Merge branch 'master' into dockerize

privacybydesign · Dec 19, 2023 · 2856ce2 · 2856ce2
2 parents 1e5c47d + a37b128
commit 2856ce2
Show file tree

Hide file tree

Showing 6 changed files with 439 additions and 6 deletions.
diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml
@@ -0,0 +1,39 @@
+name: Delivery
+
+on: 
+  # Allow triggering pushing to GHCR manually.
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  publish-docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=staging
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}      
+
+      - name: Build container and push to GitHub Container Registry
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/docs/irma-server.md b/docs/irma-server.md
@@ -72,7 +72,13 @@ In addition, when [developer mode is not enabled in the Yivi app](yivi-app.md#de
 ### Stateless mode
 By default session states are kept in memory. If you want to run several IRMA servers in parallel or if you wish data persistence for sessions, you can use [stateless mode](stateless.md) which is implemented in the IRMA server via a Redis data store.
 
-You can enable the Redis data store in the `irma server` by setting the `store_type` option to `redis` and specifying the `redis_addr` and `redis_pw` options.
+You can enable the Redis data store in the `irma server` by setting the `store_type` option to `redis`. For stand-alone mode, you should specify the `redis_addr` and `redis_pw` options. If you use ACLs in Redis, you should also specify the `redis_username` option. If you share the Redis instance with other applications and you want your Redis keys to be scoped, you can enable the `redis_acl_use_key_prefixes` option. All keys are prefixed with the Redis username (`<redis-username>:`) then.
+
+The IRMA server also supports Redis in Sentinel mode for high availability. Instead of `redis_addr` you should then specify `redis_sentinel_addrs` (list of strings) and `redis_sentinel_master_name`.
+
+Please note that if you use Redis in Sentinel mode, you need to consider whether you accept the risk of losing session state in case of a failover. Redis does not guarantee strong consistency in these setups. We mitigated this by waiting for a write to have reached the master node and at least one replica. This means that at least two replicas should be configured for every master node to achieve high availability. Even then, there is a small chance of losing session state when a replica fails at the same time as the master node. For example, this might be problematic if you want to guarantee that a credential is not issued twice or if you need a session QR to have a long lifetime but you do want the session to be finished soon after the QR is scanned. If you require IRMA sessions to be highly consistent, you should use the default in-memory store or Redis in standalone mode. If you accept this risk, then you can enable Sentinel mode support by setting the `redis_accept_inconsistency_risk` to true.
+
+For all configuration options, check the help output of the `irma server` command (`irma server --help`).
 
 ### Keys and certificates
 For each configuration option that refers to some kind of key or certificate (for example `jwt_privkey`), there is a corresponding option with the `_file` suffix (for example `jwt_privkey_file`). Keys can be specified either by setting former to a (PEM) string, or setting the the latter to a file containing the (PEM) string.

diff --git a/docs/stateless.md b/docs/stateless.md
@@ -25,8 +25,6 @@ irma server -vv --store-type redis --redis-addr "localhost:6379" --redis-pw "pla
 
 If you want to run several IRMA servers, you can now run them behind a load balancer and connect them to the same Redis instance.
 
-> Currently a simple locking mechanism is implemented. When running several Redis instances in parallel, edge cases may occur. We recommend to use a single Redis instance.
-
 By default the IRMA server connects to Redis with TLS, using the system store of certificate authorities. Alternatively, you can specify the certificate that Redis uses, or the certificate authority with which that certificate is signed, using the `redis-tls-cert` or `redis-tls-cert-file` options. A certificate may be configured in Redis as follows:
 
 ```
@@ -50,9 +48,9 @@ It is also possible to disable TLS altogether for connections to Redis, using th
 > In production, always using TLS for Redis is recommended. If you disable TLS, be sure to run your Redis server in an internal network protected against unauthorized access.
 
 ### Using multiple Redis instances
-Currently the IRMA server does not support Redis clusters or a master/slave mode. You can only connect to one Redis address. This means that the Redis connection is currently a bottleneck and single point of failure. You could use [Redis Enterprise](https://redis.com/redis-enterprise-cloud/overview/) which will let you connect with one outward-facing Redis connection and will provide you with an underlying failover mechanism.  
+The IRMA server supports Redis in Sentinel mode, which allows you to use multiple Redis instances in a failover configuration. For data consistency, we currently require at least 1 replica to be present. This means that you need a minimum of 2 replicas for high availability. Please check the [configuration options](irma-server.md#stateless-mode) for more information about this mode.
 
-Please get in touch with us, should you wish the IRMA server to support multiple Redis instances.
+We currently do not support Redis in cluster mode. If you need support for Redis Cluster, please contact us.
 
 ### Server-sent events
-Currently the IRMA server does not support a stateless mode in combination with server-sent events. Please contact us, should you be in need of this combination.
+Currently the IRMA server does not support a stateless mode in combination with server-sent events. Please contact us, should you be in need of this combination.