Storyline for doing a deployment from scratch

Prerequisites

• Of course, one needs to have a TSD project to install the service in.
• The TSD project needs to have a separate VM for hosting the microservices inside the project.
• The setup needs a PostgreSQL database, and this would normally be ordered as a service from USIT.
• The setup depends on a proxy server that is web accessible and allowed to interface with TSD File API and TSD RabbitMQ broker.
• For storing mappings of ELIXIR AAI IDs and CEGA user IDs (may be obsolete in near future) another PostgreSQL database is needed for the services on the proxy server.

Adapting the systems first before deploying service software

• The Docker VM:
  • Install list or required software (docker, postgres-client, python3, crypt4gh).
  • Make sure the system has access to proper entropy source.
• The proxy server:
  • Install list of required software (docker, postgres-client). Make sure that openssl tool is available (usually, it's pre-installed with major Linux distributions).
  • The proxy-server needs to be whitelisted to connect to both Rabbit MQ broker (still whitelisted).
  • Prepare a non-priveleged user for the services to run as
  • Arrange for devops team to access server and maintain service installation
  • Request from TSD configuration for project
  • Request an TSD File API key (see docker config).

Preparing for services to be deployed and started

• Initiate database schema from the Docker VM.
• Configure the virtual host in the TSD RabbitMQ broker.
• Interact with ELIXIR AAI to set up the proxy service with AAI authentication (needed for later config for Docker services).
• Initiate database schema for the proxy server.

Install and configure micro-service NFEGA software

• The Docker VM:

  • Generate/restore master key pair and self-signed DOA JWT verification key pair.
  • Import Docker images for the microservices into TSD and into Docker instance.
  • Transfer the Docker Swarm template deployment YAML file from GitHub.
  • Adopt the YAML template file to the Docker VM context:
    • Configure env variables in the YAML file.
    • Configure paths for critical storage areas.
    • Generate and configure Docker secrets.
  • Run docker swarm init (only the first time).
  • Run docker stack deploy.

• The proxy server:

  • Pull images.
  • Setup Let's Encrypt or other solution to handle HTTPS certificate for the web container.
  • Retrieve Docker YAML template deployment file.
  • Adopt the YAML template file to the proxy server context:
    • Configure env variables in the YAML file.
    • Generate and configure Docker secrets.
  • Run docker swarm init (only the first time).
  • Run docker stack deploy.

Connectivity to CEGA

• All connection credentials etc. to interact with CEGA must be configured correctly in the proxy server Docker deployment YAML file.