Setting up CFTLib on Windows (WSL)

cftlib-on-windows.md

#cftlib

Setting up CFTLib on Windows (WSL)

ET Onboarding Script

If you're brand new to ET entirely, see this install script for setting up basic dependencies like installing the AzureCLI and cloning repos etc...

1. Get a WSL instance - wsl --install -d Ubuntu
2. Start the WSL instance with wsl
3. Download the script wget https://gist.githubusercontent.com/JackReevies/9f8c87f357b3bb779e20fb5c5f2774bc/raw/et-onboarding.sh
4. Make the script executable sudo chmod +x et-onboarding.sh
5. Execute the script ./et-onboarding.sh
6. Follow on screen instructions (you may need to run a couple of times if you don't have an SSH key setup)
7. Get docker working in WSL (up to you how you prefer to do this - but I suggest installing docker desktop on Windows and configuring it to use WSL2)

1. Kill all containers related to ecm-ccd-docker

# Either use FlexUI to do this with the Docker / ECM Setup > Kill + Delete + Docker prune options selected ONLY
# Or follow these instructions to manually purge docker
# FlexUI will only target containers *known* to HMCTS whereas the commands listed below will DESTROY EVERYTHING
docker kill $(docker ps -q) # Kill ALL containers
docker rm $(docker ps -a -q) # Remove ALL containers
docker system prune -a --volumes --force # Remove ALL images / networks / volumes 

2. Login to HMCTS container registries

az acr login --name hmctspublic

3. REPLACE environment variables in .bashrc

You may have a ton of envvars in your bashrc from ecm-ccd-docker, you won't need those anymore and they may even conflict with some of the defaults that CFTLib uses *Note: Some values have been redacted to protect potentially sensitive data. You may also need to correct paths to CCD configs

# For xui-manage-cases
export XUI_LD_ID="<redacted>"

# For xui-manage-org
export NOTIFY_MCA_API_KEY="notify-test-api-key"
export MCA_DS_PROXY_URLS_ALLOWED_LIST="/searchCases.*,/internal/searchCases.*,/internal/cases.*"
export MCA_DEF_STORE_PROXY_URLS_ALLOWED_LIS="T/api/display/challenge-questions.*"
export MCA_CONDITIONAL_APIS_CASE_ASSIGNMENTS_ENABLED="true"
export IDAM_CAA_USERNAME="<redacted>"
export IDAM_CAA_PASSWORD="<redacted>"
export IDAM_NOC_APPROVER_USERNAME="<redacted>"
export IDAM_NOC_APPROVER_PASSWORD="<redacted>"

# For CFTLib
export SCOTLAND_CCD_CONFIG_PATH="/home/jack/et-ccd-definitions-scotland"
export ADMIN_CCD_CONFIG_PATH="/home/jack/et-ccd-definitions-admin"
export ENGLANDWALES_CCD_CONFIG_PATH="/home/jack/et-ccd-definitions-englandwales"
export SERVICES_PRD_COMMONDATA_API="http://host.docker.internal:8765" # Needed for CaseFlags and CaseLinking
export SERVICES_LOCATION_REF_API_URL="http://host.docker.internal:8765"
export SERVICES_PRD_API="http://host.docker.internal:8765"
export SERVICES_PAYMENTS_URL="http://host.docker.internal:8765"
export SERVICEBUS_FAKE='true'

export XUI_SYSTEM_USER_PASSWORD=Password # (Maybe) Needed for running xui-manage-cases seperately
export [email protected] # (Maybe) Needed for running xui-manage-cases seperately
export XUI_DOCUMENTS_API=http://host.docker.internal:5005 # (Maybe) Needed for running xui-manage-cases seperately
export XUI_OAUTH_SECRET=AAAAAAAAAAAAAAAC # (Maybe) Needed for running xui-manage-cases seperately
export XUI_S2S_URL=http://host.docker.internal:8489 # (Maybe) Needed for running xui-manage-cases seperately
export XUI_IDAM_API_URL=http://host.docker.internal:5062 # (Maybe) Needed for running xui-manage-cases seperately
export XUI_SERVICE_KEY=AAAAAAAAAAAAAAAA # (Maybe) Needed for running xui-manage-cases seperately
export XUI_IDAM_LOGIN_URL=http://localhost:5062 # (Maybe) Needed for running xui-manage-cases seperately
export XUI_DOCUMENTS_API_2=http://host.docker.internal:4455 # (Maybe) Needed for running xui-manage-cases seperately

# For et-ccd-callbacks
export GOV_NOTIFY_API_KEY="<redacted>"
export TORNADO_ACCESS_KEY="<redacted>"
export ET_COS_SYSTEM_USER="<redacted>"
export ET_COS_SYSTEM_USER_PASSWORD="<redacted>"
export EXUI_CASE_DETAILS_URL="http://localhost:3455/cases/case-details/"
export CITIZEN_CASE_DETAILS_URL="http://localhost:3001/citizen-hub/"

# For et-sya-frontend
export ADDRESS_LOOKUP_TOKEN=<redacted>

# For et-sya-frontend
export IDAM_API_BASEURL="http://localhost:5062"
export IDAM_JWKS_BASEURL="http://localhost:5062/o/jwks"
export SERVICE_AUTH_PROVIDER_URL="http://localhost:8489"

4. Pull the IdAM image

docker pull hmctspublic.azurecr.io/hmcts/rse/rse-idam-simulator:latest

5. Port forward JVM ports

• Find your WSL IP with hostname -I in a WSL terminal and replace <YOUR WSL IP HERE> with that value.
• Run these in a Windows terminal

Start-Process netsh.exe -ArgumentList 'interface portproxy add v4tov4 listenport=8489 listenaddress=0.0.0.0 connectport=8489 connectaddress=<YOUR WSL IP HERE>' -Verb runas
Start-Process netsh.exe -ArgumentList 'interface portproxy add v4tov4 listenport=4096 listenaddress=0.0.0.0 connectport=4096 connectaddress=<YOUR WSL IP HERE>' -Verb runas
Start-Process netsh.exe -ArgumentList 'interface portproxy add v4tov4 listenport=4452 listenaddress=0.0.0.0 connectport=4452 connectaddress=<YOUR WSL IP HERE>' -Verb runas
Start-Process netsh.exe -ArgumentList 'interface portproxy add v4tov4 listenport=4454 listenaddress=0.0.0.0 connectport=4454 connectaddress=<YOUR WSL IP HERE>' -Verb runas
Start-Process netsh.exe -ArgumentList 'interface portproxy add v4tov4 listenport=4455 listenaddress=0.0.0.0 connectport=4455 connectaddress=<YOUR WSL IP HERE>' -Verb runas

Use netsh interface portproxy show v4tov4 to verify if these were successful

6. Change ports in et-sya-frontend

• et-sya-frontend/config/development.json

{
- "port": 3001,
+ "port": 3002,
  "services": {
    "idam": {
      "clientID": "et-sya",
-     "authorizationURL": "http://localhost:5000/login",
+     "authorizationURL": "http://localhost:5062/login",
      "clientSecret": "test1234",
-     "tokenURL": "http://localhost:5000/o/token",
+     "tokenURL": "http://localhost:5062/o/token"
    },

7. Change PCQ redirect URL in et-sya-frontend (Optional)

• et-sya-frontend/src/main/pcq/index.ts

Note: This isn't needed if the PCQ_ENABLED is set to false in env vars

export const getHost = (res: Response): string => {
-  return res.locals.host === 'localhost' ? `${res.locals.host}:3001` : res.locals.host;
+  return res.locals.host === 'localhost' ? `${res.locals.host}:3002` : res.locals.host;
};

8. Start up services

Service	Command
et-ccd-callbacks	./gradlew bootWithCCD
et-sya-api	./gradlew bootRun --args='--spring.profiles.active=cftlib'
et-sya-frontend	yarn start:dev-red

Note: There's currently an issue in CFTLib where xui-manage-cases and xui-manage-org exit early and need to be manually restarted. Either start this through docker desktop UI or run docker start cftlib-xui-manage-org-1 cftlib-xui-manage-cases-1

9. Generate and Import configs (optional)

This step is only required if you explicitly set CFTLIB_IMPORT_CCD_DEFS_ON_BOOT to false Note: You'll still need to generate the configs first with the same yarn generate command but using cftlib as the parameter instead of local (this also works in flexui)

	./et-ccd-callbacks/bin/utils/import-ccd-definition.sh path/to/et-ccd-definitions-englandwales/definitions/xlsx/et-englandwales-ccd-config-cftlib.xlsx
	./et-ccd-callbacks/bin/utils/import-ccd-definition.sh path/to/et-ccd-definitions-scotland/definitions/xlsx/et-scotland-ccd-config-cftlib.xlsx

Verifying it works

• Create a case on ExUI (shows postgres works)
• Upload a document (shows dm store / blob storage works)
• Create an application with a document and view the application (shows that we can contact CCD case document service)
• Create a case on CitUI (shows that frontend can talk to et-sya-api can talk to callbacks)
• Go through NoC (shows that manage org env vars have taken)
• Make sure emails have sent by checking GovUK Notify (or looking for errors in the callbacks terminal)

Troubleshooting

Address resolution failures (ie, docker-auth.elastic.co)

V1's VPN's DNS acts weird with some addresses - try overriding the DNS WSL uses by changing the nameserver in /etc/resolv.conf to a public DNS like 1.1.1.1

sudo nano /etc/resolv.conf

# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf
# [network]
# generateResolvConf = false
+ nameserver 1.1.1.1
- nameserver 172.18.16.1

You may also need to follow the instructions in the comment of that file to get this to persist beyond a restart. Warning: this will break the HMCTS VPN working inside WSL

X service can't talk to Y service

With WSL we need to forward various ports to enable docker containers to talk to services running inside WSL. CFTLib exposes the following services:

Service	Port
CCD definition store	4451
CCD data store	4452
CCD user profile	4453
CCD case document Access Management	4455
AM role assignment service	4096
AAC assign access to a case	4454
XUI Manage cases	4454
XUI Manage org	4454
IDAM Simulator*	5062
S2S Simulator*	8489

The steps above are only forwarding 5 of the 8 ports, I didn't want to blindly forward all of ports because some containers may never need to talk to some services (ports not forwarded are 4451, 4452 and 4453). CFTLib services running in the JVM talking to other services running in the JVM should not need to be forwarded.

"I/O error on POST....failed to respond" when uploading documents on ExUI

• Check docker logs for dm-store container - it's likely the application got stuck doing flyway migrations, usually a reboot here helps
• This behaviour also happens under ecm-ccd-docker but FlexUI deals with it under the hood ;)

Can't run docker ps without sudo

You'll need to be able to run without sudo. Try adding your user to the docker group

sudo adduser $USER docker
docker ps # Verify the command can be run without sudo

Stuck at "Idam not ready..."

• Make sure you've pulled the image separately (step 4)
• If the image exists locally, you may need to re-auth (step 2)

Wiremock doesn't launch

If you start it manually it'll likely complain about not being to read from the mocks directory. No idea why this happens. But deleting the container and relaunching CFTLib usually fixes