Production Deployment¶
Automated production deployments of GovReady-Q can be accomplished using the separate repository govready-deployments.
The govready-deployments repo provides a runner and Python module skeletons for different automated deployments. Currently, only the docker-compose is functions fully.
1. Deployment Code Structure¶
Deployments are Python modules that reside in deployments. Each deployment module has the following structure:
.
└── https://github.com/GovReady/govready-deployments
└── deployments
├── docker_compose
│ └── deploy.py
│ └── init.py
│ └── undeploy.py
│ └── config-validator.json
├── aws
│ └── deploy.py
│ └── init.py
│ └── undeploy.py
│ └── config-validator.json
...
The deployment runner commands are:
deploy.py - The script that deploys the stack
undeploy.py - The script that removes the stack
init.py - The script that allows overriding of the configuration.json values
config-validator.json - JSON config that validates the user provided configuration.
2. Requirements:¶
Server with Internet access
3. Install:¶
Docker installed on Server (https://docs.docker.com/engine/installation/)
Docker Compose installed on Server (https://docs.docker.com/compose/install/)
Python (3+) installed on server (https://www.python.org/downloads/)
Git installed on server (https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
Make sure Docker is running before continuing.
The basic steps of deploying GovReady-Q on a remote Ubuntu 20.04 server running at the ‘govready.example.com’ are provided below. Adjust these steps appropriately for your server and environment.
4. Clone govready-deployments¶
Clone the govready-deployments repo.
ssh root@govready.example.com
cd <your/preferred/install/directory>
git clone https://github.com/GovReady/govready-deployments
cd govready-deployments
Note
You may install/move the ‘govready-deployments` to any desired location on your server.
5. Deployment Init¶
For a deployment to run, it must have it’s config-validator.json satisfied.
To satisfy those requirements you can:
Set Environment variables that match the keys from the config-validator.json
Set values in the configuration file created via the init.
Example:
# cd <your/preferred/install/directory>/govready-deployments
# Builds configuration.json based on the config-validator.json and skips the prompt
python3 run.py init --type docker_compose
Note
If both the configuration file and the environment variables are set, the configuration file takes precedence.
6. Configure¶
Edit the required paramenters in the generated configuration.json file. The below example shows common settings.
{ "ADMINS": [{"username":"admin", "email":"admin@example.com", "password":"SecretPassword"}], "ALLOWED_HOSTS": "", "BRANDING": "", "DATABASE_CONNECTION_STRING": "", "EMAIL_DOMAIN": "", "EMAIL_HOST": "", "EMAIL_PORT": "", "EMAIL_PW": "", "EMAIL_USER": "", "GIT_URL": "", "GR_IMG_GENERATOR": "", "GR_PDF_GENERATOR": "", "HOST_ADDRESS": "govready.example.com", "HOST_PORT_HTTP": "80", "HOST_PORT_HTTPS": "443", "MAILGUN_API_KEY": "", "MOUNT_FOLDER": "", "NGINX_CERT": "", "NGINX_KEY": "", "OIDC": "", "OKTA": "", "PERSIST_STACK": false, "PROXY_AUTHENTICATION_EMAIL_HEADER": "", "PROXY_AUTHENTICATION_USER_HEADER": "", "SECRET_KEY": "gl$3y#j-2vsm)-!4-)!_cj8$^6h^y9(@+&p0n%vig-po7u)tb5", "VERSION": "" }
Keys and Description - environment.json¶
Key |
Data Type |
Default |
Description |
---|---|---|---|
|
Object[] |
[] |
Used to configure a display point of contact “Administrator” on site and unrelated to the configuration of actual administrators configured in the database Ex: |
|
Object[] |
[] |
GovReady-Q’s approved list of host names provided as an array. If not provided, will default to HOST_ADDRESS. Example: |
|
string |
“” |
Full file path to GovReady-Q branding directory on Host custom branding. GovReady default branding will be used. |
|
string |
“postgres://postgres:PASSWORD@postgres_dev:5432/govready_q” |
If supplied, this is the DB connection used. See Database Support. Default will create a Postgres server in the docker-compose deployment for you. It will not have snapshots. |
|
string |
“” |
The email domain for interacting with a mail server. |
|
string |
“” |
The email domain for interacting with a mail server. |
|
string |
“” |
The email domain for interacting with a mail server. |
|
string |
“” |
The email port for interacting with a mail server. |
|
string |
“” |
The email user password for interacting with a mail server. |
|
string |
“” |
The email user for interacting with a mail server. |
|
string |
The git url for for retrieving the GovReady-Q repository to deploy. |
|
|
string |
Disabled |
Image generator binary name. Default is to disable this feature. |
|
string |
Disabled |
PDF generator binary name. Default is to disable this feature. |
|
string |
“govready.example.com” |
GovReady-Q’s public address as would be entered in a web browser. |
|
string |
“80” |
GovReady-Q’s public address HTTP port; defaults to 80. |
|
string |
“443” |
GovReady-Q’s public address HTTPS port; defaults to 443. |
|
string |
Disabled |
Mailgun API key to send emails if set. |
|
string |
Current directoy |
Mount folder to put artifacts, logs, etc. |
|
string |
“” |
Full file path to Nginx cert.pem on Host server to copy into NGINX container. |
|
string |
“” |
Full file path to Nginx key.pem on Host server to copy into NGINX container. |
|
string |
Disabled |
OIDC configuration object. |
|
string |
Disabled |
OIDC OKTA configuration object. |
|
string |
false |
Persist stack between runs. |
|
string |
Disabled |
Proxy Authentication User header. |
|
string |
Disabled |
Proxy Authentication Email header. |
|
string |
“gl$3y#j-2vsm)-!4-)!_cj8$^6h^y9(@+&p0n%vig-po7u)tb5” |
Django Secret. |
|
string |
“main” |
GovReady-Q git branch version/tag to deploy. |
Note
These parameters can be set in the configuration.json file or as environmental parameters. For a complete list of configuration settings, visit:
https://github.com/GovReady/govready-deployments/blob/main/deployments/docker_compose/README.md.
7. Deploy¶
Deploy:
Arguments & Flags |
Description |
–config <config-file> |
JSON formatted file required to deploy |
–type <type> |
(Optional) Skip prompt and provide deployment type |
Example:
# Deploys using `configuration.json` using the `docker_compose` deployment solution
python3 run.py deploy --type docker_compose --config configuration.json
8. (Optional) Set up SSL from Let’s Encrypt¶
The default deployment will create a self-signed SSL certificate. You can optionally install a valid SSL Certificate from Let’s Encrypt if your server is reachable from the public Internet. (Follow these steps each time you deploy.)
# exec into nginx docker docker
exec -it govready-q_nginx_1 /bin/sh
# install certbot
apk add certbot certbot-nginx
# run certbot specifying your domain and respond to prompts
certbot --nginx -d govready.example.com
Note
To install your own certificates, specify the path on the Host server to your certificates in the configuration.json file so that your certificates will be copied into the NGINX container and used.
9. Remove Deployment¶
Tears down specified deployment.
Arguments & Flags |
Description |
–type <type> |
(Optional) Skip prompt and provide deployment type |
Example:
# Removes deployment using the `docker_compose` deployment solution
python run.py undeploy --type docker_compose