Table of Content

1. Objective 

2. Hardware Requirements

3. IAM user and Role creation for S3 connectivity

4. IAM user and Role creation for AZURE Storage Blob Container connectivity

5. Local SDC Installation

6. cQube Deployment Process

7. Appendix

• AWS - Network Architecture

• Microservice Details

• cQube Deployment Procedure

Objective

This document mainly focuses on the hardware requirements/ AWS network architecture for installing cQube and the deployment process step-by-step.

Hardware Requirements

   Create an AWS EC2 or AZURE VM or in LOCAL SDC or Oracle VM instance with below configurations to install all the cQube micro services.

• Ubuntu 22.04 (supported) 

• 16 GB of System RAM (minimum requirement)

• 4 core CPU for AWZ, AZURE, LOCAL / 2 OCPU for ORACLE (minimum requirement)

• 250GB HDD

Security Group Configuration:

• Port 80 inbound from 0.0.0.0/0

• Port 443 inbound from 0.0.0.0/0

• 5432 inbound to the particular ip which needs access

Kong Configurations: ( already configured using one step deployment )

• 3000 will get routed to /ingestion

• 3001 will get routed to /spec

• 3003 will get routed to /generator

Domain Name:

• Create a domain name

• Configure cname of AWS ec2 or AZURE VM or LOCAL sdc  or ORACLE VM instance to the domain name

• Create a SSL certificate for the domain name.

IAM user and Role creation for S3 connectivity (AWS)

An AWS Identity and Access Management (IAM) user is an entity that is created in AWS to represent the person or application that uses it to interact with AWS. A user in AWS contains a name and credentials. An IAM user with administrator permissions is different from the AWS account root user. One has to create an IAM user with a supported role to provide the connectivity between EC2 and S3. The role should have list, read and write permissions.

IAM user and Role creation for AZURE Storage Blob Container connectivity

An AZURE Identity and Access Management (IAM) user is an entity that is created in AZURE to represent the person or application that uses it to interact with AZURE. A user in Azure contains a name and credentials. An IAM user with administrator permissions is different from the AWS account root user. One has to create an IAM user with a supported role to provide the connectivity between azure VM and blob container. The role should have list, read and write permissions.

IAM User:

• Create a IAM user

• Assign IAM policy to the user

• Download the Default Connection String and Azure account name and account name and container name

IAM Policy:

• Create a IAM policy from AZURE IAM

• Provide access to list, read and write the objects to  azure Blob container

For Local SDC installation

If a user opting for local installation, Enter storage_type as local. Then automatically install.sh will install and configure the minio application in localhost and it will set default username and password and it will create a minio bucket as well.

cQube Deployment Process FOR AWS

Step - 1: Connect to the cqube AWS ec2 instance

• For linux and macOS:

  • Download the .pem file which is generated while creating the EC2 instance

  • Open the terminal and navigate to the folder where .pem file has been downloaded

  • Then give the read permission to the .pem file using following command

  sudo chmod 400 <aws.pem>

• Use the following command to connect to the instance

ssh -i <path_to_the_pem_file>  <user_name>@<public_ip_of_the_instance>

• For windows:

  • Download the .pem file which is generated while creating the EC2 instance

  • Use puttygen to connect to the instance.

  • Refer following link to use puttyGen for connecting.

    • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Upgradation process for AZURE

Step - 1: Connect to the cqube Azure VM instance

• For linux and macOS:

  • Download the .pem file which is generated while creating the azure VM instance

  • Open the terminal and navigate to the folder where .pem file has been downloaded

  • Then give the read permission to the .pem file using following command

  sudo chmod 400 <aws.pem>

• Use the following command to connect to the instance

ssh -i <path_to_the_pem_file>  <user_name>@<public_ip_of_the_instance>

• For windows:

  • Download the .pem file which is generated while creating the azure VM instance

  • Use puttygen to connect to the instance.

  • Refer following link to use puttyGen for connecting.

    • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Upgradation process for LOCAL

Prerequisites to install cQube on local machine

• Ubuntu 22.04 (supported)

•  16 GB of System RAM (minimum requirement)

•  4 core CPU (minimum requirement)

•  Domain name (with SSL)

•  250 GB Storage

Step - 2: Clone the cqube-devops repository using following command

git clone https://github.com/Sunbird-cQube/cqube-devops.git      

Open

Step - 3: Navigate to the directory where cqube is cloned or downloaded and checkout to the desired release branch

cd cqube-devops/ && git checkout <branch_name>

Open

Step - 4: Give the following permissions to the install.sh file

sudo chmod u+x install.sh

Step - 5: Install cqube with non root user with sudo privileges

sudo ./install.sh

Install.sh file contains a shell script where it will run shell scripts and ansible-playbook to setup the cqube

Step - 6: User Input Variables - These are the variables which need to be entered by the user by following the Hint provided

• state_name ( Enter the required state code by referring to the state list provided )

• api_end_point ( Enter the url in which cqube to be configured )

• Storage_type (Enter the storage_type as aws or local or azure.  If User opting for aws You will be prompted with the following  AWS s3 credentials to enter and it will create the s3 bucket. If s3_bucket already exists it will prompt you to enter a unique s3 bucket name. And it will be generated in the config.yml.)

• s3_access_key

• s3_secret_key

• s3 bucket name

• Storage_type (Enter the storage_type as local, minio will install  and configure the minio username and minio password and create the minio bucket And it will be generated in the config.yml.)

• Storage_type (Enter the storage_type as Azure, If User opting for Azure you will be prompted with the following  Azure credentials to enter and it will create an azure container , if azure container exists it will prompt to enter a unique azure container name. And it will be generated in the config.yml.)

• azure_connection_string

• azure_account_name

• azure_account_key

Step - 7: Optional_variables- Database credentials contain default values. If the user wishes to enter their own credentials then the user should opt for yes to enter their credentials otherwise can opt for no when the question pops up

• db_user_name ( Enter the postgres database username ) 

• db_name ( Enter the postgres database name )

• db_password ( Enter the postgres password )

Step - 8: Optional_variables- Read Only Database credentials contain default values. If the user wishes to enter their own credentials then the user should opt for yes to enter their credentials otherwise can opt for no when the question pops up

• read_only_db_user ( Enter the read only postgres database username ) 

• read_only_db_password ( Enter the read onlypostgres password )

Step - 9: Keycloak_variables- Keycloak credentials with Keycloak admin user name and keycloak admin password.

• Keyclaok_adm_name (Enter the keycloak admin name eg: admin)

• Keyclaok_adm_password (enter the keycloak admin password eg: Admin@123)

Step - 10: Once the config file is generated, A preview of the config file is displayed followed by a question where the user gets an option to re enter the configuration values on choosing yes. If option no is selected then the install.sh moves to the next section.

Step - 11:  A preview of the program_selector.yml file is displayed followed by a question where the user gets an option to enable or disable the programs on choosing yes. If option no is selected then the install.sh moves to the next section.

Step - 12: Once the installation is completed, You will be prompted with the following messages and required reference urls.

cQube Installed Successfully!!

cQube ingestion api can be accessible using <domain_name>

Ingestion Usage Documentation :  

Schema Documentation :  

UI Usage Documentation :

Appendix

AWS - Network Architecture

The following steps define the cQube setup and workflow completion processes in AWS. cQube mainly comprises the areas mentioned below:

1. EC2 Server

2. IAM user and Role creation for S3 connectivity.

The cQube network setup process is described in the block diagram below:

Microservices Details

   Following are the details of the microservices which get installed in the cqube server.

• Ingestion-ms: The ingestion-ms is used to upload the data of the events, datasets, dimensions, transformers and pipeline. All these apis will be to ingesting the data into the cQube.

• Spec-ms: The spec-ms is used to import schema of the events, datasets, dimensions, transformers and pipeline. All these specs will be defined by the cQube platform prior to ingesting the data into the cQube. These specifications are derived by considering the KPIs as the Indicator.

• Generator-ms: The generator-ms is used to create the specs & transformers for the derived datasets. Performed aggregation logics, updating data to datasets based on transformation. Status update of file processing

• Nifi-ms: Apache NiFi is used as a real-time integrated data logistics and simple event processing platform

• Postgres-ms: Postgres microservice contains the schema and tables

• Nginx-ms: It is commonly used as a reverse proxy and load balancer to manage incoming traffic and distribute it to slower upstream servers

• Kong-ms: It is a lightweight API Gateway that secures, manages, and extends APIs and microservices.

• Dashboard-ms: It consists of an angular app, it is used to visualize the datasets present in postgres-ms in the form of charts. On run time it requests spec-ms to fetch data from postgres-ms and load it into the client side(Browser)

• Query_builder-ms: It consists of backend API, which consists of JWT,METRICS,QUERY apis 

JWT - it will generate a jwt token to restrict the other apis.

METRICS - it consists of menus for the navigation bar and dashboard cards.

QUERY - this api used for executing the SQL queries which integrated with Dashboard-ms.

LASTMODIFIED - this api will use for the last modified data  in the s3,azure and minio

cQube Deployment Procedure      

 Install.sh  file contains a shell script where it will run following shell scripts and ansible-playbook to setup the cqube

Basic_requirements.sh:

This script basically updates and upgrades the software packages in the server and installs the basic softwares such as 

• Python3

• Pip3

• Ansible

• Docker

• Docker compose

Config_file_generator.sh:

  This script is used to generate a configuration file which contains some constant values and few required variables should be entered by the user. Following are the variables which get added in the config file.

Note: Users should follow the Hints provided in the description and should enter the variables accordingly. If the entered value is wrong then an error message gets displayed and the user should modify the variable value accordingly.Constant Variables: These variables are auto generated

• System_user_name

• base_dir

• Private_ip

• aws_default_region

User Input Variables-These are variables which need to be entered by the user by following the Hint provided

• state_name ( Enter the required state code by referring to the state list provided )

• api_end_point ( Enter the url in which cqube to be configured )

• Storage_type (Enter the storage type as aws, azure or local

Storage_type is aws enter the below variables

• s3_access_key

• s3_secret_key

• s3 bucket name       

Storage_type is azure enter the below variables

• azure connection string

• azure account name

• Azure account key

• azure container  name

Storage_type is a local system that will automatically create the minio username and minio password and minio bucket.

• minio username

• minio password

• minio bucket

Minino can be accessed by Dashboard with http://localhost:9001 end point, here you can see the minio bucket which is created  by default and the username is minio admin and password is minio admin

Optional_variables - Database credentials contain default values. If the user wishes to enter their own credentials then the user should opt for yes to enter their credentials otherwise can opt for no when the question pops up

• db_user_name ( Enter the postgres database username ) 

• db_name ( Enter the postgres database name )

• db_password ( Enter the postgres password )

Optional_variables- Read Only Database credentials contain default values. If the user wishes to enter their own credentials then the user should opt for yes to enter their credentials otherwise can opt for no when the question pops up

• read_only_db_user ( Enter the read only postgres database username ) 

• read_only_db_password ( Enter the read only postgres password )

Once the config file is generated, A preview of the config file is displayed followed by a question where the user gets an option to re enter the configuration values on choosing yes. If option no is selected then the install.sh moves to the next section.

Repository_clone.sh:

   This script clones the following repositories in the microservices directory and checkout to the required release branch

• git clone

• git clone

• git clone https://github.com/Sunbird-cQube/generator-ms.git

• Git clone  

• git clone https://github.com/Sunbird-cQube/query-builder.git 

    Note: If the repository is already cloned then the script will pull the updated code.

Ansible-playbook:

Install.yml

      An install.yml ansible playbook gets triggered where it triggers the required roles to build the following microservices images.

• Ingestion-ms

• Spec-ms

• Generator-ms

• Postgres-ms

• Nifi-ms

• Dashboard-ms

• Query_builder-ms

• Kong-ms

• Nginx-ms

compose.yml:

      A docker compose ansible script gets triggered where it will up all the containers to running state.

      Note: The following commands can be used from the Ansible directory to down the containers and to start the containers, respectively.

• docker-compose -f docker-compose.yml down

• docker-compose -f docker-compose.yml up -d

     Once the installation is completed, You will be prompted with the following messages and required reference urls.

cQube Installed Successfully!!

 We can check the containers running status by using following command

• sudo docker ps