description |
---|
DIGIT Automation on AWS |
Following are the pre-requisites and installation steps for setting up DIGIT on AWS:
- Install Golang:
- For Linux: Follow the instructions here to install Golang on Linux.
- For Windows: Download the installer using the link here and follow the installation instructions.
- For Mac: Download the installer using the link here and follow the installation instructions.
- Install Helm - DIGIT services are packaged with Helm Charts
- Install kubectl - CLI to connect to the Kubernetes cluster on your machine
- Install cURL - for making API calls
- Install Visual Studio Code - for better code visualization/editing capabilities
- Install Postman - to run digit bootstrap scripts
- Install Terraform - to provide infrastructure on AWS
- Install AWS CLI and IAM Authenticator
Once you have installed all these pre-requisites, you are ready to set up DIGIT and its services.
To provision infrastructure and set up DIGIT, follow the steps below:
-
Clone the DIGIT-DevOps repository:
-
Navigate to the cloned repository and checkout the release-1.28-kubernetes branch:
cd DIGIT-DevOps git checkout release-1.28-kubernetes
-
Check if correct credentials are configured using the command:
aws configure list
Make sure that the above command reflects the set AWS credentials. Proceed once the details are confirmed. (Refer to the AWS document in case of any doubts on how to set the credentials: Configuring the AWS CLI - AWS Command Line Interface )
-
Generate ssh key pairs using either method (a) or method (b).
a. Using online website (not recommended in production setup. To be only used for demo setups): https://8gwifi.org/sshfunctions.jspb. Using openssl :
openssl genpkey -algorithm RSA -out private_key.pem openssl rsa -pubout -in private_key.pem -out public_key.pem
-
Add the public key to your github account - (reference: https://www.youtube.com/watch?v=9C7_jBn9XJ0&ab_channel=AOSNote )
-
Open input.yaml file in vscode. You can use the below code to directly open it in VS code:
code infra-as-code/terraform/sample-aws/input.yaml
If the command does not work you can manually go and open the file in VS code. Once the file is open, fill the inputs. (In case you are not using vscode, you can open it any editor of your choice)
-
Fill in the inputs as per the regex mentioned in the comments.
-
Open egov-demo-secret.yaml and add DB password (line number 5), flywayPassword (line number 7) and private key.
code config-as-code/environments/egov-demo-secrets.yaml
Make sure the DB password and flywayPassword are same. Private key has to be added inside git-sync key against ssh key (line number 37).
-
Go to infra-as-code/terraform/sample-aws and run init.go script to enrich different files based on input.yaml.
cd infra-as-code/terraform/sample-aws go run ../scripts/init.go
-
Navigate to the remote-state folder and run terraform to create a S3 bucket and DynamoDB.
cd remote-state
terraform init
terraform plan
terraform apply
-
Navigate back to sample-aws folder and run terraform to provision infrastructure for DIGIT.
cd ..
terraform init
terraform plan
terraform apply
(Add the same DB password which you have added in egov-demo-secret.yaml when prompted after running terraform apply)
-
Execute the following command to generate a kubeConfig file and update the volumeIds, DB URL, and other relevant details in the egov-demo.yaml file.
terraform output -json | go run ../scripts/envYAMLUpdater.go
-
Run the export KUBECONFIG command shown on terminal. (Note: The exact command to run will be printed on terminal. It will be something like this: export KUBECONFIG=<LOCAL_KUBECONFIGPATH> )
-
Run the digit-installer.go script to install DIGIT using the following command:
cd ../../../deploy-as-code/deployer go run digit_installer.go
-
Once the deployment is done get the CNAME of the nginx-ingress-controller:
kubectl get svc nginx-ingress-controller -n egov -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
The output of this will be the something like this:
ae210873da6ff4c03bde2ad22e18fe04-233d3411.ap-south-1.elb.amazonaws.com
Add the CNAME to your domain provider against your domain name.
Follow the steps below to set up seed data:
-
Import the provided postman collection.
-
Port-forward user pod using the following command -
kubectl port-forward <egov_user_pod> 8080:8080 -n egov
-
Hit super_user_creation cURL. This will create a super user with username as GRO and password as eGov@4321.
-
Open the accessToken_generation cURL. The credentials have already been populated. Change "{{YOUR_DOMAIN_NAME}}" placeholder to the domain name defined in input.yaml file while provisioning and hit the cURL.
-
In the response, you will get "access_token" field. Highlight this value, right click on it and set it as global "token "value.
-
Execute rainmaker common, rainmaker locality, rainmaker PGR localization and PGR workflow cURLs by changing "{{YOUR_DOMAIN_NAME}}" placeholder to the domain name defined in input.yaml file to setup localization and workflow seed data.
Follow the steps below to destroy the cluster once the demo is done:
-
Delete the nginx-ingress-controller service in the
egov
namespace using the below command and navigate to theinfra-as-code/terraform/sample-aws
directory:kubectl delete svc nginx-ingress-controller -n egov cd ../../infra-as-code/terraform/sample-aws terraform destroy
Run the Terraform destroy command to delete the cluster. -
To destroy the remote state bucket, first set the lifecycle value to false in the
main.tf
file in theremote-state
folder:lifecycle { prevent_destroy = false }
-
After making this change, go to the AWS console and empty the S3 bucket associated with the remote state.
-
Once the bucket is emptied, you can proceed to destroy the remote state bucket using the Terraform destroy command.