At DIVOC (“we” or “us” or “our”) we respect the privacy of our users (“user” or “you” also referred to as ‘your’) and are committed to protecting it. Hence, we maintain the highest standards for secure activities , user information/data privacy and security.

This Privacy Policy explains what information we collect about you and why.

What is DIVOC?

DIVOC (Digital Infrastructure for Verifiable Open Credentialing) is an open-source digital platform that has enabled governments across the world to issue, distribute and verify secure and tamper-proof COVID-19 vaccination and test result digital certificates, at scale. DIVOC, a Digital Public Good (DPG) by eGov Foundation, is designed in accordance with precise international specifications, is recognised by 120 countries globally and is compliant with WHO and EU standards.

DIVOC refers to the services being provided through the DIVOC platform. To know more about the services provided, please refer to our website.

Through DIVOC, any implementing partner (national governmental bodies, department, local bodies & their agencies) corporate/private bodies (utility services) (Service Providers) can use DIVOC website/application/services in different ways such as for issuing and verifying certificates, set up registries for streamlines public health program executions, etc.

ADHERENCE TO DATA PRIVACY PRINCIPLES

The DIVOC data dictionary follows the WHO DDCC:VS which includes compliance with principles of legitimate use, fair processing, accountability, transparency, purposeful, proportional, minimal and lawful collection, usage, storage and disclosure of personally identifiable information (“PII”), confidentiality and security of data.

WHAT DATA DO WE COLLECT?

DIVOC collects information/data (“data”) to improve and provide better public health programme execution. We collect and process PII such as your first name, last name, parent’s/guardian’s name, address, unique identifier, nationality, date of birth, mobile number, age, gender, identification documents, vaccine details (batch number, dosage number, date of vaccination, total number of doses, country of vaccination).

We may collect data such as vaccine manufacturer, vaccine market authorisation holder, vaccine administering centre, health worker identifier, due date of next dose, certificate valid from, certificate valid from and to period, certificate issuer and health certificate identifier ( certificate id).

We collect information such as Internet Protocol (IP) addresses, domain name, browser type, operating system, date and time of the visit, pages visited, IMEI/IMSI number, device ID, location information, language settings, handset make & model etc. However, no attempt is made to link these with the true identity of individuals visiting the relevant our website, implementing partner or service providers application or platform.

The information collected by us shall depend on the need of the service providers and interests of the users. Datasets collected shall be subject to change from time to time. Such changes shall be reflected in the privacy policy of the service provider (if nature of data changes from the service provider perspective) or our website’s privacy policy (if we change the nature of data collected).

FOR OUR WEBSITE

The internet address associated with your computer, the type of web browser you use, your operating system, the site that referred you to us, the pages you visited, and the dates and times of those visits.

HOW DO WE COLLECT THIS DATA?

DIVOC collects data directly from the user (when the user uses our services) as and when you register and login into the service providers app/website. DIVOC may also collect data from national governments (union, state, and local governments or any other governing body, including their agents/employees), private bodies (only after our data protection and privacy guidelines are adhered to) as well as receive data that is available openly for public use.

We also collect data that any visitor to our website consensually provide to us (for example, data provided to make a complaint, customer query, or to subscribe to our emailing list).

HOW DO WE STORE THIS DATA?

Your data is stored in a secure manner on the implementation partner provided space. It does not allow your data to be visible to anyone, except persons who are authorised to do so by virtue of their official role. Unless indicated otherwise, this data will be retained for a minimum period as per implementing countries laws and a maximum period of as per implementing countries' laws. You can review and edit your data, as well as delete your data from the app/website by following the procedures as per implementing countries laws.

You may delete your account any time you wish. In case of deletion, we will remove all your PII from the system, so that it is not visible and/or accessible from any regular operation.

After deletion, in case you wish to recreate your profile, the same is permissible and none of the previously captured information will be populated automatically. You need to register as a fresh user.

If you simply delete/remove the application from your mobile device but do not delete your profile or unregister yourself from the app/website, you shall continue to be a registered user of the app and we shall continue to send you all communications that you have opted for unless and until you opt-out of such communications, or as per implementing countries laws.

In case you surrender/disconnect your registered mobile number it is recommended to delete your profile or unregister yourself from the application also.

WHY AND HOW DO WE PROCESS, DISCLOSE, AND/OR SHARE THIS DATA?

We collect only such data as serves these objectives. Specifically:

• We process this data as necessary to provide you with the services you are requesting (for example, to get your vaccination certificate issued or verified) through the service providers application (for example, in India, the CoWin app is the national government’s application used by citizens for issuance of vaccination certificates).

• We may process, disclose, or share certain metadata, as well as aggregated and anonymised data, in order to assess and improve the status of such service delivery over time.

• We may disclose or share this data to/with employees and/or contractors of the government agencies, service providers, whose role requires them to view or use this information in order to perform their official duties, including providing you the service(s) you are requesting.

• Resolving any disputes that may arise with respect to the transactions/deals that you may conduct using the service providers app/website.

• Detecting, investigating and preventing activities that may violate our policies or that may be illegal or unlawful.

• Conducting research or analysing the user preferences and demographics as statistical data and not as individual data.

• We may disclose or share this data in order to comply with the law or any legal process, including when required in judicial, arbitral, or administrative proceedings.

• Payments made through the government’s or service providers App/website are processed via secure payment gateways.

We will not process, disclose, or share your data except as described in this policy or as otherwise authorised by you.

This website/ (“Website”) has been developed and is being maintained by eGov Foundation (“eGov”). This Website provides information related to the digital infrastructure called DIVOC developed by eGov. The Website is an invitation for users to learn about DIVOC, its building blocks, various use-cases, access technical documentation, and engage with the DIVOC community to learn how to use and/or adopt eGov Foundation (“Purpose”).

eGov Foundation is a not-for-profit registered as a Trust, having its office at 147/J , first floor, 10th Cross, 12th Main, Koramangala 3rd Block, Bangalore 560034.

By using the Website, you have accepted and agree to be governed by these Terms of Use (“Terms”), as may be amended from time to time. The terms ‘you’, ‘your’ refer to anyone who accesses, views or uses the Website. The terms "we", "us", "our" refer to the eGov Foundation.

Set out below are the Terms of Use of this Website:

Definitions

“Asset” means and refers to a piece of content or software code. A piece of content can be expressed as text, documents, presentations, scripts, graphics, photos, sounds, music, videos, audiovisual combinations, RLO (reusable learning object) or other such mediums of expression and other materials you may view on, access through, or contribute to the Website, and includes all postings on the Website by Users.

"Intellectual Property" shall singly or collectively mean to include, as the case may be, all patents, copyrights, trademarks, trade names, service marks, service names, designs and any other proprietary information or other similar right arising or enforceable under Indian law.

“DIVOC” (The Digital Infrastructure for Vaccination Open Credentialing) is an open-source platform that enables countries to digitally orchestrate large-scale health campaigns such as vaccination and certification programs.

“User” means and refers to all users of the Website who access the Website and Use the Assets on the Website in accordance with these Terms.

“Use” or “Using” means and refers to learning, finding, viewing, using, contributing to, modifying, replicating, downloading, and sharing Assets with other Users, through the Website.

ACCESS AND USE

As a User you represent and warrant that you are of legal age and are legally competent to consent to these terms (or if not, you've received your parent's or guardian's permission to Use the Website and they have agreed to these Terms on your behalf). If you’re agreeing to these Terms on behalf of a department, institution, organisation or legal entity, you represent and warrant that you are duly authorised to agree to these Terms on behalf of that department, institution, organisation or entity and these Terms are binding on them.

All Users shall have access to all the Assets available on the Website for the purpose of learning, finding, viewing, Using, contributing to, modifying, replicating, downloading, and sharing Assets with other Users, through the Website. It is possible that your access and Use of Assets on the Website may be disrupted due to technical or operational difficulties and with no prior notice of downtime. eGov Foundation makes no guarantee as to the continuous uptime and availability of the Website or the quality of Assets on the Website.

OBLIGATIONS OF USERS

You access the Website only to Use the Assets. You will be responsible and liable for any activity on the Website by you. You will not attempt any activity with respect to the Website that is in contravention of the laws of India and/or the laws of the jurisdiction in which you are presently located. You will follow these Terms of Use and all the policies of the Website.

INTELLECTUAL PROPERTY RIGHTS

The Website contains copyrighted material, trademarks and other Intellectual Property owned by the eGov Foundation. All our website content is licensed under the CC BY-ND 4.0 License. It allows users to share, copy and redistribute the material on giving appropriate credit to eGov Foundation without any changes or transformations of the content. You agree to abide by all licenses and copyright notices accompanying any Asset published on the Website. Any Asset (other than software code) you contribute to DIVOC or the Website is licensed under the Creative Commons Attribution-ShareAlike 4.0 International - CC BY-SA License.

You can share and adapt the licensed Assets under the terms of the same license, provided you cite the creator as eGov Foundation, or the relevant party if the creator is not eGov Foundation, include a link to the original publication on the Website with copyright notice, license notice and disclaimer notice, and indicate if changes were made. You may do so in any reasonable manner, but not in any way which suggests that eGov Foundation endorses you or your Use. For any assistance with contributing to DIVOC or the Website or understanding any license, please contact us at support.divoc@egovernments.org.

Assets that are software code and are released under DIVOC and made available on/through the Website are licensed under the MIT license reproduced below:

Copyright (c) 2022 eGov Foundation: Permission is hereby granted, free of charge, to any person obtaining a copy of all software and associated documentation files (the "Software") listed on this website under this ______, to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

PRIVACY POLICY

By Using the Website and/or by providing your information, if applicable, you consent to the collection and use of the information you disclose on the Website in accordance with our Privacy Policy. eGov Foundation takes the privacy of its Users very seriously. Please refer to our Privacy Policy for complete details.

LIMITED LIABILITY

We do not guarantee the accuracy, veracity, correctness, validity, usability, currency, of any Assets made available on or linked through the Website. We shall not be held responsible for any offensive or unlawful Asset posted, transmitted, sent or communicated through the Website.

DISCLAIMER

eGOV FOUNDATION PROVIDES THE WEBSITE ON AN "AS IS" BASIS AND GRANTS NO WARRANTIES OF ANY KIND WITH RESPECT TO THE WEBSITE. eGOV FOUNDATION SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, OR OF NON-INFRINGEMENT. ACCESS AND USE OF THE WEBSITE (INCLUDING ANY ASSET OR INFORMATION AVAILABLE ON/THROUGH THE WEBSITE) IS ENTIRELY AT YOUR OWN RISK.

INDEMNITY

You hereby agree to keep and hold the eGov Foundation, its directors, officers, employees and agents, fully indemnified and harmless from and against all claims, proceedings, penalties, damages, losses, actions, costs and expenses arising out of or in relation to your Use of the Website, your breach of these Terms, violation of any law, rules or regulations in relation to your Use of the Website.

TERMINATION

Any violation or breach of the Terms may lead to automatic suspension or termination of your access to the Website, including while investigating complaints or alleged violation of these Terms, or for use or attempt to use the Website for any purpose other than to share Assets.

ELECTRONIC AGREEMENT

This document is a written agreement and an electronic record and valid and enforceable electronic agreement / contract under Information Technology Act, 2000 (as applicable in Republic of India) and rules there under as applicable and the amended provisions pertaining to electronic records in various statutes under applicable Indian laws. This electronic record is generated by a computer system and does not require any physical or digital signatures. Your usage of the Website shall be your deemed acceptance of these Terms and all the modifications and updates thereto.

GOVERNING LAW AND DISPUTE RESOLUTION

These Terms shall be governed by the laws of India and any disputes or proceedings arising hereunder shall be subject to the jurisdiction of the courts in Bangalore.

DIVOC is an open source project (MIT license), and it is maintained by eGov Foundation.

Documentation is available at https://divoc.egov.org.in/ and source code is available at https://github.com/egovernments/DIVOC.

If you have questions, please visit our project discussions page.

Click here to know about the terms and conditions of using the DIVOC site.

Click here to know about DIVOC's privacy policy - short version for display.

Click here to know about DIVOC's privacy policy - detailed.

Click here to know about platform policy guidelines.

Click here to know about privacy policy recommendations.

Click here to know more about common infrastructure issues and their recovery.

All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.

At DIVOC (“we” or “us” or “our”) we respect the privacy of our users (“user” or “you” also referred to as ‘your’) and are committed to protecting it. Hence, we maintain the highest standards for secure activities, user information/data privacy and security. This Privacy Policy explains what information we collect about you and why.

Summary

We hope you read this entire privacy policy. However, if you are in a hurry, here is a brief overview of the most important point:

• Primarily we provide recommendations to implementing partners or service providers (include any governmental organisation, agency, department as well as private or corporate bodies) on certain privacy protecting principles and practices. They are advised to share it with citizens regarding their personally identifiable Information and how it is managed in DIVOC.

• DIVOC services follow the which includes compliance with principles of legitimate use, fair processing, accountability, transparency, purposeful, proportional, minimal and lawful collection, usage, storage and disclosure of personally identifiable information (“PII”), confidentiality and security of data.

• Through DIVOC any implementing partner (national governmental bodies, department, local bodies & their agencies) corporate/private bodies (utility services) (Service Providers) could collect the following datasets -

first name, last name, parent’s / guardian’s name, address, unique identifier, nationality, date of birth, mobile number (optional dataset), age, gender (optional dataset), identification documents (for example passport number), vaccine details (batch number, dosage number, date of vaccination, total number of doses, country of vaccination), payment information ().

• The service provider may collect data such as vaccine manufacturer, vaccine market authorisation holder, vaccine administering centre, health worker identifier, due date of next dose, certificate valid from, certificate valid from and to period, certificate issuer, and health certificate identifier (certificate id).

• For the upkeep and working of our website we collect information such as Internet Protocol (IP) addresses, domain name, browser type, Operating System, Date and Time of the visit, pages visited, IMEI/IMSI number, device ID, location information, language settings, handset make & model etc. However, no attempt is made to link these with the true identity of individuals visiting our website, implementing partner or service providers application or platform.

• The information collected by us shall depend on the need of the service providers and interests of the users. Datasets collected shall be subject to change from time to time, (please check our privacy policy for any updates/changes as well as changes in the service providers privacy policy).

• We provide a checklist to service providers for data protection , only after which they can install and use DIVOC. Click here to see the . We also provide them with to create privacy policies for their frontend applications.

• We do not store any of your data (for example, we do not store any persons medical history).

• We do not and will not share your information with third parties which you would have not been aware of and consented to sharing.

• We only collect data which you provide to us through the service provider or when you access our website (for example, data supplied by you on subscribing to our emailing list, or any grievance/complaint data).

All content on this page by is licensed under a .

Data backup policy recommendations

The following checklist should be followed for data protection:

• Implement least privilege, restrict users to only data and system information that is required to perform their tasks.

• The full backup of data should be taken once a day:

- Postgres DB

- Redis cache

- Kafka

- ETCD

• The full backups are retained for two weeks.

• Incremental backups (hourly) are retained for one day.

• Once the full backup is taken successfully, incremental backups can be purged.

• Backup files will be kept in a separate environment.

• Backup files will be encrypted before storing on another environment/server.

Authentication and password management

Authenticating the identity of a principal and verifying its authorisation to act are foundational controls that other security controls are built upon. Organisations should standardise on an approach to both authentication and authorisation. Consider the following authentication and password management:

• The communication channels need to be encrypted to protect authentication tokens. Use only HTTPS POST/GET requests to transmit authentication credentials.

• All keys, passwords, and certificates must be properly stored and protected.

• Disk level encryption should be implemented.

• All authentication controls must be enforced on a trusted system (such as the server). Partition site by anonymous, identified, and authenticated areas.

• Establish and use standard, tested, authentication services whenever possible.

• Use a centralised implementation for all authentication controls, including libraries that call external authentication services.

Error handling and logging

Exception handling is a programming concept that allows an application to respond to different error states (such as network down, database connection failure, etc.) in various ways. Handling exceptions and errors correctly are critical to making your code reliable and secure.

Error and exception handling occur in all areas of an application, including critical business logic as well as security features and framework code. Error handling is also important from an intrusion detection perspective. Certain attacks against your application may trigger errors, which can help detect attacks in progress. Consider the following:

• All logging controls should be implemented on a trusted system (such as the server).

• Restrict access to logs to only authorised individuals.

• All the system and system access logs should be enabled.

System configuration

The following checklist should be followed for system configurations:

• Ensure servers, frameworks, and system components are running the latest approved version.

• Ensure servers, frameworks, and system components have all patches issued for the version in use.

• Restrict the web server, process, and service accounts to the least privileges possible.

• When exceptions occur, fail securely.

• Remove unnecessary functionality and files.

• Remove test code or any functionality not intended for production, before deployment.

• Remove unnecessary information from HTTP response headers related to the OS, web-server version, and application frameworks.

• Implement a software change control system to manage and record changes to the code/ configuration/scripts in both development and production.

Privacy notice for citizens

We recommend that you include the privacy notice in the platform. This information should be shared by implementing countries with their citizens. The privacy notice should have the following sections:

1. Purpose of processing

2. What information is collected

3. Retention of information

4. Grievance officer details

5. Sharing of information with third parties

6. Usage of cookies, what information is stored in cookies

7. Security measures taken for processing/storing information

8. Rights of individuals

Privacy policy guidelines for an implementing country

We recommend that the following guidelines should be followed by a country that is implementing DIVOC:

• A citizen's consent should be collected against the privacy notice and a centralised database should be maintained to log consent provided by the citizen (wherever applicable).

• The privacy notice should ask people to connect with the privacy officer/grievance officer to exercise his/her right to withdraw their consent.

• Personal data should only be accessible to limited individuals. In case third parties require access to the application for administrative purposes, we recommend you de-identify personal information.

• Organisations should not retain the information for longer than it is required for the purpose for which the information was originally collected.

• A formal document should be created to define the roles and responsibilities of personnel having access to personal data stored in the application.

• Document an access matrix for the application. Ensure that regular reviews are conducted on the access matrix.

• Review user access rights vis-à-vis the roles defined regularly.

• Platform end-users (citizens) should be informed about the mechanisms to update their information through the privacy notice.

• Platform end-users (citizens) should be informed about the mechanisms to update their information through the privacy notice.

• Perform security testing on the application regularly. We also recommend that you fix all the vulnerabilities after the testing is performed, on-time.

• Sign agreements/contracts with third parties, wherever applicable, including relevant security and privacy clauses.

• Obtain explicit consent against the privacy notice from the individuals whenever sensitive personal data is processed.

Levels of Support

L1: It is the initial level of support provided by the user help desk. They help to screen the issues and typically handle queries like "how to," FAQs, user creation, password resets, etc.

L2: It deals with support tickets that can be resolved by doing basic configuration in the application or suggesting workarounds. Other activities typically include environment management e.g. server monitoring, server management etc. For L2 support, we expect a team of infrastructure management-related skill sets.

L3: It deals with tickets typically requiring minor country-specific code changes (certificate templates, logo, UI, and not core platform code), analysis of changes in new/patch versions, data queries, handling environment issues that cannot be resolved by L2 staff. For L3 support, we expect a team of software engineering-related skill sets.

L4: It deals with tickets related to product enhancements or product defects. This would typically be worked on by the DIVOC team, which, in turn, will either release a hotfix, patch release, or bundle it in the next release, or defer/deprioritise.

Troubleshooting Guide for L2

1. If you are getting the response as 401:

• Possible causes: Token has expired.

- Check access token is valid or correct for API call.

• Action to be taken:

- Open postman.

- Create a POST request to /auth/realms/divoc/protocol/openid-connect/token endpoint.

- Add the following parameters:

client-id as admin-api

Grant-type as client-credentials

Client_secret as

- Once the request is sent, you will receive the auth_token as part of the payload.

- Modify the ADMIN_API_SECRET parameter within divoc-config.yaml file.

- Restart all the services using: kubectl rollout restart deployments -n <namespace of divoc installation>

2. If you are getting the response as 405:

• Action to be taken:

- Check if the Content-Type in the header section is set as ‘application/json’

- If not, set the Content-Type as ‘application/json’

3. If you are getting the response as 602:

• Action to be taken:

- Check if the payload is missing any parameter value like ‘preEnrollmentCode’, ‘recipient.name’, etc.

- If yes, add the missing parameter and check.

4. If you are getting the response as 400:

• Action to be taken:

- Check if the format of value in payload or json structure is as per the expected structure. For example - format of date value, dose count is number or string, etc.

- If not, correct the value type in the payload.

5. If you are getting the response as 504:

• Action to be taken:

- Check if the DIVOC system is reachable from the source system, or if the IP/domain of the DIVOC system is mapped correctly.

- If not, correct the IP/domain name or check the network.

6. If you are getting response as 502: Bad Gateway:

• Action to be taken:

- Check if all the DIVOC services required for the generation of certificates are up and running.

- Steps to be followed to check if required services are running:

Login in to the DIVOC server.

Go to the deployment folder.

Run this command: kubectl get pods -n <divoc namespace>

- If any of the pods are down and do not have an active running container:

Restart the pod with this command: kubectl rollout restart deployment

<name of the deployment which is down> -n <divoc namespace>

Run this command again: kubectl get pods -n <divoc namespace>

Validate if all the deployments are up again.

Check if you are able to generate the certificate.

- If you are still not able to generate the certificate, then check the logs of deployments one by one using this command: kubectl logs -f deployment/<deployment_name> -n <divoc_namespace>

- If you find any errors in the logs or if the logs are not clear to you, share the logs with the L3 team for resolution of the issue.

7. If the gateway service is down:

• Action to be taken:

- Try restarting the gateway service: kubectl rollout restart deployment gateway -n <divoc_namespace>

- If the service does not start, look at the deployment logs and pass on the information to the L3 team: kubectl logs -f deployment gateway -n <divoc_namespace>

8. If you are trying to generate/update a certificate, check if the vaccination API service is down:

• Action to be taken:

- Try restarting the vaccination api service: kubectl rollout restart deployment vaccination-api -n <divoc_namespace>

- If the service does not start, look at the deployment logs and pass on the information to the L3 team: kubectl logs -f deployment vaccination-api -n <divoc_namespace>

9. If the certificate signer service is down:

• Action to be taken:

- Try restarting the certificate signer service: kubectl rollout restart deployment certificate-signer -n <divoc_namespace>

- If the service does not start, look at the deployment logs and pass on the information to the L3 team: kubectl logs -f deployment certificate-signer -n <divoc_namespace>

10. If the registry services are down:

• Action to be taken:

- Try restarting the registry service: kubectl rollout restart deployment registry -n <divoc_namespace>

- Try connecting to the database directly using the following command: psql -h <DB_ADDRESS> -U

a. If you are able to access the registry, look at the deployment logs and pass on the information to the L3 team: kubectl logs -f deployment registry -n <divoc_namespace>

b. If you are unable to connect to the database, restart the database and try connecting again. If the problem persists, reach out to the L3 team.

11. If you are trying to fetch the certificate, check if the certificate API services are down:

• Action to be taken:

- Try restarting the certificate api service: kubectl rollout restart deployment certificate-api -n <divoc_namespace>

- If the service does not start, look at the deployment logs and pass on the information to the L3 team: kubectl logs -f deployment certificate-api -n <divoc_namespace>

12. If the SMS/notification services are down:

• Action to be taken:

- Regenerate a new SMS Auth Key from the SMS provider.

- Update SMS_AUTH_KEY property in divoc-config.yaml.

- Restart notification service: kubectl rollout restart deployment notification-service -n <divoc_namespace>

13. If the services are taking a long time to return:

• Possible causes: Indexes not present in database.

• Action to be taken:

- Check if the following indexes are present for the following columns in VaccinationCertificate DB table in the database:

a. OSID

b. certificateId

c. Contact

d. Mobile

e. preEnrollmentCode in

- If they are not present, run the following commands:

a. CREATE INDEX CONCURRENTLY "public_V_VaccinationCertificate_preEnrollmentCode_sqlgIdx" ON "public"."V_VaccinationCertificate" ("preEnrollmentCode");

b. CREATE UNIQUE CONCURRENTLY INDEX "public_V_VaccinationCertificate_certificateId_sqlgIdx" ON "public"."V_VaccinationCertificate" ("certificateId");

c. CREATE INDEX CONCURRENTLY "public_V_VaccinationCertificate_contact_sqlgIdx" ON "public"."V_VaccinationCertificate" ("contact");

d. CREATE INDEX CONCURRENTLY "public_V_VaccinationCertificate_mobile_sqlgIdx" ON "public"."V_VaccinationCertificate" ("mobile");

e. CREATE INDEX CONCURRENTLY "public_V_VaccinationCertificate_osid_sqlgIdx" ON "public"."V_VaccinationCertificate" ("osid");

14. If signed certificates are not being created when vaccination events occur:

• Possible causes: Redis server is down.

• Possible actions:

- Check if you are able to connect to redis server using redis-cli: redis-cli -h <IP ADDR of server>

- If you are not able to connect, then restart the server.

a. SSH into the redis server.

b. List the redis-server process: sudo service redis-server status.

c. Fetch the process-id of redis-server.

d. Kill the redis-server process (sudo kill -9).

e. Restart redis-service process (sudo systemctl restart redis).

f. Confirm that we are now able to connect to redis-server using “redis-cli” command.

Infrastructure Issues

1. Increase the limit on the number of times a certificate could be updated:

Update the “divoc-config.yml” file with a new value (greater than the default value of 100) for “CERTIFICATE_UPDATE_LIMIT” property and apply it. Kubectl rollout restart deployment vaccination-api -n <divoc-namespace>

2. Pod is restarting frequently - If you run kubectl get pods -n and see that the number of pod restarts is high:

There can be multiple reasons why a pod restarts -

• CPU limit is exceeded by pods: Modify the deployment by increasing the requests and limits on CPU.

• Memory limit is exceeded by pods: Modify the deployment by increasing the requests and limits on memory.

• Memory issue in the machine on which Kubernetes (worker node) is installed. We can increase the number of worker nodes or increase the memory of the worker nodes and then recreate pods if necessary.

• Code issue: Sometimes there can be an issue with the code or the config might be missing. In such cased, we need to fix the bug.

3. Kubernetes cluster is not reachable from Kubeadm master node as SSL certs have expired:

If you encounter the following error:

#> kubectl version Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"} The connection to the server 135.122.6.50:6443 was refused - did you specify the right host or port?

Recovery steps are as follows:

1. Check if certs have expired: kubeadm alpha certs check-expiration --config=/root/kubernetes/kubeadm-config.yaml

2. Renew Certs:

• cd /etc/kubernetes/pki/

• mv

• {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt} ~/

• kubeadm init phase certs all --apiserver-advertise-address <Specify Master node LAN IP addr>

• cd /etc/kubernetes/

• mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} ~/

• kubeadm init phase kubeconfig al

3. Reboot server: reboot

4. After reboot ensure docker and all Kube* daemons are up docker ps | grep kube-apiserver

5. Mandatorily replace the config file with newly created one, to resolve “kubectl localhost:8080 connection refused” issue -

• mkdir -p $HOME/.kube

• sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

• sudo chown $(id -u):$(id -g) $HOME/.kube/config

6. Issue Kubectl commands

Resources:

Pre-reads:

Links to the development process and the environments (such as Github, Testing, etc):

Modifying vaccine certificate and template; Branding changes such as UI changes; Adding a new role; Changing the content to the verification page:

Wiki documentation & discussion forum: