OpenCRVS
v1.3
v1.3
  • 👋Introduction
  • Product Specifications
    • Functional Architecture
    • Workflow management
    • Status Flow Diagram
    • Users
      • Examples
    • Core functions
      • 1. Notify event
      • 2. Declare event
      • 3. Validate event
      • 4. Register event
      • 5. Print certificate
      • 5. Issue certificate
      • 6. Search for a record
      • 7. View record
      • 8. Correct record
      • 9. Verify record
      • 10. Archive record
      • 11. Vital statistics export
    • Support functions
      • 10. Login
      • 11. Audit
      • 12. Deduplication
      • 13. Performance management
      • 14. Payment
      • 15. Learning
      • 16. User support
    • Admin functions
      • 17. User management
      • 18. Comms management
      • 19. Content management
      • 20. Config management
    • Data functions
      • 21. Legacy data import
      • 22. Legacy paper import
  • Technology
    • Architecture
      • Performance tests
    • Standards
      • FHIR Documents
        • Event Composition
        • Person
        • Registration Task
        • Event Observations
        • Locations
    • Security
    • Interoperability
      • Create a client
      • Authenticate a client
      • Event Notification clients
      • Record Search clients
      • Webhook clients
      • National ID client
      • FHIR Location REST API
      • Other ways to interoperate
  • Default configuration
    • Intro to Farajaland
    • Civil registration in Farajaland
    • OpenCRVS configuration in Farajaland
      • User / role mapping
      • Application settings
      • Declaration forms
      • Certificate templates
    • Business process flows in Farajaland
  • Setup
    • 1. Establish team
    • 2. Gather requirements
    • 3. Installation
      • 3.1 Set-up a local development environment
        • 3.1.1 Install the required dependencies
        • 3.1.2 Install OpenCRVS locally
        • 3.1.3 Starting and stopping OpenCRVS
        • 3.1.4 Log in to OpenCRVS locally
        • 3.1.5 Tooling
      • 3.2 Set-up your own country configuration
        • 3.2.1 Fork your own country configuration repository
        • 3.2.2 Set up administrative address divisions
          • 3.2.2.1 Prepare source file for administrative structure
          • 3.2.2.2 Prepare source file for statistics
        • 3.2.3 Set up CR offices and Health facilities
          • 3.2.3.1 Prepare source file for CRVS Office facilities
          • 3.2.3.2 Prepare source file for health facilities
        • 3.2.4 Set up employees & roles for testing or production
          • 3.2.3.1 Prepare source file for employees
          • 3.2.3.2 Configure role titles
        • 3.2.5 Set up application settings
          • 3.2.5.1 Configuring Metabase Dashboards
        • 3.2.6 Configure certificate templates
        • 3.2.7 Configure declaration forms
          • 3.2.7.1 Configuring an event form
        • 3.2.8 Seeding your local development environment database
          • 3.2.8.1 Clearing your local development environment database
        • 3.2.9 Countryconfig APIs explained
          • 3.2.9.1 Managing language content
      • 3.3 Set-up a server-hosted environment
        • 3.3.1 Provision your server nodes with SSH access
        • 3.3.2 Provision environment
        • 3.3.3 Provision a comms gateway
        • 3.3.4 Set up an SMTP server for OpenCRVS monitoring alerts
        • 3.3.5 Setup DNS A records
        • 3.3.6 Deploy (Automated & Manual)
        • 3.3.7 Seeding & clearing data on a server
        • 3.3.8 Automated & manual backup and manual restore
    • 4. Functional configuration
      • 4.1 Configure application settings
      • 4.2 Configure registration periods and fees
      • 4.3 Create new user roles
      • 4.4 Managing system users
    • 5. Testing
    • 6. Go-live
    • 7. Monitoring
      • 7.1 Application logs
      • 7.2 Infrastructure health
      • 7.3 Routine monitoring checklist
      • 7.4 Setting up alerts
      • 7.5 Managing a Docker Swarm
  • General
    • Contributing
    • Releases
      • v1.3.5: Release notes
      • v1.3.4: Release notes
      • v1.3.2: Release notes
      • v1.3.1: Release notes
      • v1.3.* to v1.3.* Migration notes
      • v1.3.0: Release notes
      • v1.2.* to v1.3.* Migration notes
        • v1.2 to v1.3: Form migration
      • v1.2.1: Release notes
      • Patch: Elasticsearch 7.10.2
      • v1.2.0: Release notes
      • v1.1.* to v1.2.* Migration notes
      • v.1.1.2: Release notes
      • v.1.1.1: Release notes
      • v1.1.0: Release notes
    • Interoperability roadmap
    • Product roadmap
Powered by GitBook
On this page
  1. Setup
  2. 3. Installation
  3. 3.3 Set-up a server-hosted environment

3.3.1 Provision your server nodes with SSH access

Previous3.3 Set-up a server-hosted environmentNext3.3.2 Provision environment

Last updated 1 year ago

Recomennded requirements for each server: 16GB RAM / 8CPUs / 320 GB Disk / Ubuntu 22.04 (LTS) x64

You must create a PEM(RSA), PKCS8, and RFC4716(OpenSSH) SSH Key for access to your servers. Be aware that these developers have root level access to your server. If they leave your organisation, it is your responsibility to remove their id_rsa.pub from the authorized_keys file in and on the servers.

  1. Using your hosting provider, setup 1, 3 or 5 Ubuntu server nodes with an additional backup server node in production. Take note of all generated IP addresses and server hostnames.

  2. Decide which of your IP addresses will be the manager server node. This server will be the manager in the Docker Swarm and the main server you will regularly SSH into to perform commands in this documentation.

  3. Ensure that you have created SSH keys using Then use to copy the public key: id_rsa.pub key to all servers' .ssh/authorized_keys file. Use the following command to copy and paste the id_rsa.pub key into the All public keys in this file will have SSH access to the server. Never reveal the id_rsa file! 

    cat ~/.ssh/id_rsa.pub

  4. For production deployments of 3 or 5 servers, ensure that the manager server node can ssh into all the other servers by itself if required in a bash script. SSH into manager server node and create an ssh key using Then use to copy the public key: id_rsa.pub key to the 2-4 other servers' .ssh/authorized_keys file. SSH into the manager server node, and confirm that you can SSH into all nodes from inside the manager server node.

You are now ready to exit all nodes and run the Ansible command from your local environment to install the required dependencies on the servers. To set up a backup server in production, refer to the next step.

Setting up a backup server for production

In the next step, your servers will be configured. In this configuration process, OpenCRVS can optionally set up a scheduled task in Ubuntu's crontab to backup OpenCRVS every night to another external server.

  1. If you are setting up a backup server, SSH into the backup server to add the manager server node's id_rsa.pub key into its .ssh/authorised_keys file.

  2. Create a directory to store OpenCRVS backups, e.g /root/opencrvs

  3. SSH into the manager server node and wnsure that the manager server can ssh into the backup server.

git
ssh-keygen.
ssh-copy-id
authorized_keys file in the countryconfig repo here.
ssh-keygen.
ssh-copy-id