Installation

Eclipse can be packaged and installed in many ways and is not prescriptive on the runtime architecture. EFTCorp however installs it using AWS ECS on the AWS stack. For on-premise installations, AWS tooling is typically used along with ECS-Anywhere so that EFTCorp can manage the stack in a standardised familiar way with the same tooling for all management.

That being said, Eclipse is essentially:

MySQL 8 (latest sub version)
A backend docker image that needs a MySQL database connection to pull all further configuration.
A frontend docker image that runs NGINX and serves the Angular based portal.

The 2 docker images are provided to licensed customers by pushing to a private docker registry (typically ECR). Every time a production CI/CD build is run, the latest docker images are pushed to all customer registries. Customers can then choose to deploy following their own change control processes.

Within the Eclipse backend docker image, all Microservices are packaged together for ease of deployment and lower cost. There is however nothing stopping deployments from being broken up across Microservices but that is not within the scope of this installation guide.

MySQL Setup

The latest version of MySQL 8 is recommended. The mysql system time must be UTC. The collation should be case insensitive and use to utf8mb4 char set. As an example, to create a database schema called eclipse, use:

CREATE DATABASE eclipse /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci / /!80016 DEFAULT ENCRYPTION=\'N\' */

Backend Setup

Multiple instances of the backend can run and they use hazelcast to set up a cluster amongst themselves. The hazelcast configuration sits in property hazelcast.config and its recommended to use the Eclipse hazelcast discovery plugin in the config so that nodes can discover each other without the need for multicast:

<discovery-strategy enabled="true" class="com.ukheshe.arch.impl.hazelcast.discovery.UKDiscoveryStrategy">

Refer to Hazelcast standard documentation for the setup of interfaces. A good starting point is:

<?xml version="1.0" encoding="UTF-8"?>
<hazelcast xmlns="http://www.hazelcast.com/schema/config"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.hazelcast.com/schema/config http://www.hazelcast.com/schema/config/hazelcast-config-5.3.xsd">

   <cluster-name>SomeNameForYourCluster</cluster-name>

   <map name="default">
        <backup-count>1</backup-count>
        <async-backup-count>1</async-backup-count>
    </map>
   <properties>
      <property name="hazelcast.shutdownhook.enabled">false</property>
      <property name="hazelcast.discovery.enabled">true</property>
      <property name="hazelcast.heartbeat.failuredetector.type">deadline</property>
      <property name="hazelcast.heartbeat.interval.seconds">5</property>
      <property name="hazelcast.max.no.heartbeat.seconds">20</property>
   </properties>
   <network>
       <interfaces enabled="true">
            <interface>Site 1 subnet e.g. 10.20.21.*</interface>
            <interface>Site 2 subnet e.g. 10.20.22.*</interface>
       </interfaces>

      <port auto-increment="false" port-count="1">5701</port>
      <join>
         <multicast enabled="false"/>
         <tcp-ip enabled="false"/>
         <discovery-strategies>
            <discovery-strategy enabled="true" class="com.ukheshe.arch.impl.hazelcast.discovery.UKDiscoveryStrategy">
               <properties>
               </properties>
            </discovery-strategy>
         </discovery-strategies>
      </join>
   </network>
</hazelcast>

The property table only exists after the initial boot so one can add the config after an initial boot. Always start Eclipse with one instance at first and then add additional instances once all the schema has been created and the system is operational.

The Eclipse docker image can be run in ECS, Kubernetes, Docker Swarm, Docker Compose, Plain Docker etc. The only requirement is that the following environment variables be passed into the container:

ENV Parameter	Description	Example
MYSQLHOST	Hostname/IP and Port to connect to MySQL	10.34.22.2:3306
MYSQLUSER	Username for a MySQL user that has full access to the MYSQLSCHEMA. This parameter can optionally be populated with the ARN of an AWS secrets manager secret that has a JSON value with username and password e.g. {"username": "eclipse", "password": "1234567890"}	eclipse or arn:aws:secretsmanager:eu-west-1:673586870961:secret:MySQLOdZimCredentials-1111111
MYSQLPASS	Password of the MYSQLUSER. This parameter can optionally be populated with the ARN of an AWS secrets manager secret that has a JSON value with username and password e.g. {"username": "eclipse", "password": "1234567890"}	1234567890 or arn:aws:secretsmanager:eu-west-1:673586870961:secret:MySQLOdZimCredentials-1111111
MYSQLSCHEMA	Schema name (must exist) in MySQL that Eclipse will use	eclipse
UK_ENVIRONMENT	For production environments, make sure this starts with PROD_ and then a name. Set to DEV_TEST for DEV or TEST environments	PROD_MYBANK
TLSLISTENPORT	If specified as an individual port (e.g. 8443) then a listener will be bound for TLS traffic on this port. If a range is provided (e.g. 8000-8009) then a random port in this range (inclusive) will be chosen that is currently not bound	8443
ONLYTLS	Set to true to only use TLS	true
CORS	If true, then Cross origin requests will be allowed from any domain. If false, they wont	true
JAEGERNAME	The service name prefix to use for Jaeger traces e.g. EclipseODZW	EclipseODZW
HEAPSETTINGSOVERRIDE	The JVM heap settings to use. Recommended to set this to -XmsZM -XmxZM where Z is the number of Megabytes for the Heap. Set Z to 60% of the containers allocated RAM.	-Xms2000M -Xmx2000M

A typical Eclipse container should have 2CPU's and 4GB RAM

When Eclipse first boots, one can login as GLOBAL_ADMIN using identity bootstrap and any password. As soon as any additional identities are added, the bootstrap user will stop functioning.

Upon boot, monitor logs for any warnings about default security keys and configs that should be changed to proper values. The admin portal can be used for all subsequent configuration as per the configuration and operator guides.

Frontend Setup

The frontend is a PWA with no state nor backend logic. Everything runs in the users browser. The Eclipse frontend docker image can be run in ECS, Kubernetes, Docker Swarm, Docker Compose, Plain Docker etc. The only requirement is that the following environment variables be passed into the container:

ENV Parameter	Description	Example
LISTENPORT	If specified as an individual port (e.g. 9000) then a listener will be bound for http traffic on this port. If a range is provided (e.g. 9000-9009) then a random port in this range (inclusive) will be chosen that is currently not bound	9000-9009
BASEURL	The base path the frontend should look for. Generally, use /admin-portal	/admin-portal
DEBUG	Set to false	false

The admin portal will call the Eclipse backend API on the same hostname as the portal, suffixed with /eclipse-conductor. The portal can run on a very small container - e.g. 1/4 CPU and 512MB RAM.