OpenCRVS 1.3 application deployment 3.3.6

[mihiruk]

Hello Team,

Can you please guide me how to do that setting up the Environment secrets under the topic of 3.3.6,
bit confusing on adding the records to the known_hosts file, I'm able to ssh from my local env to node manager (ssh root@), and my public key stored inside of the authorized_key in the path of /home/ubuntu/.ssh (/home/ubuntu/.ssh/ authorized_key) in the node manager, so no idea on why we need to create another file called known_hosts, can you briefly explain and guide me, please?

[rikukissa]

Hi there! The purpose of this file is to allow Github Actions to verify the deployment target SSH host is really the same computer your own local machine reaches with the SSH address. So this variable is only used as part of automated deployment but doesn't have any significance once the environment is deployed.

You can see how the variable is used here:
https://github.com/opencrvs/opencrvs-farajaland/blob/develop/.github/workflows/deploy.yml#L63-L67

I personally tend to run this command locally and paste the output to the KNOWN_HOSTS Github Secret

ssh-keyscan -H my-opencrvs-instance.opencrvs.org,162.12.140.73

Let me know if this helps!

[mihiruk]

all the docker containers are running also on the target server

[mihiruk]

Hello Team,

Hope you have a good weekend!
Reminder on this and If you find any clue, please update us.
Im updating an SS of the services that deployed in the swarm herewith

Thanks

[mihiruk]

Hello Team,

Do u have any idea about this?

Thanks

[rikukissa]

Hi! I don't seem to be able to connect to http://login.slashsuite.com/ either. Is the server in an internal network you need a VPN to connect to? Let's encrypt only fetches the SSL certificates and you should be able to browse to login.slashsuite.com even before these are set up.

Your Trafik doesn't seem to be running. Could you give me the output of

docker service ps opencrvs_traefik --no-trunc

[mihiruk]

Hi, we deployed on AWS EC2 server which is attached to a firewall known as a security group. we opened a new rule and let reach pretty much all the traffic for the moment, I think there are no restrictions from the firewall level. I will attach an SS as well. also i could see few errors for above CMD, please find it

[mihiruk]

[rikukissa]

Seems like there's already something else running in the port 80 🤔 What do you get if you run lsof -i:80

[mihiruk]

is it because of running nginx?

[mihiruk]

other day, nginx was installed mistakenly by us 🙄

[rikukissa]

Yea :) That must be it. Try removing it and then

docker service scale opencrvs_traefik=0
docker service scale opencrvs_traefik=1

[mihiruk]

[mihiruk]

let me try, could you please stay tuned with us until this will get solved pls
Thanks

[mihiruk]

Hi @rikukissa site is working for me when I changed my network,
but no idea which username and password to use to log to the system, 🤔 can you help me out on this?

Also, I have another concern that our root domain (slashsuite.com) which we use for hosting the Opencrvs system also used for hosting several different services, hence we can't use login.<your_domain> type, in future. Are there any modifications that need to be done from the code level if domain records form as following

login.opencrvs.slashsuite.com
kibana.opencrvs.slashsuite.com

[mihiruk]

failed service now up

[rikukissa]

Great! Next you most likely need to seed the database and then you should be able to log in.

[mihiruk]

but still im getting previous erros

[rikukissa]

That's just the output showing what happened to the previously attempted containers. The top one is current which started successfully.

[mihiruk]

But isof ensured nginx was removed

[mihiruk]

Thats great, still i cant access these sites, 😢

login.slashsuite.com
kibana.slashsuite.com
minio-console.slashsuite.com

[rikukissa]

This is what I see

[mihiruk]

Oh let me check pls

[mihiruk]

hi those are not working for me, but working well for my colleagues lol
could be the caching right?

[rikukissa]

Interesting.. could be 🤔 Can you try running curl -L http://login.slashsuite.com/ locally? It should return an HTML page

[mihiruk]

yes its working, early it could only see once i logged into the container, (docker exec), nginx could be the reason.
its working locally for me, i will see whats cause of not working from the browser level

[rikukissa]

Sure! Glad you got it working

[mihiruk]

And thank you soo much, @riku Rouvila you saved my time
and other thing, we actually didn't add anything related to our own country, we just configured farajaland configuration as will be doing just a demo , later we will create our own country config, is it ok right?

[rikukissa]

That's perfectly fine 👍

[mihiruk]

Hi @rikukissa site is working for me when I changed my network,
but no idea which username and password to use to log to the system, 🤔 can you help me out on this?

Also, I have another concern that our root domain (slashsuite.com) which we use for hosting the Opencrvs system also used for hosting several different services, hence we can't use login.<your_domain> type, in future. Are there any modifications that need to be done from the code level if domain records form as following

login.opencrvs.slashsuite.com
kibana.opencrvs.slashsuite.com

[rikukissa]

I think there should not be any issue using subdomains like the ones you describe as long as the deployment is done with HOSTNAME=opencrvs.slashsuite.com and CONTENT_SECURITY_POLICY_WILDCARD=*.opencrvs.slashsuite.com.

The default users are created as part of a process called "seeding". You can read about it here: https://documentation.opencrvs.org/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.7-seeding-and-clearing-data-on-a-server

After you've done this, you should be able to login with the users defined in this CSV file.

[mihiruk]

Referring to the above concern about the username and password

[euanmillar]

@mihiruk did you get any errors when seeding the database as @rikukissa described here: #6220 (reply in thread). Also "admin" is not one of the default testing users in the fake country "Farajaland" to log in as described here: https://documentation.opencrvs.org/setup/3.-installation/3.2-set-up-your-own-country-configuration/3.2.4-set-up-employees-for-testing-or-production/3.2.3.1-prepare-source-file-for-test-employees. You are just using default users at this time correct? @mihiruk we can offer you more dedicated support if you email us at [email protected] and please answer the following questions:

Please tell us your full name and how you wish to be referred to.
Please tell us the name of the organisation or company you work for.
Are you working with a government on an active country implementation? ... If so, which country’s implementation are you working on?
Which of these describes your project best?

• Testing OpenCRVS for business development, educational purposes or for personal interest
• A research project to evaluate, configure and test OpenCRVS as a possible solution for a government, an active brief or proposal. (If so, tell us about your project, brief, the client and timeline if you can.)
• Actively installing and configuring OpenCRVS Core for production use in a country.
• Customising OpenCRVS Core code in production in a country

Want to build your skills and get your organisation formally accredited on the OpenCRVS platform? Learn more on the OpenCRVS Implementation Partner briefing calls on 30th November.
There are 2 events planned for different time zones:
9am CET: https://lnkd.in/eeTURyKz
4pm CET: https://lnkd.in/eTmnTDZv

[mihiruk]

@euanmillar Hello, yes @rikukissa helped a lot, i was able to resolve almost all the issues, now the system is working well as expected.
I will write you for the questions raised.

[mihiruk]

@euanmillar I am Mihiruk and currently working as a DevOps engineer at Bevolv, which is a subsidiary of Inova IT Systems (Pvt) Ltd.As a preparation for the implementation partner program/session we have successfully deployed OpenCRVS 1.3. Our team will connect tomorrow for the session. Thank you so much!

[mihiruk]

Hello Team,

I was unable to re-seed data with customized default-employees.csv data. The seed action gets canceled by throwing an error message as mentioned bellow.
Any idea?

[euanmillar]

@mihiruk You asked a question by email about OTP, adding other email addresses etc and this is explained in the documentation.

A comms gateway such as an SMTP Email API service is required to send OTP codes to real email addresses and this requires extensive configuration described in that step. But as the documentation states, the code is six zeros 000000 during development.

Regarding seeding, did you set the SUPER_USER_PASSWORD environment secret used when seeding as also described in the documentation. https://documentation.opencrvs.org/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.6-deploy-automated-and-manual

May I suggest that you thoroughly refer to the docs again as I think all the answers you need are there. In the Implementation Partner Programme we will train you step by step through this, so perhaps you should wait until then. We will also share videos on YouTube for every step in case you are unable to join it.

[mihiruk]

Thanks for the feedback given, yeah we have configured the required configurations such as SMTP and such, the document really helped and everything is explained so neatly, but there are a few confusions, hope we can sort it down going forward. Now we are in the process of re-seeding customized user details, I think the SUPER_USER_PASSWORD issue got resolved. having another issue while the date is being seeded, I think it's a data formatting issue as I believe. hope it's not that much critical