apunkt/trustgraph
1
0
Fork 0
mirror of https://github.com/trustgraph-ai/trustgraph.git synced 2026-04-25 08:26:21 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
trustgraph/docs/cli/tg-init-pulsar-manager.md

452 lines
11 KiB
Markdown
Raw Normal View History

Update docs for API/CLI changes in 1.0 (#420) * Update some API basics for the 0.23/1.0 API change
2025-07-03 14:58:29 +01:00
# tg-init-pulsar-manager
Initializes Pulsar Manager with default superuser credentials for TrustGraph.
## Synopsis
```bash
tg-init-pulsar-manager
```
## Description
The `tg-init-pulsar-manager` command is a setup utility that creates a default superuser account in Pulsar Manager. This is typically run once during initial TrustGraph deployment to establish administrative access to the Pulsar message queue management interface.
The command configures a superuser with predefined credentials that can be used to access the Pulsar Manager web interface for monitoring and managing Pulsar topics, namespaces, and tenants.
## Default Configuration
The command creates a superuser with these default credentials:
- **Username**: `admin`
- **Password**: `apachepulsar`
- **Description**: `test`
- **Email**: `username@test.org`
## Prerequisites
### Pulsar Manager Service
Pulsar Manager must be running and accessible at `http://localhost:7750` before running this command.
### Network Connectivity
The command requires network access to the Pulsar Manager API endpoint.
## Examples
### Basic Initialization
```bash
tg-init-pulsar-manager
```
### Verify Initialization
```bash
# Run the initialization
tg-init-pulsar-manager
# Check if Pulsar Manager is accessible
curl -s http://localhost:7750/pulsar-manager/ | grep -q "Pulsar Manager"
echo "Pulsar Manager status: $?"
```
### Integration with Setup Scripts
```bash
#!/bin/bash
# setup-trustgraph.sh
echo "Setting up TrustGraph infrastructure..."
# Wait for Pulsar Manager to be ready
echo "Waiting for Pulsar Manager..."
while ! curl -s http://localhost:7750/pulsar-manager/ > /dev/null; do
echo " Waiting for Pulsar Manager to start..."
sleep 5
done
# Initialize Pulsar Manager
echo "Initializing Pulsar Manager..."
tg-init-pulsar-manager
if [ $? -eq 0 ]; then
echo "✓ Pulsar Manager initialized successfully"
echo " You can access it at: http://localhost:7750/pulsar-manager/"
echo " Username: admin"
echo " Password: apachepulsar"
else
echo "✗ Failed to initialize Pulsar Manager"
exit 1
fi
```
## What It Does
The command performs the following operations:
1. **Retrieves CSRF Token**: Gets a CSRF token from Pulsar Manager for secure API access
2. **Creates Superuser**: Makes an authenticated API call to create the superuser account
3. **Sets Permissions**: Configures the user with administrative privileges
### HTTP Operations
```bash
# Equivalent manual operations:
CSRF_TOKEN=$(curl http://localhost:7750/pulsar-manager/csrf-token)
curl \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \
-H 'Content-Type: application/json' \
-X PUT \
http://localhost:7750/pulsar-manager/users/superuser \
-d '{"name": "admin", "password": "apachepulsar", "description": "test", "email": "username@test.org"}'
```
## Use Cases
### Initial Deployment
```bash
# Part of TrustGraph deployment sequence
deploy_trustgraph() {
echo "Deploying TrustGraph..."
# Start services
docker-compose up -d pulsar pulsar-manager
# Wait for services
wait_for_service "http://localhost:7750/pulsar-manager/" "Pulsar Manager"
wait_for_service "http://localhost:8080/admin/v2/clusters" "Pulsar"
# Initialize Pulsar Manager
echo "Initializing Pulsar Manager..."
tg-init-pulsar-manager
# Initialize TrustGraph
echo "Initializing TrustGraph..."
tg-init-trustgraph
echo "Deployment complete!"
}
```
### Development Environment Setup
```bash
# Development setup script
setup_dev_environment() {
echo "Setting up development environment..."
# Start local services
docker-compose -f docker-compose.dev.yml up -d
# Wait for readiness
echo "Waiting for services to start..."
sleep 30
# Initialize components
tg-init-pulsar-manager
tg-init-trustgraph
echo "Development environment ready!"
echo "Pulsar Manager: http://localhost:7750/pulsar-manager/"
echo "Credentials: admin / apachepulsar"
}
```
### CI/CD Integration
```bash
# Integration testing setup
setup_test_environment() {
local timeout=300 # 5 minutes
local elapsed=0
echo "Setting up test environment..."
# Start services
docker-compose up -d --wait
# Wait for Pulsar Manager
while ! curl -s http://localhost:7750/pulsar-manager/ > /dev/null; do
if [ $elapsed -ge $timeout ]; then
echo "Timeout waiting for Pulsar Manager"
return 1
fi
sleep 5
elapsed=$((elapsed + 5))
done
# Initialize
if tg-init-pulsar-manager; then
echo "✓ Test environment ready"
else
echo "✗ Failed to initialize test environment"
return 1
fi
}
```
## Docker Integration
### Docker Compose Setup
```yaml
# docker-compose.yml
version: '3.8'
services:
pulsar:
image: apachepulsar/pulsar:latest
ports:
- "6650:6650"
- "8080:8080"
command: bin/pulsar standalone
pulsar-manager:
image: apachepulsar/pulsar-manager:latest
ports:
- "7750:7750"
depends_on:
- pulsar
environment:
SPRING_CONFIGURATION_FILE: /pulsar-manager/pulsar-manager/application.properties
trustgraph-init:
image: trustgraph/cli:latest
depends_on:
- pulsar-manager
command: >
sh -c "
sleep 30 &&
tg-init-pulsar-manager &&
tg-init-trustgraph
"
```
### Kubernetes Setup
```yaml
# k8s-init-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: trustgraph-init
spec:
template:
spec:
containers:
- name: init
image: trustgraph/cli:latest
command:
- sh
- -c
- |
echo "Waiting for Pulsar Manager..."
while ! curl -s http://pulsar-manager:7750/pulsar-manager/; do
sleep 5
done
echo "Initializing Pulsar Manager..."
tg-init-pulsar-manager
echo "Initializing TrustGraph..."
tg-init-trustgraph
env:
- name: PULSAR_MANAGER_URL
value: "http://pulsar-manager:7750"
restartPolicy: Never
```
## Error Handling
### Connection Refused
```bash
curl: (7) Failed to connect to localhost port 7750: Connection refused
```
**Solution**: Ensure Pulsar Manager is running and accessible on port 7750.
### CSRF Token Issues
```bash
curl: (22) The requested URL returned error: 403 Forbidden
```
**Solution**: The CSRF token mechanism may have changed. Check Pulsar Manager API documentation.
### User Already Exists
```bash
HTTP 409 Conflict - User already exists
```
**Solution**: This is expected on subsequent runs. The superuser is already created.
### Network Issues
```bash
curl: (28) Operation timed out
```
**Solution**: Check network connectivity and firewall settings.
## Security Considerations
### Default Credentials
The command uses default credentials that should be changed in production:
```bash
# After initialization, change the password via Pulsar Manager UI
# Or use the API to update credentials
change_admin_password() {
local new_password="$1"
# Login to get session
session=$(curl -s -c cookies.txt \
-d "username=admin&password=apachepulsar" \
http://localhost:7750/pulsar-manager/login)
# Update password
curl -s -b cookies.txt \
-H "Content-Type: application/json" \
-X PUT \
-d "{\"password\": \"$new_password\"}" \
http://localhost:7750/pulsar-manager/users/admin
rm cookies.txt
}
```
### Access Control
```bash
# Restrict access to Pulsar Manager in production
configure_security() {
echo "Configuring Pulsar Manager security..."
# Change default password
change_admin_password "$(openssl rand -base64 32)"
# Configure firewall rules (example)
# iptables -A INPUT -p tcp --dport 7750 -s 10.0.0.0/8 -j ACCEPT
# iptables -A INPUT -p tcp --dport 7750 -j DROP
echo "Security configuration complete"
}
```
## Advanced Usage
### Custom Configuration
```bash
# Create custom initialization script
create_custom_init() {
cat > custom-pulsar-manager-init.sh << 'EOF'
#!/bin/bash
PULSAR_MANAGER_URL=${PULSAR_MANAGER_URL:-http://localhost:7750}
ADMIN_USER=${ADMIN_USER:-admin}
ADMIN_PASS=${ADMIN_PASS:-$(openssl rand -base64 16)}
ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
echo "Initializing Pulsar Manager at: $PULSAR_MANAGER_URL"
# Get CSRF token
CSRF_TOKEN=$(curl -s "$PULSAR_MANAGER_URL/pulsar-manager/csrf-token")
if [ -z "$CSRF_TOKEN" ]; then
echo "Failed to get CSRF token"
exit 1
fi
# Create superuser
response=$(curl -s -w "%{http_code}" \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \
-H 'Content-Type: application/json' \
-X PUT \
"$PULSAR_MANAGER_URL/pulsar-manager/users/superuser" \
-d "{\"name\": \"$ADMIN_USER\", \"password\": \"$ADMIN_PASS\", \"description\": \"Admin user\", \"email\": \"$ADMIN_EMAIL\"}")
http_code="${response: -3}"
if [ "$http_code" = "200" ] || [ "$http_code" = "409" ]; then
echo "Pulsar Manager initialized successfully"
echo "Username: $ADMIN_USER"
echo "Password: $ADMIN_PASS"
else
echo "Failed to initialize Pulsar Manager (HTTP $http_code)"
exit 1
fi
EOF
chmod +x custom-pulsar-manager-init.sh
}
```
### Health Checks
```bash
# Health check script
check_pulsar_manager() {
local max_attempts=30
local attempt=1
echo "Checking Pulsar Manager health..."
while [ $attempt -le $max_attempts ]; do
if curl -s http://localhost:7750/pulsar-manager/ > /dev/null; then
echo "✓ Pulsar Manager is healthy"
return 0
fi
echo "Attempt $attempt/$max_attempts - Pulsar Manager not ready"
sleep 5
attempt=$((attempt + 1))
done
echo "✗ Pulsar Manager health check failed"
return 1
}
# Use in deployment scripts
if check_pulsar_manager; then
tg-init-pulsar-manager
else
echo "Cannot initialize Pulsar Manager - service not healthy"
exit 1
fi
```
## Related Commands
- [`tg-init-trustgraph`](tg-init-trustgraph.md) - Initialize TrustGraph with Pulsar configuration
- [`tg-show-config`](tg-show-config.md) - Display current TrustGraph configuration
## Integration Points
### Pulsar Manager UI
After initialization, access the web interface at:
- **URL**: `http://localhost:7750/pulsar-manager/`
- **Username**: `admin`
- **Password**: `apachepulsar`
### TrustGraph Integration
This command is typically run before `tg-init-trustgraph` as part of the complete TrustGraph setup process.
## Best Practices
1. **Run Once**: Only run during initial setup - subsequent runs are harmless but unnecessary
2. **Change Defaults**: Change default credentials in production environments
3. **Network Security**: Restrict access to Pulsar Manager in production
4. **Health Checks**: Always verify Pulsar Manager is running before initialization
5. **Automation**: Include in deployment automation scripts
6. **Documentation**: Document custom credentials for operations teams
## Troubleshooting
### Service Not Ready
```bash
# Check if Pulsar Manager is running
docker ps | grep pulsar-manager
netstat -tlnp | grep 7750
```
### Port Conflicts
```bash
# Check if port 7750 is in use
lsof -i :7750
```
### Docker Issues
```bash
# Check Pulsar Manager logs
docker logs pulsar-manager
# Restart if needed
docker restart pulsar-manager
```
Reference in a new issue Copy permalink