Skip to content

Deployment

Jump to bottom
a-a-hofmann edited this page Jan 31, 2020 · 24 revisions

Deployment

Disclaimer: this guide assumes that git & docker are installed.

All commands are relative to Infrastructure/docker-compose-prod.yml

Pull repository to server

Pull mp-access/Infrastructure repo

git clone https://github.com/mp-access/Infrastructure.git

Env variables

Add .env file with env variables inside cloned Infrastructure repo

# Default environment variables
# Docker will inject these variables in the docker-compose file.
# These values will be overwritten if shell contains the same variables

# Database credentials
DB_USER=<postgres user>
DB_PASSWORD=<postgres password>

# Identity provider credentials
KEYCLOAK_USER=<keycloak admin user>
KEYCLOAK_PASSWORD=<keycloak admin password>
KEYCLOAK_REALM=access
AUTH_SERVER=https://info1-exercises.ifi.uzh.ch
JWK_URI=http://keycloak:8080/auth/realms/access/protocol/openid-connect/certs

# Mongo DB credentials
MONGO_DB_NAME=<mongodb DB name>
MONGO_DB_USER=<mongodb username>
MONGO_DB_PASSWORD=<mongodb password>

GITHUB_WEBHOOK_SECRET=<secret for github webhooks>
GITLAB_WEBHOOK_SECRET=<secret for gitlab webhooks>

NGINX_CONF=conf-prod.nginx

DOCKER_WORKER_HOST=<location of docker worker host>

Add repositories.json 

mkdir backend-config && touch ./backend-config/repositories.json

Example contents

{
    "repositories": [
	"https://github.com/mp-access/Template-Course",
	"https://github.com/mp-access/Mock-Course"
    ]
}

Add logs folder

mkdir ./logs

Frontend TLS certificates

Add TLS certificate chain + private key for frontend: Check docker-compose-prod.yml to see where to put them on the host.

Give correct permissions for keycloak-prod.json 

chmod o+r frontend-config/*

Docker certificates

Add the certificates that our backend needs to do mutual authentication with our docker worker. Check docker-compose-prod.yml to see where to put them on the host. At the moment under ./docker-certs

ca.pem
cert.pem
key.pem

SSH keys to pull from private repositories

Add .ssh folder with ssh keys and config for private repos (see Private repositories)

mkdir ./.ssh

Create empty folders to hold DB data

mkdir -p ./volumes/mongodb
mkdir -p ./volumes/postgres

Start the application

Start containers

docker-compose -f docker-compose-prod.yml up -d

Keycloak configuration

Add custom themes (emails, login, etc.). Check the docker-compose file for the correct path. At the moment under:

./keycloak-themes/access:/opt/jboss/keycloak/themes/access
  1. Create realm, e.g. access. Make sure it is enabled.
  2. Clients -> create -> Client ID: course-service. Use openid-connect; Access Type bearer-only.

Screenshot 2019-09-12 23 38 49

  1. Clients -> create -> Client ID: access-frontend. Use openid-connect.

Screenshot 2019-09-12 23 34 39

  1. Mappers -> create -> Course service audience

Screenshot 2019-09-12 23 40 20

  1. Mappers -> create -> Groups

Screenshot 2019-09-12 23 42 20

  1. Set email limits
Screenshot 2019-09-18 10 20 46

(6. Set realm role for analytics)

  1. Add a realm-wide role called access_admin.
  2. For each group which should have access, add the realm role.

Frontend keycloak.json

Frontend needs the correct keycloak.json file. This can be exported from keycloak after setting up the frontend application.

Clone this wiki locally