Le logiciel PIA est un outil distribué librement par la CNIL afin de faciliter la réalisation d’analyses d’impact sur la protection des données prévues par le RGPD.
PIA-BACK est développé avec le framework RubyOnRails mettant à disposition une API RESTful à destination des outils PIA et PIA-APP.
The PIA software is a free tool published by the CNIL which aims to help data controllers build and demonstrate compliance to the GDPR. PIA-BACK is developped with RubyOnRails providing a RESTful API for the PIA and PIA-APP applications.
You can follow for a full installation of PIA (back-end) and PIA (front-end) applications on a ubuntu 20.04 server.
- pia (front-end) application
- Ruby 3.1.x
- Rails 7.0.x
- PostgreSQL 12.0+
- CPU : i5
- Ram: 4Go
- Disk Space : 20Go
- OS : preferably Linux but other OS works as well
Basic installation on Debian you can use the following documentation: wiki.debian.org/PostgreSql
On Ubuntu you can use: help.ubuntu.com/community/PostgreSQL
Also, you need to create a new user with password.
git clone https://github.com/LINCnil/pia-back.git
cd pia-back
cp config/database.example.yml config/database.yml
Fill the fields username and password for each environment with the PostgreSQL username and password created in the step "PostgreSQL installation".
bundle install
Generate the secret_key_base with bin/rake secret and add it in your credentials using EDITOR='nano' rails credentials:edit :
secret_key_base: [Fill it with the secret key base you have generated]
Go in the root path of the back project then cp .env-example .env.
Generate the DEVISE_SECRET_KEY with bin/rake secret and paste the secret key in the file.
Generate the DEVISE_PEPPER with bin/rake secret and paste the secret key in the file.
Fill MAILER_SENDER with the default address email sender.
Fill DEFAULT_URL with the URL of your server.
If needed, fill DEFAULT_PORT to the PORT you use.
bin/rake db:create
bin/rake db:migrate
Set ENABLE_AUTHENTICATION=true inside your .env file
Enter the rails console with bin/rails c
Launch the command Doorkeeper::Application.create(name: "PIA", redirect_uri: "urn:ietf:wg:oauth:2.0:oob", scopes: ["read", "write"])
Find your Client ID and Client SECRET by using Doorkeeper::Application.select(:uid, :secret).last.uid and Doorkeeper::Application.select(:uid, :secret).last.secret
See:
You will need the CLIENT ID and the CLIENT SECRET data to enable the authentication mode in your PIA application, in the settings page.
Enter the rails console with bin/rails c
Launch the command User.create(email: 'YOUR_EMAIL', password: 'Azeazeaze123-', password_confirmation: 'Azeazeaze123-') (your password should be at least 12 characters long, with numbers and special characters).
Get your user, add him all roles and unlock him with the unlock_access! method:
a = User.last
a.is_technical_admin = true
a.is_functional_admin = true
a.is_user = true
a.unlock_access!
a.save
If you want to use the LDAP authentification mode, set DEVISE_LDAP_LOGGER=true inside your .env file.
Set up the environment credentials variables using EDITOR='nano' rails credentials:edit:
ldap_host: [Fill it with the LDAP host]
ldap_port: [Fill it with the LDAP port]
ldap_attribute: [Fill it with the LDAP attribute]
ldap_base: [Fill it with the LDAP base]
ldap_ssl: [true or false]
If admin user binding is a necessity,
set DEVISE_LDAP_LOGGER_ADMIN_BIND=true inside your .env file and set up LDAP admin user credentials:
ldap_admin_user: [Fill it with the LDAP admin user]
ldap_admin_user_password: [Fill it with admin user password]
Set up the environment credentials variables using EDITOR='nano' rails credentials:edit :
email_from: pia@xxxx.com
smtp_address: xxxx
smtp_port: xxxx
smtp_domain: xxxx
smtp_user_name: xxxx
smtp_password: xxxx
smtp_authentication: :cram_md5
smtp_enable_starttls_auto: true
The PIA tool can send different emails when the authentication module is enabled (new user, new evaluation ready, ...).
The default locale for the content of the authentication emails is English (en).
Define DEFAULT_LOCALE="[locale key]" inside your .env file to change the locale.
For example, if you want to have French translations for the authenication emails, configure DEFAULT_LOCALE="fr" in your .env file.
Supported locales: bg, cs, da, de, el, en, es, et, fi, fr, hr, hu, it, lt, lv, nl, no, pl, pt, ro, sl, sv.
-
bin/rails syour server will be accessible with the URLlocalhost:3000 -
You can specify the option
-bto bind to a public IP address or domain name and-pto use a different port.For example:
bin/rails s -b 123.456.789.101 -p 8080your server will be accessible with the URL123.456.789.101:8080 -
Then, in the pia (front-end) application, use this URL to enable the server mode.
-
Fill the field in "Tools" > "Settings"
-
Every user will have to fill the server URL, the client ID and the client SECRET fields to access the authentication interface.
- Fill the
productionsection in thedatabase.ymlfile. - Create the database:
RAILS_ENV=production bin/rake db:create - Create the tables:
RAILS_ENV=production bin/rake db:migrate - Run the server:
RAILS_ENV=production bin/rails s
Go to the folder pia-back : cd pia-back
Update the repository : git pull
Update the dependencies : bundle install
Update the database : RAILS_ENV=production bin/rake db:migrate
bin/rake
Pia back mailer work with rails-i18n. For update default locale, go to change this line in rails configuration:
In config/application.rb
config.i18n.default_locale = :en
- Docker set-up (Kosmas Schütz): a Docker-Compose configuration for production purpose. Everything is automated from creating containers to setting up the database.
- Installation runbook (ylachgar): runbook to install the pia tool server version on a ubuntu 17.10 server.