-compose has to be changed to take advantage of that. I suppose you want to change the port and the healthcheck as soon as the new image is available.


    I added atlas system account and atlas ldap groups there.

     Click here to expand...

    dn: uid=atlas,ou=system,dc=openmrs,dc=org

    objectClass: account

    objectClass: simpleSecurityObject

    description: OpenMRS Atlas system account

    uid: atlas

    userPassword:: <base64>


    dn: cn=atlas-users,ou=groups,dc=openmrs,dc=org

    description: Atlas Users

    objectClass: groupOfNames

    cn: atlas-users

    member: uid=cintiadr,ou=users,dc=openmrs,dc=org

    member: uid=agbilotia1998,ou=users,dc=openmrs,dc=org

    member: uid=burke,ou=users,dc=openmrs,dc=org

    member: uid=pascal,ou=users,dc=openmrs,dc=org


    dn: cn=atlas-administrators,ou=groups,dc=openmrs,dc=org

    description: Atlas Administrators

    objectClass: groupOfNames

    cn: atlas-administrators

    member: uid=cintiadr,ou=users,dc=openmrs,dc=org

    member: uid=agbilotia1998,ou=users,dc=openmrs,dc=org

    member: uid=burke,ou=users,dc=openmrs,dc=org

    member: uid=pascal,ou=users,dc=openmrs,dc=org


    And it appears to be working:

     Click here to expand...
    # ldapwhoami -x -D "uid=atlas,ou=system,dc=openmrs,dc=org" -W
    Enter LDAP Password:
    dn:uid=atlas,ou=system,dc=openmrs,dc=org
    
    # ldapsearch -LLL -D "uid=atlas,ou=system,dc=openmrs,dc=org" -W -b "cn=atlas-administrators,ou=groups,dc=openmrs,dc=org"
    Enter LDAP Password:
    dn: cn=atlas-administrators,ou=groups,dc=openmrs,dc=org
    description: Atlas Administrators
    objectClass: groupOfNames
    cn: atlas-administrators
    member: uid=cintiadr,ou=users,dc=openmrs,dc=org
    member: uid=agbilotia1998,ou=users,dc=openmrs,dc=org
    member: uid=burke,ou=users,dc=openmrs,dc=org
    member: uid=pascal,ou=users,dc=openmrs,dc=org
    
    # ldapsearch -LLL -D "uid=atlas,ou=system,dc=openmrs,dc=org" -W -b "cn=atlas-users,ou=groups,dc=openmrs,dc=org"
    Enter LDAP Password:
    dn: cn=atlas-users,ou=groups,dc=openmrs,dc=org
    description: Atlas Users
    objectClass: groupOfNames
    cn: atlas-users
    member: uid=cintiadr,ou=users,dc=openmrs,dc=org
    member: uid=agbilotia1998,ou=users,dc=openmrs,dc=org
    member: uid=burke,ou=users,dc=openmrs,dc=org
    member: uid=pascal,ou=users,dc=openmrs,dc=org



    I could create an S3 bucket and creds if desired.

    But until the dockerfile is available for atlas 3.1 with changes to docker-compose file, I don't think there's anything else for me to do.

  5. I moved the external repository (with the node code) to the branch 3.x on the same repository.

    Don't worry, my git-fu is strong enough to be cool with that, and history wasn't and won't be lost. When we decide to do the cut over, we'll use git reset --hard in master, and everything will be fine.