Skip to content

Latest commit

 

History

History
77 lines (72 loc) · 3.45 KB

README.md

File metadata and controls

77 lines (72 loc) · 3.45 KB

Deployment

Overview

This document describes deployment of mosip-side-mediator and registration-processor-opencrvs-stage.

Prerequisites

The following command line utilities.

  • psql, kubectl,helm,bash, curl, jq

Installation

  • Set up mosip_opencrvs db:
    • Navigate to db_scripts/mosip_opencrvs.
    • Configure deploy.properties, with required secrets and hostname.
    • Then run:
      ./deploy.sh deploy.properties
  • Create a new transaction type OPENCRVS_NEW in mosip_regprc/transaction_type database table.
  • Sync the OpenCRVS masterdata with MOSIP. (WIP. For now add some states and districts from OpenCRVS to MOSIP masterdata manually).
  • Onboard a new credential type partner (using partner onboarding scripts, or via MOSIP PMP UI), with;
    • name like opencrvs-partner
    • generated certificates for MOSIP OpenCRVS Mediator
    • an auth_policy that has only UIN in sharableAttributes.
    • credential_type is opencrvs.
  • After partner create, make sure that credential policy and partner are mapped with the credential_type opencrvs. Use this API to map:
    POST /v1/partnermanager/partners/{partnerId}/credentialType/opencrvs/policies/{policyName}
    
  • Furthermore, change the following settings for the opencrvs-partner client (that was just created), in keycloak admin console, in Mosip realm.
    • Change Access Type to confidential.
    • Enable Standard Flow Enabled.
    • Enable Direct Access Grants Enabled.
    • Enable Service Accounts Enabled.
    • Disable rest of all properties.
    • Change Valid Redirect URIs to *.
  • Give the following roles to this client, under Service Account Roles section:
    • SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL
    • PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL
  • Apart from creating the partner keycloak client, create a new user with the same username as the partner name (that was previously given), with any password.
  • Get certificate from OpenCRVS.
  • Run the following to install the mediator and components (The script will prompt for inputs):
    ./install.sh <cluster-kubeconfig-file>
    • OR Pass the following environment variables to the above script, if it is not desired to prompt for inputs:
      export OPENCRVS_AUTH_URL=
      export OPENCRVS_LOCATIONS_URL=
      export OPENCRVS_RECEIVE_CREDENTIAL_URL=
      export OPENCRVS_CLIENT_ID=
      export OPENCRVS_CLIENT_SECRET=
      export OPENCRVS_CLIENT_SHA_SECRET=
      export MOSIP_OPENCRVS_PARTNER_CLIENT_ID=
      export MOSIP_OPENCRVS_PARTNER_CLIENT_SECRET=
      export MOSIP_OPENCRVS_PARTNER_CLIENT_SHA_SECRET=
      export MOSIP_PRIVATE_KEY_PATH=
      export OPENCRVS_PUBLIC_KEY_PATH=
      ./install.sh <cluster-kubeconfig-file>
  • Share the details with OpenCRVS: auth_url(mosip keycloak url), partner_client_id, partner_client_secret, partner_username, partner_password.
  • Share MOSIP OpenCRVS Mediator public Certificate (that was created above).

Uploading sample birth data

  • Run the following in current directory, to upload sample birth data to mediator:
    curl -XPOST \
      -H "content-type: application/json" \
      -d @samples/sampleDataFromOpencrvs2.json \
      https://<opencrvs-hostname-for-mosip-mediator>/<mosip-mediator-webhooks-uri>
  • Replace url with http://localhost:4545/webhooks if running locally.

Uninstallation

  • Run:
    ./delete.sh <cluster-kubeconfig-file>