Ace Integrity Management Service (ace-ims) provides validation of archival storage fixity checksums created by the Ace Audit Manager (ace-am), which taken together form the ACE Auditing Control Environment
This docker image is part of a set created by the University of Arizona Libraries to implement open fixity solutions based on Ace Integrity Management Service
- ace-dbstore-mysql - provides a mysql instance that will auto-create a dynamic number of ace-audit-manager databases and one ace-integrity-manager database.
- ace-integrity-management - provides the Ace Integrity Management Service service, running within the glassfish based Payara J2EE application container.
- ace-audit-manager - provides the Ace Audit Manager Service fixity calculation and verification service, running within a tomcat 8.5 web servlet container.
When looking over the ACE architecture the ace-am's role is to provide fixity auditing of an archival collection, generating checksums of files to enable the auditing. The role of the ace-ims is to prove the checksum's generated by an audit manager have not gotten corrupted. A long history of went into the development of the Integrity Manager.
There is usually many deployments of ACE Audit Service which all connect to the same ACE Integrity Management Service.
This docker image was built using instructions for ace-ims installation, which detail creating an email and database connector in the hosting j2ee application container which ace-ims runs in. The database connector requires a new empty database namespace which ace-ims will auto-create the schema on first run. Unlike ACE Audit Manager which has prebuilt releases, the ace-ims.ear is built from the source code which is hosted on gitlab. Exact details are contained in the Dockerfile for ace-ims.
This docker image of ace-ims uses the glassfish based Payara J2EE application container to run in. The admistrative console runs at port 4848 and has a default user/pswd of admin/admin.
A good comparison chart between different archiveval storage systems is provided by digitalpowrr.
- docker-compose is installed on the system.
- The host system's time synchronized with a master ntp server.
- No other service on the system is listening at port 8080 or 4848.
- An mysql variant database server to persist checksum values and runtime data. Connection to the database is controlled through docker environment variables. Note mysql is not a pre-requisite of ace-am, but of this docker image which has the mysql jdbc driver pre-installed.
- An smtp server to send emails. The smtp server settings are set by clicking on the "System Settings" top right link after ace-am is up and running.
The following environment variables control the docker setup:
- ACE_IMS_DATABASE - the database name to connect to on the database system, defaults to 'imsdb'.
- ACE_IMSDB_HOST - the database system hostname to connect to, defaults to 'db-host'
- ACE_IMSDB_PORT - the database system port to connect to, defaults '3306'
- ACE_IMSDBA_USER - the database user account to connect with, defaults to 'aceims'
- ACE_IMSDBA_PASSWORD - the database user password to connect with, defaults to 'ace'.
- ACE_IMS_SMTP_HOST - the smtp system hostname to connect to, defaults to 'db-host'
- ACE_IMS_SMTP_TLS - whether the smtp system requres secure tls connections, defaults to 'true'
- ACE_IMS_SMTP_USER - the smtp user account to connect with, defaults to 'aceims'
- ACE_IMS_SMTP_PASSWORD - the smtp user password to connect with, defaults to 'password="thisisalongpassword"'. If no password is required use " " otherwise it needs the 'password=' prefix
- ACE_IMS_BOOTSTRAP_SLEEP - on the first time startup of the container, the number of seconds to wait for a docker database container to complete bootstrapping, defaults to 45 seconds. When an external database is being used, this variable can be set to 0.
There are a couple docker-compose deployments provided:
A docker-compose example integrating with a mysql docker container is located at compose/integrity-db. If an smtp service is available then this docker-compose provides a way to quickly install and try out ace-ims.
To test out ACE Integrity Management Service, run the following commands:
git clone https://github.com/ualibraries/ace-integrity-management.git
cd ace-integrity-management/compose/integrity-db
docker-compose up -d
Then browse to http://localhost:8080/ace-ims/IMSWebService?Tester. You might need to wait about 60 seconds before the web service is fully loaded.
To validate the ace-ims SOAP connector, view its wsdl at http://localhost:8080/ace-ims/IMSWebService?wsdl
Within the glassfish console at https://localhost:4848 (default user/pswd is admin/admin) details that ace-ims has been loaded correctly are under the "Applications" node in the left pane. In particular, when the 'ace-ims' sub-node is clicked the full list of "Modules and Components" should be listed including the "View Endpoints" link for the IMSWebService.
To cleanup the above test instance, run:
git clone https://github.com/ualibraries/ace-integrity-management.git
cd ace-integrity-management/compose/integrity
docker-compose rm -fsv
docker volume prune # Enter y
Two docker containers will be created, validate by running docker ps -a
- integritydb_audit_1 - contains ace audit manager running under tomcat
- integritydb_db-host_1 - contains a mysql database used by ace audit manager.
The singleton docker-compose example located at compose/integrity just installs the ace-ims by itself, so it requires an external database and ace-ims to connect to.
This docker-compose example is more likely to be used in a production environment where there is a dedicated database used by ace-ims.