3.3.1 Provision your server nodes with SSH access

Recomennded requirements for each server: 16GB RAM / 8CPUs / 320 GB Disk / Ubuntu 22.04 (LTS) x64

You must create a PEM(RSA), PKCS8, and RFC4716(OpenSSH) SSH Key for access to your servers. Be aware that these developers have root level access to your server. If they leave your organisation, it is your responsibility to remove their id_rsa.pub from the authorized_keys file in git and on the servers.

  1. Using your hosting provider, setup 1, 3 or 5 Ubuntu server nodes with an additional backup server node in production. Take note of all generated IP addresses and server hostnames.

  2. Decide which of your IP addresses will be the manager server node. This server will be the manager in the Docker Swarm and the main server you will regularly SSH into to perform commands in this documentation.

  3. Ensure that you have created SSH keys using ssh-keygen. Then use ssh-copy-id to copy the public key: id_rsa.pub key to all servers' .ssh/authorized_keys file. Use the following command to copy and paste the id_rsa.pub key into the authorized_keys file in the countryconfig repo here. All public keys in this file will have SSH access to the server. Never reveal the id_rsa file!

    cat ~/.ssh/id_rsa.pub

  4. For production deployments of 3 or 5 servers, ensure that the manager server node can ssh into all the other servers by itself if required in a bash script. SSH into manager server node and create an ssh key using ssh-keygen. Then use ssh-copy-id to copy the public key: id_rsa.pub key to the 2-4 other servers' .ssh/authorized_keys file. SSH into the manager server node, and confirm that you can SSH into all nodes from inside the manager server node.

You are now ready to exit all nodes and run the Ansible command from your local environment to install the required dependencies on the servers. To set up a backup server in production, refer to the next step.

Setting up a backup server for production

In the next step, your servers will be configured. In this configuration process, OpenCRVS can optionally set up a scheduled task in Ubuntu's crontab to backup OpenCRVS every night to another external server.

  1. If you are setting up a backup server, SSH into the backup server to add the manager server node's id_rsa.pub key into its .ssh/authorised_keys file.

  2. Create a directory to store OpenCRVS backups, e.g /root/opencrvs

  3. SSH into the manager server node and wnsure that the manager server can ssh into the backup server.

Last updated