IAM user and Role creation for S3 connectivity (AWS)

An AWS Identity and Access Management (IAM) user is an entity that is created in AWS to represent the person or application that uses it to interact with AWS. A user in AWS contains a name and credentials. An IAM user with administrator permissions is different from the AWS account root user. One has to create an IAM user with a supported role to provide the connectivity between EC2 and S3. The role should have list, read, and write permissions.

Primary Steps:

Step 1: A SSL certificate must be uploaded if you are opting for the public mode of installation where you want to access cQube using a public API endpoint.

Note : You can ignore the above step if you are opting for localhost installation (single desktop).

Step 2: Clone the cqube-devops repository using following command

git clone https://github.com/Sunbird-cQube/cqube-devops.git

Step 3: Navigate to the directory where cQube is cloned or downloaded and checkout to the desired branch

cd cqube-devops/

git checkout release-v5.0.5(latest release branch)

Step 4: Navigate to the directory cqube-devops/ansible/ssl_certificates.

Copy the certificate and private key inside this cqube- devops/ansible/ssl_certificates folder.

Step 5 : If you are opting to pull the data from the NVSK instance, then make sure to upload the dimension files. If you do not want to pull the data, then you can ignore this step. (Applicable if you choose access type VSK).

If you are opting to pull data from an NVSK instance, then make sure to copy the dimension files inside cqube-devops/ansible/dimension_files

Once all the primary steps of uploading SSL certificates and dimensions are done, we can check prerequisites using the script.

Navigate back to cqube-devops directory

Step 6: Give the following permissions to the pre_requisites.sh file

sudo chmod u+x shell_scripts/pre_requisites.sh

Step 7: Run the pre_requisites script with non root user with sudo privileges

sudo ./shell_scripts/pre_requisites.sh

Step 8 : When steps 6 and 7 are done, you will see the feedback from status checks.

Step 9: Go through the feedback provided, and if you find any issues in red resolve them by following the hints provided. If everything is good then proceed with cqube deployment.

Deployment Process

Step 1: Connect to the cqube AWS ec2 instance

For linux and macOS:

• Download the .pem file which is generated while creating the EC2 instance

• Open the terminal and navigate to the folder where .pem file has been downloaded

• Then give the read permission to the .pem file using following command

sudo chmod 400 <aws.pem>

• Use the following command to connect to the instance

ssh -i <path_to_the_pem_file> <user_name>@<public_ip_of_the_instance>

For windows:

• Download the .pem file which is generated while creating the EC2 instance

• Use puttygen to connect to the instance.

• Refer following link to use puttyGen for connecting.

  https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Step 2: Refer to the prerequisites checklist section before starting the cqube deployment.- Link

Step 3: Navigate to cqube-devops directory and give the executable permissions to the install.sh file

sudo chmod u+x install.sh

Step 4: Install cQube with non root user with sudo privileges

sudo ./install.sh

Install.sh file contains a shell script where it will run shell scripts and ansible-playbook to setup the cQube

Step 5: Generation of domain specific configuration file - Please refer to the Hints provided and enter the values accordingly.

• access_type: Enter VSK, NVSK, or others.

a) VSK: To set up VSK for a state

b) NVSK: To establish a nationwide cQube deployment

c) Others: To set up cQube for other purposes.

• state_name: Enter the required state code by referring to the state list provided (this variable needs to be filled if you are opting for access_type as VSK; otherwise, it will get filled as NA by default).

• loginpage_status: Enter true if you want to enable the login screen for the CQUBE instance. Otherwise, enter false.

• data_pull_status: Enter true if you want to pull data from an NVSK instance, or else enter false. (You need to fill this variable if you have selected access_type as VSK; otherwise, it will get auto-filled with NA.)

• nvsk_api_endpoint: Enter the NVSK instance api endpoint if you selected true for data_pull_status; otherwise, it will get autofilled with NA.

Once all the above variables are filled, you get prompted with a preview of the domain-specific config file. Review the entered variables. If everything is correct, then type ‘no’ and proceed further, or else enter ‘yes’ and re-enter the variables correctly.

Step 6: Generation of a generic config file: refer to the hints provided and enter the config file accordingly.

• mode_of_installation: Enter public as you have opted for setting up cqube in AWS. (Possible values are public and localhost.)

• storage_type: Enter storage type as AWS. (Possible values are aws, azure, oracle, and local.)

• api_end_point: Enter the url in which the clock is to be configured.

• nginx_cert_file: Enter the name of the SSL certificate file that you uploaded in the SSL_certificates folder.

• nginx_key_file: Enter the name of the private key file that you uploaded in the ssl_certificates folder.

• Db_credentials: You will be prompted with default database credentials. If you want to continue with the same, enter no; otherwise, enter yes and proceed to enter your database credentials.

  • db_user_name ( Enter the postgres database username )

  • db_name ( Enter the postgres database name )

  • db_password ( Enter the postgres password )

• Readonly_db_credentials: You will be prompted with default read-only database credentials. If you want to continue with the same, enter no; otherwise, enter yes and proceed to enter your read-only database credentials.

1. read_only_db_user_name ( Enter the postgres database username )

2. read_only_db_password ( Enter the postgres password )

• Keycloak_credentials: You will be prompted with the default keycloak admin dashboard credentials. If you want to continue with the same, enter no; otherwise, enter yes and proceed to enter your keycloak credentials.

1. Keycloak_adm_name (Enter the keycloak admin name eg: admin)

2. Keycloak_adm_password (enter the keycloak admin password eg: Admin@123)

Step 7: Once the config file is generated, a preview of the config file is displayed, followed by a question where the user gets the option to re-enter the configuration values by choosing ‘yes’. If option ‘no’ is selected, then the install.sh moves to the next section.

Step 8: Generation of storage config file: Refer to the hints provided below and enter the config file accordingly.

• aws_access_key: Enter the aws s3 access key to access the s3 bucket.

• aws_secret_key: Enter the aws s3 secret key to access the s3 bucket.

• s3_bucket: By default, an s3 bucket is selected. If you get an error because the bucket already exists, type a unique bucket name and proceed further.

Step 9: A preview of the program_selector.yml file is displayed, followed by a question where the user gets an option to enable or disable the programs by choosing 'yes'. If option 'no' is selected, then the install.sh moves to the next section.

1. If access_type is selected as VSK, the following programs will be displayed: by default, all programs are selected, and the programs are publicly visible.

Note: If you are willing to select the programs, type yes, select the programs you want, and enter public or private for each program to enable or disable the login screen for programs (follow the hints provided).

2. If access_type is selected as NVSK, the following programs will be displayed: By default, all programs are selected, and the programs are publicly visible.

Note: If you are willing to select the programs, type yes, select the programs you want, and enter public or private for each program to enable or disable the login screen for programs (follow the hints provided).

Step 10: Once all the configuration files are generated, the script moves further to clone the cQube microservice repositories and deploy cQube

Step 11: If you selected data_pull_status as true, then you will see the data pulling APIs where the data gets pulled from the NVSK instance and processed in the VSK cQube Once installation is done, we need to wait 20 minutes to visualize the data on the cQube dashboard.

Step 12: Once the installation is completed, you will be prompted with the following messages and required reference urls:

(Note: The installation process is expected to take approximately 30-40 minutes.)

cQube Installed Successfully