Open Justice Playbook

apps/open-justice/README.md

@@ -0,0 +1,48 @@
+Open Justice Aleph
+==================
+
+Install `ansible-role-docker`
+----------------------------
+
+```
+ansible-galaxy install geerlingguy.docker
+```
+
+Post playbook
+-------------
+Start aleph in detached mode and set up tables
+
+```
+docker-compose up -d
+docker-compose run --rm shell upgrade
+```
+
+To set up a user
+----------------
+Enter the Aleph shell:
+
+```
+make shell
+```
+
+Then:
+
+```
+aleph createuser --name="Alice" \
+                 --admin \
+                 --password=123abc \
+                 [email protected]
+```
+
+Load sample data
+---------------
+
+```
+aleph crawldir /aleph/contrib/testdata
+```
+
+
+
+
+
+

apps/open-justice/aleph.env

@@ -0,0 +1,103 @@
+# Aleph environment configuration
+#
+# This file is loaded by docker-compose and transformed into a set of
+# environment variables inside the containers. These are, in turn, parsed
+# by aleph and used to configure the system.
+
+# Random string:
+ALEPH_SECRET_KEY={{aleph_secret_key}}
+
+# Visible instance name in the UI
+ALEPH_APP_TITLE=Open Justice
+# Name needs to be a slug, as it is used e.g. for the ES index, SQS queue name:
+ALEPH_APP_NAME=open-justice
+ALEPH_UI_URL=http://openjustice.openup.org.za:8080/
+
+# ALEPH_URL_SCHEME=https
+# ALEPH_FAVICON=https://investigativedashboard.org/static/favicon.ico
+# ALEPH_LOGO=http://assets.pudo.org/img/logo_bigger.png
+
+# Other customisations
+ALEPH_SAMPLE_SEARCHES=Vladimir Putin:TeliaSonera
+
+# Set email addresses, separated by colons, that will be made admin.
+# [email protected]:[email protected]
+
+# Single-user mode disables authentication and authorization autologging in any user as admin
+ALEPH_SINGLE_USER=false
+
+# Login modalities
+ALEPH_PASSWORD_LOGIN=true
+
+# OAuth configuration
+# Currently supported providers are Google, Facebook, Cognito and Azure AD OAuth
+# Note that you do not need to fill out all fields in order to use it
+ALEPH_OAUTH=false
+ALEPH_OAUTH_KEY=
+ALEPH_OAUTH_SECRET=
+
+# You also need to provide an OpenID Connect (OIDC) configuration URL. Examples:
+#
+# Google:
+# ALEPH_OAUTH_METADATA_URL=https://accounts.google.com/.well-known/openid-configuration
+#
+# KeyCloak/OCCRP:
+# ALEPH_OAUTH_METADATA_URL=https://secure.occrp.org/auth/realms/general/.well-known/openid-configuration 
+#
+# Azure:
+# ALEPH_OAUTH_METADATA_URL=https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration 
+#
+# Amazon Cognito:
+# ALEPH_OAUTH_METADATA_URL=https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/openid-configuration
+
+# Where and how to store the underlying files:
+# ARCHIVE_TYPE=file
+# ARCHIVE_PATH=/data
+
+# Or, if 'ALEPH_ARCHIVE_TYPE' configuration is 's3':
+ARCHIVE_TYPE=s3
+ARCHIVE_BUCKET=open-justice
+AWS_ACCESS_KEY_ID={{aws_access_key_id}}
+AWS_SECRET_ACCESS_KEY={{aws_secret_access_key}}
+AWS_REGION=eu-central-1
+
+# To use an external ElasticSearch service:
+# ALEPH_ELASTICSEARCH_URI=
+
+# To use an external Postgres service:
+ALEPH_DATABASE_URI=postgresql://{{postgres_username}}:{{postgres_password}}@{{postgres_hostname}}/{{postgres_database}}
+
+# Define a different ftm entity store:
+# FTM_STORE_URI=postgresql://<username>:<password>@<host>/<database>
+
+# To run the Convert-Document service externally
+# INGESTORS_CONVERT_DOCUMENT_URL=http://<convert-document>:3000/convert
+
+# Queue mechanism
+# REDIS_URL=redis://redis:6379/0
+
+# Content options
+ALEPH_OCR_DEFAULTS=eng
+# ALEPH_LANGUAGES=en:de:fr:es:tr:ar ...
+
+# Provide a valid email to send alerts from:
+ALEPH_MAIL_FROM=
+ALEPH_MAIL_HOST=
+ALEPH_MAIL_USERNAME=
+ALEPH_MAIL_PASSWORD=
+ALEPH_MAIL_PORT=25
+ALEPH_MAIL_TLS=true
+ALEPH_MAIL_SSL=false
+ALEPH_MAIL_DEBUG=false
+
+# Debug mode (insecure)
+ALEPH_DEBUG=false
+
+# Read-only mode:
+# ALEPH_MAINTENANCE=true
+
+# Enable HTTP caching
+# ALEPH_CACHE=true
+
+# Configure logging
+LOG_FORMAT=TEXT  # TEXT or JSON

apps/open-justice/aleph.yml

@@ -0,0 +1,49 @@
+---
+- hosts:
+    - open-justice
+  become: yes
+
+  roles:
+    - geerlingguy.docker
+
+  vars:
+    postgres_password: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/POSTGRES')}}"
+    postgres_hostname: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/POSTGRES subkey=hostname')}}"
+    postgres_username: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/POSTGRES subkey=username')}}"
+    postgres_database: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/POSTGRES subkey=database')}}"
+    aleph_secret_key: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/ALEPH_SECRET_KEY')}}"
+    aws_access_key_id: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/AWS subkey=AWS_ACCESS_KEY_ID')}}"
+    aws_secret_access_key: "{{ lookup('passwordstore', 'apps/open-justice/{{ env_name }}/AWS')}}"
+
+  tasks:
+    - name: apt-get Update
+      apt:
+        update_cache: yes
+
+    - name: Install make
+      apt:
+        name: make
+        state: present
+
+    - name: Install git
+      apt:
+        name: git
+        state: present
+
+    - name: Map ElasticSearch Memory
+      become: yes
+      sysctl:
+        name: vm.max_map_count
+        value: 262144
+        state: present
+
+    - name: Clone Aleph repo
+      become: yes
+      git:
+        repo: https://github.com/alephdata/aleph.git
+        dest: /var/open-justice/aleph
+
+    - name: Set up env file
+      ansible.builtin.template:
+        src: aleph.env
+        dest: /var/open-justice/aleph

inventory/prod.yml

@@ -38,7 +38,6 @@ all:
         idp1-aws.openup.org.za:
         pmg1-aws.pmg.org.za:
         elasticsearch1-aws.pmg.org.za:
-        justice1-hetzner.openup.org.za:
 
 
 ## App groups
@@ -93,3 +92,6 @@ all:
         hetzner1.openup.org.za:
       vars:
         app_domain: search.opengazettes.org.za
+    open-justice:
+      hosts:
+        openjustice.openup.org.za: