3.3.6 Deploy (Automated & Manual)

Steps required to build your country configuration to a Docker Container Registry and Deploy your OpenCRVS to a server hosted environment.

Automated continuous deployment

The easiest way to deploy OpenCRVS to your servers is to use automated continuous deployment.

Refer to our supplied "Publish image to Dockerhub" Github Action and our supplied "Deploy" Github Action in the country configuration repo to set up appropriate environments for your use case or customise your own delivery pipeline. You could rewrite our Actions for use in Gitlab, Jenkins, Travis, CircleCI or Azure Pipelines for example.

In our example, we have 3 environments provisioned in Github. These environments allow you to provision different subdomains, secrets and optional deployment properties depending on your chosen environment when running the action.

All of our workflows can be manually run from a shell script, so you can deploy from your local machine too if you like. Manual steps are explained below each automated step.

To use our automated Github Action workflow, first you need to ensure that you have set up at least one, or optionally all, of the following Git environments:

a) Staging - A useful environment for testing, where the environment variable NODE_ENV is set to development and you can create test user accounts with a 6 zero "000000" 2FA code during login. This allows us to see a debug experience.

b) QA - A quality assurance/pseudo production environment for software testers, where the environment variable NODE_ENV is set to production and a secondary exception variable QA_ENV is set to true. This allows us to see a production like experience, but with the capability of still creating test user accounts with a 6 zero "000000" 2FA code during login.

c) Production - A live environment, where NODE_ENV is set to production & QA_ENV is set to false and random 2FA is enabled so a comms Gateway must be active as in step 3.3.3.

Our supplied Github Actions are examples that cannot be edited from a fork. You should duplicate these Github Actions files if you want to make changes for your infrastructure and update the branches that dispatch them (here for example) from master, develop to master-<your country alpha3 code>, develop-<your country alpha3 code> as we described in the fork section 3.2.1.

Configure docker-compose files

There are a few environment variables you need to manually set in docker compose files for your installation. These are:

docker-compose.countryconfig.staging-deploy.yml

docker-compose.countryconfig.qa-deploy.yml

docker-compose.countryconfig.prod-deploy.yml

a) Replace any instance of the comma separated available language strings for your localisation needs. E.G.:

LANGUAGES=en,fr

b) Replace any instance of the COUNTRY code. E.G.:

COUNTRY=FAR

Publishing your country configuration

Before you can deploy, you need to make sure that your country configuration Docker image has compiled and has been pushed to your container registry (E.G. Dockerhub).

Option 1: Using our automated action to publish your country configuration

We supply an automated action to do this for you. Our "Publish image to Dockerhub" Github Action is set to automatically run on your country configuration repository whenever code is pushed to a branch named master, main or develop. This action will build and push your Docker image to Dockerhub. You must edit this action if you wish to use a different container registry.

The image will be tagged with the short Git commit hash. This hash is important to refer to and use in the deploy step.

Global repository secrets

In OpenCRVS v1.3.1 hotfix scheduled for November 6th 2023, we will be releaseing a Github Action to automate the creation of environments and secrets :-)

In Github, navigate to "Actions" and click "Publish image to Dockerhub" to see the output of the action that automates whenever code merges to "develop", "main", "master" branches. Copy the git commit hash in the Action logs to see how the Docker image was tagged. You will use it in the deploy step.

Option 2: Manually publishing your country configuration

You can navigate to the country configuration repository to build your image from the command line if you wish:

cd opencrvs-countryconfig

Export all of the required secrets as environment variables:

export DOCKER_PASSWORD=<your-docker-password> \
export DOCKER_USERNAME=<your-docker-username> \
export DOCKERHUB_ACCOUNT=<your-dockerhub-account> \
export DOCKERHUB_REPO=<your-dockerhub-repo>

Run the following script:

yarn compose:push:version

Take note of the githash at the end of the process to use in the next step ...

Deploying

Next, you need to deploy to your server environments.

  1. First create appropriate secrets and environments in Github

Create the following Github secrets for the usernames and passwords you created earlier when provisioning the servers using Ansible in step 3.3.2, along with other secrets Github will use to SSH into your servers, set the Traefik SSL hostname and connect to your container registry (E.G. Dockerhub) etc.

Note: Using a strong password service such as 1Password you should store the usernames and passwords you create in this section as you will need them regularly.

Global repository secrets

These secrets below must be set as global repository secrets in Github as they apply to all environments and are used by the Github Action:

Copy your id_rsa.pub key into the authorized_keys file

The deploy Github Action uses this library to SSH into your environments. This library depends on an PEM(RSA), PKCS8, and RFC4716(OpenSSH) SSH key. The id_rsa.pub associated with the same key must be saved into the authorized_keys file here along with the id_rsa.pub for any other developer who requires SSH access to your server. Be aware that these developers have root level access to your system and must be trusted. If they leave your organisation, it is your responsibility to remove their id_rsa.pub from the authorized_keys file in Git and on the servers.

Environment secrets

The following secrets are likely to be unique for each environment so they should be duplicated as environment secrets in Github and are used by the Github Action:

Environment variables

The following variables are likely to be unique for each environment so they should be duplicated as environment variables in Github and are used by the Github Action:

Customisable, optional environment secrets

The following secrets depend on your choice of communications provider. The Github deploy action and the deploy.sh script that the action calls will likely need to be edited according to your needs in order to customise these values.

  1. Run the Deploy action

You can deploy to your server using the automated "Deploy" Github Action. Navigate to "Actions", and click "Deploy."

a) You will be required to select the environment that you wish to deploy to.

b) You will be required to enter the OpenCRVS Core Dockerhub image tag for any tagged build on Dockerhub) to refer to the OpenCRVS Core release of choice. Usually this will be an official release if you have performed no customisations to core. E.G. v1.3.0

c) You will be required to enter the OpenCRVS Country Configuration version (or short Git hash tag for any tagged custom country configuration build on Dockerhub) to refer to your country configuration image and githash created by the previous "Publish image to Dockerhub" action. E.G. 4e39a2a

d) Click Run workflow, and watch the output to make sure that the deployment was successful.

Once the deployment is complete, you should be able to navigate to your OpenCRVS URLs.

To login to OpenCRVS: https://login.<your_domain>

To login to OpenHIM: https://openhim.<your_domain>

To login to Kibana: https://kibana.<your_domain>

To login to Minio: https://minio-console.<your_domain>

Option 2: Manual deploy

You can navigate to the country configuration repository to deploy from the command line if you wish:

cd opencrvs-countryconfig

Export all of the required secrets as environment variables, and repeat lines for any customisable secrets you require:

export DOCKER_PASSWORD=<your-docker-password> \
export DOCKER_USERNAME=<your-docker-username> \
export DOCKERHUB_ACCOUNT=<your-dockerhub-account> \
export DOCKERHUB_REPO=<your-dockerhub-repo> \
export SUPER_USER_PASSWORD=<your-super-user-password>
export ELASTICSEARCH_ADMIN_USER=elastic \
export ELASTICSEARCH_SUPERUSER_PASSWORD=<your-ELASTICSEARCH_SUPERUSER_PASSWORD> \
export MONGODB_ADMIN_USER=<your-MONGODB_ADMIN_USER> \
export MONGODB_ADMIN_PASSWORD=<your-MONGODB_ADMIN_PASSWORD> \
export MINIO_ROOT_USER=<your-MINIO_ROOT_USER> \
export MINIO_ROOT_PASSWORD=<your-MINIO_ROOT_PASSWORD> \
export KIBANA_USERNAME=<your-KIBANA_USERNAME> \
export KIBANA_PASSWORD=<your-KIBANA_PASSWORD> \
export SMTP_HOST=<your-SMTP_HOST> \
export ALERT_EMAIL=<your-ALERT_EMAIL> \
export SMTP_USERNAME=<your-SMTP_USERNAME> \
export SMTP_PASSWORD=<your-SMTP_PASSWORD> \
export SMTP_PORT=<your-SMTP_PORT>

Run the following script substituting the parameters as explained in the table below:


yarn deploy --environment=<ENVIRONMENT> --host=<DOMAIN> --version=<CORE_VERSION> --country_config_version=<COUNTRY_CONFIG_VERSION> --replicas=<REPLICAS> --clear_data=no

Last updated