OpenCRVS
v1.7
v1.7
  • 👋Welcome!
  • CRVS Systems
    • Understanding CRVS
    • Effective digital CRVS systems
    • OpenCRVS within a government systems architecture
    • OpenCRVS Value Proposition
  • Product Specifications
    • Functional Architecture
    • Workflow management
    • Status Flow Diagram
    • User roles & scopes
      • Examples
    • Core functions
      • 1. Notify event
      • 2. Declare event
      • 3. Validate event
      • 4. Register event
      • 5. Print certificate
      • 6. Issue certificate
      • 7. Search for a record
      • 8. View record
      • 9. Correct record
      • 10. Verify record
      • 11. Archive record
      • 12. Vital statistics export
    • Support functions
      • 13. Login
      • 14. Audit
      • 15. Deduplication
      • 16. Performance management
      • 17. Payment
      • 18. Learning
      • 19. User support
      • 20. User onboarding
    • Admin functions
      • 21. User management
      • 22. Comms management
      • 23. Content management
      • 24. Config management
    • Data functions
      • 25. Legacy data import
      • 26. Legacy paper import
  • Technology
    • Architecture
      • Performance tests
    • Standards
      • FHIR Documents
        • Event Composition
        • Person
        • Registration Task
        • Event Observations
        • Locations
    • Security
    • Interoperability
      • Create a client
      • Authenticate a client
      • Event Notification clients
      • Record Search clients
      • Webhook clients
      • National ID client
      • FHIR Location REST API
      • Other ways to interoperate
  • Default configuration
    • Intro to Farajaland
    • Civil registration in Farajaland
    • OpenCRVS configuration in Farajaland
      • Application settings
      • User roles
      • Declaration forms
      • Certified Copies templates
    • Business process flows in Farajaland
  • Setup
    • 1. Planning an OpenCRVS Implementation
    • 2. Establish project and team
    • 3. Gather requirements
      • 3.1 Mapping business processes
      • 3.2 Mapping offices and user types
      • 3.3 Define your application settings
      • 3.4 Designing event declaration forms
      • 3.5 Designing a certified copy
    • 4. Installation
      • 4.1 Quick start: Set-up a local development environment
        • 4.1.1 Install the required dependencies
        • 4.1.2 Install OpenCRVS locally
        • 4.1.3 Starting and stopping OpenCRVS
        • 4.1.4 Log in to OpenCRVS locally
        • 4.1.5 Tooling
          • 4.1.5.1 WSL Support
      • 4.2 Configure: Set-up your own, local, country configuration
        • 4.2.1 Fork your own country configuration repository
        • 4.2.2 Set up administrative address divisions
          • 4.2.2.1 Prepare source file for administrative structure
          • 4.2.2.2 Prepare source file for statistics
        • 4.2.3 Set up CR offices and Health facilities
          • 4.2.3.1 Prepare source file for CRVS Office facilities
          • 4.2.3.2 Prepare source file for health facilities
        • 4.2.4 Set up employee users, and scopes, for testing or production
          • 4.2.3.1 Prepare source file for employees
          • 4.2.3.2 Configure roles and scopes
        • 4.2.5 Set up application settings
          • 4.2.5.1 Managing language content
            • 4.2.5.1.1 Informant and staff notifications
          • 4.2.5.2 Configuring Metabase Dashboards
        • 4.2.6 Configure certificate templates
        • 4.2.7 Configure declaration forms
          • 4.2.7.1 Configuring an event form
        • 4.2.8 Seeding & clearing your local databases
        • 4.2.9 Countryconfig API endpoints explained
      • 4.3 Deploy: Set-up a server-hosted environment
        • 4.3.1 Verify servers & create a "provision" user
        • 4.3.2 TLS / SSL & DNS
          • 4.3.2.1 LetsEncrypt https challenge in development environments
          • 4.3.2.2 LetsEncrypt DNS challenge in production
          • 4.3.2.3 Static TLS certificates
        • 4.3.3 Configure inventory files
        • 4.3.4 Create a Github environment
          • 4.3.4.1 Environment secrets and variables explained
          • 4.3.4.2 VPN Recipes
        • 4.3.5 Provisioning servers
          • 4.3.5.1 SSH access
          • 4.3.5.2 Building, pushing & releasing your countryconfig code
          • 4.3.5.3 Ansible tasks when provisioning
        • 4.3.6 Deploy
          • 4.3.6.1 Running a deployment
          • 4.3.6.2 Seeding a server environment
          • 4.3.6.3 Login to an OpenCRVS server
          • 4.3.6.5 Resetting a server environment
        • 4.3.7 Backup & Restore
          • 4.3.7.1 Restoring a backup
          • 4.3.7.2 Off-boarding from OpenCRVS
    • 5. Quality assurance testing
    • 6. Go-live
      • 6.1 Pre-Deployment Checklist
    • 7. Operational Support
    • 8. Monitoring
      • 8.1 Application logs
      • 8.2 Infrastructure health
      • 8.3 Routine monitoring checklist
      • 8.4 Setting up alerts
      • 8.5 Managing a Docker Swarm
  • General
    • Community
    • Contributing
    • Migration notes
    • Releases and upgrades
    • Release notes
    • Product roadmap
Powered by GitBook
On this page
  • Pre-Deployment Checklist
  • Ongoing-Costs
  • Data Security Framework
  1. Setup
  2. 6. Go-live

6.1 Pre-Deployment Checklist

Previous6. Go-liveNext7. Operational Support

Last updated 1 month ago

Pre-Deployment Checklist

We provide you with the pre-deployment checklist Excel file that you must complete before going live in your country. Some points are explained in this video and table:

Step
Explanation

Provisioning & Deployment pipelines for Backup, QA, staging & production working

Your Github Actions should all be running without any errors in logs. No red crosses!

SMTP service tested for emails and alerts

Setup DNS & TLS (HTTPS)

Verify production backups restore on staging (pre-prod/mirror)

Alert sent of SSH login

Ensure the SSH login alert is firing as mentioned above in the "SMTP service tested" description.

Verify a warning is received when disk space is at 50%, alert at 70%

Optional: Confirm Sentry errors to Slack from QA, Staging and Prod

Are National System Admin passwords updated, minimum 12 chars long and stored in a Password Manager.

Github account is owned by country and OpenCRVS Core team are removed as admins

If the OpenCRVS team have assisted you to set up your Github organisation, they must no longer have "Admin" rights in your countryconfig repository otherwise they can potentially access citizen data.

Verify firewall hides all ports from the public internet

OpenCRVS should not be accessible on the public internet. But if you decide to do this at your own risk then this command can help you discover open ports: nmap --open opencrvs.domain.com

Clear all data from production instances created during testing

Delete all test backups on backup server

SSH into the backup server and delete any test backups. Especially if you have configured the backup server to store more than the default 7 days of backups.

Delete all terminal history on all production, staging and backup servers

You might have exported secrets in Terminal to use when resetting environments or debugging. Clear the terminal history like this:

Remove OpenCRVS team members from SSH access to production, staging & backup servers

Pre-Deployment Checklist Excel

Download our Excel checklist in the "Technical" zip in the

Ongoing-Costs

As you have probably gathered from the server configuration section, some additional tooling is required to be paid for. These costs are negligble and support your installation with a secure code repository, bug tracking systems, alerting and forensic analysis.

The Ongoing-Costs Excel sheet outlines the ownerhsip, status and costs and helps you project manage the provisioning of these tools. They are explained in this video.

Ongoing-Costs Excel

Data Security Framework

The purpose of this document is to provide organisations with:

  • An understanding of data security and privacy risks.

  • An understanding of the technical steps taken in OpenCRVS to mitigate against these risks.

  • A guidance framework for the development of context-specific data security policies and procedures that should be designed and introduced by a government that has chosen to install OpenCRVS and digitise their civil registration system.

  • Security guidance for project managers and all staff involved on a temporary or continual basis in the following stages of an OpenCRVS project: a) design & implementation b) monitoring & maintenance and c) day-to-day usage of OpenCRVS.

Make sure that this document is shared with key stakeholders.

Data Security Framework

Not only should you confirm that emails are sending for staff, but you should receive emailed alerts too. If you have enabled Slack as the ALERT_EMAIL you would see an SSH login alert in Slack like this:

Your SSL certificate should be valid.

Ensure that the test is completed as documented.

To test this you need to create a temporary large file on your server. Kibana will broadcast an alert. This example terminal command creates a file of 200G:

A test Sentry error in Slack looks something like this:

The National System Admin must immediately change their password from the password that exists in . As they are a super user, they must confirm that the new password is saved in a password manager tool.

so that it is clear of any test registrations.

If the OpenCRVS team have assisted you to provision your production, staging and backup servers, their SSH access must be removed otherwise they can still access citizen data. Follow the steps as documented .

Download the Excel sheet in the "Technical" zip in the

Download the document from the "Technical" zip in the

sudo dd if=/dev/zero of=/large-file-to-trigger-alerts bs=200G count=100.
history -c
history -w
OpenCRVS Requirements Templates
OpenCRVS Requirements Templates
OpenCRVS Requirements Templates
backup & restore
prod-employees.csv
Reset the production environment
here