sw360 / sw360chores

WARNING - Work in Progress - It is not Bug Free! Use with Caution. This repository contains Dockerfiles and accompanying scripts that allow deployment of sw360 via docker
Eclipse Public License 1.0
13 stars 18 forks source link

Running SW360 with Fossology and CVE search #49

Open wake-0 opened 6 years ago

wake-0 commented 6 years ago

Hello all,

I want to run SW360 together with Fossology and CVE search is this possible with the existing docker image? Where should the Fossology configuration be done? - I assume in the configuration.yml but in the wiki entry the /backend/src/src-fossology/src/main/resources/fossology.properties file is referenced. Furthermore, my SW360 portal tabs (Components, Licences, ECC, etc.) are empty - should they all be empty as long as no connection with Fossology is established?

What I have already done:

Thanks in advance!

maxhbr commented 6 years ago

I want to run SW360 together with Fossology and CVE search is this possible with the existing docker image? Where should the Fossology configuration be done?

Furthermore, my SW360 portal tabs (Components, Licences, ECC, etc.) are empty - should they all be empty as long as no connection with Fossology is established?

Yes, you start with an empty DB. But even with a fossology connection you will not get data. We use that connection only to send artifacts from SW360 to FOSSology to initiate a scan. We do not fetch data from FOSSology.

But since we have a REST interface, one could use that to write data from other services to SW360

maxhbr commented 6 years ago
  • Fossology running in an own docker container

I think that the docker containers of FOSSology by default have no SSH installed and thus can not be connected to SW360

wake-0 commented 6 years ago

Thanks for the quick response! For the ssh connection with the FOSSology container i use docker-ssh.

I have watched the talk from Mr. Kristan on youtube. The SW360 demo within the talk contains a lot of functionality like adding a new project to SW360, managing licences, etc., is this part of this docker image or is this added by the REST interface?

I cloned this repository and called the perl script with the following parameters ./sw360chores.pl --build -- up. Afterwards I followed the Deploy Liferay wiki entry and added frontend/configuration/public_pages.lar and frontend/configuration/private_pages.lar. The result of this procedure is the following:

screenshot from 2018-04-24 04-54-20 screenshot from 2018-04-24 04-54-38

maxhbr commented 6 years ago

[...] is this part of this docker image or is this added by the REST interface?

sure, this is part of the SW360 application, REST is only an addition if one wants to import lots of data from another system.

I cloned this repository and called the perl script with [...]

It looks like that you have not yet deployed SW360 itself. Between the ... -- up command and the next steps you should place the compiled wars of SW360 in the _deploy folder. They will be fetched and extracted by the Tomcat.

To get the wars, compile [1]. You can compile and move the war files by maven itself via the following commands:

$ cd sw360
$ mvn install -P deploy -Ddeploy.dir=/ABSOLUTE/PATH/TO/sw360chores/_deploy -DskipTests

[1] https://github.com/eclipse/sw360

maxhbr commented 6 years ago

I have created https://github.com/sw360/sw360chores/pull/50 which will hopefully clearify that part.

wake-0 commented 6 years ago

Thanks for creating the new commit, this will improve the documentation a lot.

Actually I have deployed the SW360 war files and the Liferay infrastructure has changed the design. Furthermore, some functionality was added.

I tried to import users of the /sw360chores/miscellaneous/test_users_with_passwords_12345.csv but I have not found the explained task 11. If this was successful we can go to: Private Pages -> users of the wiki.

screenshot from 2018-04-24 09-28-31

maxhbr commented 6 years ago

You need to import the lar files again (e.g. they have to be imported after the war's are deployed). You might have to start from scratch.

wake-0 commented 6 years ago

The lar files were imported before the .war files were deployed and afterwards I reimported the .lar files. Do you mean I should create a complete new docker container, because I imported the lar files before the war files once?

maxhbr commented 6 years ago

Yes, it might help

wake-0 commented 6 years ago

I created a completely new docker container and did the whole Liferay-Deploy wiki. In the end I found the import users button inside the public pages. Now I will try to connect to a FOSSology docker container.

maxhbr commented 6 years ago

[...] inside the public pages. [...]

you might have imported the private pages as public pages?

wake-0 commented 6 years ago

yeah you were right, I imported the private pages into the public pages ...

wake-0 commented 6 years ago

I tried running SW360 and FOSSology together but an exception appears.

General Structure: I use the FOSSology docker container and the docker container from jeroenpeeters to enable ssh access to the docker container. For test purpose I used the following command and it worked: ssh -p 2222 sw360@localhost -i id_rsa. Unfortunately it does not work, when I use the same configuration with sw360. Furthermore, I set the JSch.setConfig("StrictHostKeyChecking", "no"); in the JSchSessionProvider.java class and build the war files afterwards.

The appeared exception message is not very detailed, do you have any hints?

Exception:

2018-04-30 18:22:34 ERROR JSchSessionProvider:118 - cannot connect to fossology server: sw360@[localhost]:[2222] com.jcraft.jsch.JSchException: java.net.ConnectException: Connection refused (Connection refused) at com.jcraft.jsch.Session.connect(Session.java:215) at org.eclipse.sw360.fossology.ssh.JSchSessionProvider.doGetSession(JSchSessionProvider.java:114) at org.eclipse.sw360.fossology.ssh.JSchSessionProvider.getSession(JSchSessionProvider.java:92) at org.eclipse.sw360.fossology.ssh.FossologySshConnector.runInFossologyViaSsh(FossologySshConnector.java:80) at org.eclipse.sw360.fossology.ssh.FossologyUploader.copyToFossology(FossologyUploader.java:156) at org.eclipse.sw360.fossology.handler.FossologyScriptsHandler.deployScripts(FossologyScriptsHandler.java:59)

maxhbr commented 6 years ago

I think that the hostname localhost is wrong. From the viewpoint of the sw360 container the ssh is on another server. Maybe add the hostname of the ssh container there.