DIVOC
DIVOC 3.0
DIVOC 3.0
  • Introduction to DIVOC
    • What DIVOC is and what it's not
    • DIVOC Docs Index
  • Platform
    • Release Notes
      • DIVOC 2.0 Release Features
      • DIVOC 3.0 Release Features
    • Specification
      • API Documentation
      • Setting up DIVOC development environment
    • DIVOC's Verifiable Certificate Features 2.0
      • Creating a DIVOC Certificate
        • Overview of DIVOC’s digital certificates
        • What information is included in the DIVOC certificate?
        • DIVOC’s certificate generation service: How does it work?
        • Compliance with internationally used COVID-19 certificate schemas
      • Distributing a DIVOC Certificate
      • Updating a DIVOC Certificate
      • Revoking a DIVOC Certificate
      • Verifying a DIVOC Certificate
      • DIVOC's Native COVID-19 Certificate Specification
      • DIVOC’s EU-DCC Adapter Service
      • DIVOC’s SHC Adapter Service
      • Adding a User Type in DIVOC
      • Printing Certificates at a Facility
      • Normal QR Code Versus Signed/Verifiable QR Code
      • What Information Goes Into a QR Code?
      • WHO Master Vaccine Checklist
      • EU Master Vaccine Checklist
    • DIVOC's Verifiable Certificate Features 3.0
      • How to Configure a New Tenant?
      • How to Access the VC System and Generate Tokens
      • How to Generate Certificates
      • How to Fetch Certificates
      • How to Update Certificates
      • How to Revoke Certificates
      • How to Suspend Certificates
    • DIVOC Architecture
    • Installation
      • Skills needed to set up DIVOC
      • Implementation Checklist
      • Setting Up DIVOC in k8 Cluster
        • How to Install DIVOC
        • How to Install DIVOC for V3.0
        • Backup & Restore: Postgres, Clickhouse, Kafka, & Redis
        • Infrastructure Recovery
        • Server Hardening
    • Verifiable Credential (VC): Production Deployment
    • Configuration
      • Configuring the Certification and Verification Component
        • Generating Signed Key Pairs
        • Configuring certificates
          • Step 1: Create a certification generation request
          • Step 2: Configure the QR code content
          • Step 3: Configure the certificate template
        • How to set up the verification portal for implementation
        • How to configure the update certificate API
        • Configuring Environment Variables in 2.0
      • Configuration Management Via ETCD
        • Adding a New Vaccine and ICD-11 Mapping
          • Adding a New Vaccine and ICD-11 Mapping Using ETCD CLI
        • PDF Template Change for Vaccine Certificates
          • PDF Template Change for Vaccine Certificates via ETCD CLI
        • EU Vaccine Configurations
          • Adding a New Vaccine and its Mapping via ETCD CLI
        • Payload Changes in the QR Code
          • Payload Changes in the QR Code via ETCD CLI
    • Performance Report
  • Products
    • Issuing COVID-19 Vaccination Certificates in India
    • Issuing COVID-19 Test Reports in India
    • Issuing COVID-19 Vaccination Certificates in Sri Lanka
    • Issuing COVID-19 Vaccination Certificates in the Philippines
    • Issuing COVID-19 Vaccination Certificates in Jamaica
      • Troubleshooting
    • Issuing COVID-19 Vaccination Certificates in Indonesia
    • Open Events
      • Past Events
      • DIVOC in the Media
  • DIVOC Demo
    • Program Setup (Via Orchestration Module)
    • Facility App
    • Issue and Verify Certificates
    • Citizen Portal
    • Feedback
    • Analytics
  • Community
    • Roadmap
    • Partner Support
      • Terms and Conditions of Using the DIVOC Site
      • Privacy Policy: Short Version for Display
      • Privacy Policy: Detailed
      • Platform Policy Guidelines
      • Privacy Policy Recommendations
      • Troubleshooting Guide
    • Source Code
    • Discussion Forum
    • Issues
    • Project Repo
Powered by GitBook
On this page
  • Assumptions
  • Pre-requisites
  • Suggested servers for HA setup
  • Postgres and etcd
  • Kubernetes
  • Kafka and Zookeeper
  • Redis
  • Elasticsearch
  • Overview
  • Installation dependencies
  • Build Docker images
  • Install DIVOC application
  • Post installation
  • Create indexes on database tables
  1. Platform
  2. Installation
  3. Setting Up DIVOC in k8 Cluster

How to Install DIVOC

Assumptions

  • Use a Debian-based Linux distribution (preferably Ubuntu)

  • Experience in running simple shell and bash commands

Pre-requisites

  • Debian-based OS (Ubuntu)

  • sshpass

  • Ansible

  • GIT

  • kubectl

  • List of servers and ability to access them using key-based authentication

  • Server map to list servers against software

  • Access to the DIVOC installer repository

  • Access to the implementation-specific DIVOC code

Suggested servers for HA setup

The sizing and count of the servers can change based on the load requirements. However, for a truly HA setup, the following are the minimum requirements:

Postgres and etcd

3 servers for HA setup: one master and 2 replicas. The etcd cluster can also be set up on the same servers.

Kubernetes

6 servers: 3 for control plane (or master node can be relatively smaller sized instances) and 3 worker nodes (for deploying the application).

Kafka and Zookeeper

3 servers containing both Zookeeper and Kafka (Ideally Zookeeper and Kafka need to be installed on separate servers but we should be fine to install both on the same machine).

Redis

3 servers

Elasticsearch

3 servers

Docker-registry

1 server

Overview

There are three scripts that need to be run to complete the DIVOC installation process:

  1. Installing the prerequisites and setting various hardware clusters as detailed above.

  2. Building the pushing the docker images to the appropriate registry.

  3. Deploying code from the registry into Kubernetes cluster.

Installation dependencies

  1. Add the inventory details as per the comments present in the file.

  2. Run the install.sh present within the divoc-installer with the elevated privileges (we can also use nohup for running in the background):

sudo sh install.sh -i <path to inventory file>

  • It will install the dependencies like python3, ansible, etc.

  • It will install the applications and configure them on the servers mentioned in the inventory file.

Build Docker images

  • Run the build.sh file with elevated privileges.

sudo sh build.sh -d <IP Address of Docker Registry> -r <GIT REPO URL>

  • Default values for the Docker repository are from dockerhub.

Install DIVOC application

  1. Make a copy of the folder and change the internal script files to have the following configurations. It is recommended that you maintain your own configuration in a separate Github repository so that you have version control and backup (you require only the example folder, not the full repository).

a. Within the divoc-installer director, open the divoc-config.yaml file present within the deployment configuration directory and make the following changes:

- DB_HOST

- DB_USER

- DB_PASS

- DB_PORT

- KAFKA_BOOTSTRAP_SERVERS

- REDIS_URL

- CLICKHOUSE_URL

- AUTH_PRIVATE_KEY

- AUTH_PUBLIC_KEY

- CERTIFICATE_NAMESPACE

- CERTIFICATE_NAMESPACE_V2

- CERTIFICATE_CONTROLLER_ID

- CERTIFICATE_PUBKEY_ID

- CERTIFICATE_DID

- CERTIFICATE_ISSUER

- CERTIFICATE_BASE_URL

- CERTIFICATE_FEEDBACK_BASE_URL

- CERTIFICATE_INFO_BASE_URL

- CERTIFICATE_PUBLIC_KEY

- CERTIFICATE_PRIVATE_KEY

- CITIZEN_PORTAL_URL

b. Modify registry-deployment.yaml to change the following:

- connectionInfo_password

- connectionInfo_uri

- connectionInfo_username

- elastic_search_enabled

- registry_base_apis_enable

- taskExecutor_index_queueCapacity

- auditTaskExecutor_queueCapacity

- Signature_enabled

c. Modify keycloak-deployment.yaml to add the following information:

- DB_ADDR

- DB_DATABASE

- DB_PASSWORD

- DB_PORT

- DB_USER

- DB_VENDOR

- KEYCLOAK_USER

- KEYCLOAK_PASSWORD

- ENABLE_OTP_MESSAGE

- KAFKA_BOOTSTRAP_SERVERS

3. Run the deploy script to deploy the application on Kubernetes.

sudo sh deploy.sh -i <path to inventory file> -p <Directory containing Kubernetes Config files> -d <Private Docker Registry IP> -k <Kube Master Node IP> -s <Key file to access Kube Master>

Post installation

Create indexes on database tables

The indexes for efficient querying of the database tables do not get automatically created and hence need to be created manually. Execute registry_index.sql is present within the DIVOC codebase on the database. A restart of the registry service is required for this change to reflect.

Note: Database tables are only created when the first API request is received.

PreviousSetting Up DIVOC in k8 ClusterNextHow to Install DIVOC for V3.0

Last updated 2 years ago

Clone the repository available at .

Create an inventory file from the sample inventory file located at .

The Default value for the GIT repo is the master branch of the .

The sample default Kubernetes deployment files are available at .

All content on this page by is licensed under a .

https://github.com/egovernments/divoc-installer
https://github.com/egovernments/divoc-installer/blob/master/inventory.example.ini
https://github.com/egovernments/DIVOC.git
https://github.com/egovernments/divoc-installer/tree/master/kube-deployment-config-example
eGov Foundation
Creative Commons Attribution 4.0 International License
Creative Commons License