Running SW360 with Fossology and CVE search

[wake-0]

Hello all,

I want to run SW360 together with Fossology and CVE search is this possible with the existing docker image? Where should the Fossology configuration be done? - I assume in the configuration.yml but in the wiki entry the /backend/src/src-fossology/src/main/resources/fossology.properties file is referenced. Furthermore, my SW360 portal tabs (Components, Licences, ECC, etc.) are empty - should they all be empty as long as no connection with Fossology is established?

What I have already done:

• Fossology running in an own docker container
• the perl script for the sw360chores started which runs also docker containers with the described components.
• followed the Liferay deploy wiki entry
• started following the Fossology deploy wiki entry

Thanks in advance!

[maxhbr]

I want to run SW360 together with Fossology and CVE search is this possible with the existing docker image? Where should the Fossology configuration be done?

• To start SW360 with CVE search you simply have to add --cve-search to the perl wrapper, e.g. always call ./sw360chores.pl --cve-search ..... This will create the servers and add the necessary configuration.
• To connect SW360 to FOSSology you have to create a SSH keypair on the fossology instance and add it to the env variables FOSSOLOGY_KEY_PRIV and FOSSOLOGY_KEY_PUB in configuration.yml. The commented out values currently contain the public unsafe keypair from fossology. You also have to setFOSSOLOGY_HOSTandFOSSOLOGY_PORTas well. On docker startup we use the values fromconfiguration.ymlto generate thefossology.properties`. After startup one has to follow the instructions of the wiki for FOSSology connection.

Furthermore, my SW360 portal tabs (Components, Licences, ECC, etc.) are empty - should they all be empty as long as no connection with Fossology is established?

Yes, you start with an empty DB. But even with a fossology connection you will not get data. We use that connection only to send artifacts from SW360 to FOSSology to initiate a scan. We do not fetch data from FOSSology.

But since we have a REST interface, one could use that to write data from other services to SW360

[maxhbr]

• Fossology running in an own docker container

I think that the docker containers of FOSSology by default have no SSH installed and thus can not be connected to SW360

[wake-0]

Thanks for the quick response! For the ssh connection with the FOSSology container i use docker-ssh.

I have watched the talk from Mr. Kristan on youtube. The SW360 demo within the talk contains a lot of functionality like adding a new project to SW360, managing licences, etc., is this part of this docker image or is this added by the REST interface?

I cloned this repository and called the perl script with the following parameters ./sw360chores.pl --build -- up. Afterwards I followed the Deploy Liferay wiki entry and added frontend/configuration/public_pages.lar and frontend/configuration/private_pages.lar. The result of this procedure is the following:

[maxhbr]

[...] is this part of this docker image or is this added by the REST interface?

sure, this is part of the SW360 application, REST is only an addition if one wants to import lots of data from another system.

I cloned this repository and called the perl script with [...]

It looks like that you have not yet deployed SW360 itself. Between the ... -- up command and the next steps you should place the compiled wars of SW360 in the _deploy folder. They will be fetched and extracted by the Tomcat.

To get the wars, compile [1]. You can compile and move the war files by maven itself via the following commands:

$ cd sw360
$ mvn install -P deploy -Ddeploy.dir=/ABSOLUTE/PATH/TO/sw360chores/_deploy -DskipTests

[1] https://github.com/eclipse/sw360

[maxhbr]

I have created https://github.com/sw360/sw360chores/pull/50 which will hopefully clearify that part.

[wake-0]

Thanks for creating the new commit, this will improve the documentation a lot.

Actually I have deployed the SW360 war files and the Liferay infrastructure has changed the design. Furthermore, some functionality was added.

I tried to import users of the /sw360chores/miscellaneous/test_users_with_passwords_12345.csv but I have not found the explained task 11. If this was successful we can go to: Private Pages -> users of the wiki.

[maxhbr]

You need to import the lar files again (e.g. they have to be imported after the war's are deployed). You might have to start from scratch.

[wake-0]

The lar files were imported before the .war files were deployed and afterwards I reimported the .lar files. Do you mean I should create a complete new docker container, because I imported the lar files before the war files once?

[maxhbr]

Yes, it might help

[wake-0]

I created a completely new docker container and did the whole Liferay-Deploy wiki. In the end I found the import users button inside the public pages. Now I will try to connect to a FOSSology docker container.

[maxhbr]

[...] inside the public pages. [...]

you might have imported the private pages as public pages?

[wake-0]

yeah you were right, I imported the private pages into the public pages ...

[wake-0]

I tried running SW360 and FOSSology together but an exception appears.

General Structure: I use the FOSSology docker container and the docker container from jeroenpeeters to enable ssh access to the docker container. For test purpose I used the following command and it worked: ssh -p 2222 sw360@localhost -i id_rsa. Unfortunately it does not work, when I use the same configuration with sw360. Furthermore, I set the JSch.setConfig("StrictHostKeyChecking", "no"); in the JSchSessionProvider.java class and build the war files afterwards.

The appeared exception message is not very detailed, do you have any hints?

Exception:

2018-04-30 18:22:34 ERROR JSchSessionProvider:118 - cannot connect to fossology server: sw360@[localhost]:[2222] com.jcraft.jsch.JSchException: java.net.ConnectException: Connection refused (Connection refused) at com.jcraft.jsch.Session.connect(Session.java:215) at org.eclipse.sw360.fossology.ssh.JSchSessionProvider.doGetSession(JSchSessionProvider.java:114) at org.eclipse.sw360.fossology.ssh.JSchSessionProvider.getSession(JSchSessionProvider.java:92) at org.eclipse.sw360.fossology.ssh.FossologySshConnector.runInFossologyViaSsh(FossologySshConnector.java:80) at org.eclipse.sw360.fossology.ssh.FossologyUploader.copyToFossology(FossologyUploader.java:156) at org.eclipse.sw360.fossology.handler.FossologyScriptsHandler.deployScripts(FossologyScriptsHandler.java:59)

[maxhbr]

I think that the hostname localhost is wrong. From the viewpoint of the sw360 container the ssh is on another server. Maybe add the hostname of the ssh container there.