How to set up?

Depending on your needs, of the following installation options can be suitable:

Setting up for evaluation/demo purposes

The following Docker Compose-based setup is intended for demo and evaluation purposes only and is not recommended for production use due to security and performance concerns. For the sake of installation simplicity, this setup contains a hard-coded JWT secret key, which is not secure. For an enterprise-grade setup, consider Kubernetes-based deployment of the provided containers (see Helm Chart), production compose setup, or another supported option.
For RHEL with SELinux enabled runtime only

Allow the 389 (LDAP) and 80 (frontend HTTP) ports for usage in the SELinux subsystem:

sudo semanage port -a -t http_port_t -p tcp 80
sudo echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
sudo sysctl -p

To run Governor locally for evaluation:

  1. Install Docker.

  2. Download and unzip governor-compose.zip, which contains the Docker Compose scripts and demo database dumps.

  3. Navigate to the unzipped directory and run:

docker compose pull
docker compose up

The UI will be available at http://localhost:80. Use the predefined credentials to log in: test@synthesized.io / Qq12345_.

Connection details for demo source and target databases (host transformed_db, port 5432) are valid inside the internal Docker Compose network. To access the databases from the host machine, use localhost and port 5433.

If you prefer using Podman and Podman Compose instead of Docker, make the following changes:

  • In docker-compose.yml, add the :Z SELinux relabeling option to all volume mounts:

    volumes:
      - "./initdb/create_governor_db.sql:/docker-entrypoint-initdb.d/1.sql:Z"
      - "./initdb/create_governor_schema.sql:/docker-entrypoint-initdb.d/2.sql:Z"
  • Change the Governor UI service port mapping to avoid privileged ports:

    If you have already performed the SELinux configuration steps above (allowing port 80 for unprivileged usage), changing the port mapping is not necessary and you can keep 80:80.
    ports:
      - "8080:80"
  • Start Governor using:

    podman-compose pull
    podman-compose up

    The UI will then be available at http://localhost:8080.

Remember to append :Z to all volume mounts to comply with SELinux restrictions.

(Optional) Setting up a volume for Governor Postgres DB

Governor uses a PostgreSQL database to store its configuration and state. By default, the data is stored inside the Docker container, which means it will be lost if the container is removed. To enable data persistence, you can mount a folder from your local filesystem as a volume:

  • uncomment the line: <Governor DB host directory path>:/var/lib/postgresql/data"

  • Replace <Governor DB host directory path> with an absolute path on your machine where you’d like to store the database files.

This ensures that database data will be persisted between restarts of the container or Docker daemon. Optionally, you can do the same for transformed database by replacing <transformed DB host directory path>.

(Optional) Setting up a volume for RocksDB

Synthesized TDK embedded into Governor relies on RocksDB embedded key-value store to speed up its performance. However, having RocksDB folder inside the container can lead to problems both with performance and space restrictions. In order to set up a volume on your local filesystem:

  • uncomment volumes section in docker-compose.yml

  • uncomment - <RocksDB host directory path>:/app/rocksdb line and substitute your path to RocksDB folder.

  • make sure this folder is accessible for Docker using chmod 777<RocksDB host directory path> command.

(Optional) Setting up a volume for log files

If you are willing to store Governor log files locally instead having them in the container, do the following:

  • uncomment volumes section in docker-compose.yml

  • uncomment - <logs host directory path>:/app/logs line and substitute your path to logs folder.

  • make sure this folder is accessible for Docker using chmod 777 <logs host directory path> command.

You must use separate folders on the host machine for each of the following paths: <Governor DB host directory path>, <transformed DB host directory path>, <RocksDB host directory path>, <logs host directory path>.