deployment

Deployment

Overview

This document describes deployment of mosip-side-mediator and registration-processor-opencrvs-stage.

Prerequisites

The following command line utilities.

• psql, kubectl,helm,bash, curl, jq

Installation

• Set up mosip_opencrvs db:
  • Navigate to db_scripts/mosip_opencrvs.
  • Configure deploy.properties, with required secrets and hostname.
  • Then run:

    ./deploy.sh deploy.properties

• Create a new transaction type, 'OPENCRVS_NEW,' in the 'mosip_regprc/transaction_type' database table:

  INSERT INTO regprc.transaction_type(
  code, descr, lang_code, is_active, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes)
  VALUES
  ('OPENCRVS_NEW', 'OPENCRVS_NEW', 'eng', true, 'MOSIP_SYSTEM', CURRENT_TIMESTAMP, 'some_upd_by_value', CURRENT_TIMESTAMP, false, DEFAULT);

• Sync the OpenCRVS masterdata with MOSIP. (WIP. For now add some states and districts from OpenCRVS to MOSIP masterdata manually).
• Onboard a new credential type partner (using partner onboarding scripts, or via MOSIP PMP UI), with;
  • name like opencrvs-partner
  • generated certificates for MOSIP OpenCRVS Mediator
  • an auth_policy that has only UIN in sharableAttributes.
  • credential_type is opencrvs.
• After partner create, make sure that credential policy and partner are mapped with the credential_type opencrvs. Use this API to map:

  POST /v1/partnermanager/partners/{partnerId}/credentialType/opencrvs/policies/{policyName}
  

• Furthermore, change the following settings for the opencrvs-partner client (that was just created), in keycloak admin console, in Mosip realm.
  • Change Access Type to confidential.
  • Enable Standard Flow Enabled.
  • Enable Direct Access Grants Enabled.
  • Enable Service Accounts Enabled.
  • Disable rest of all properties.
  • Change Valid Redirect URIs to *.
• Give the following roles to this client, under Service Account Roles section:
  • SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL
  • PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL
• Apart from creating the partner keycloak client, create a new user with the same username as the partner name (that was previously given), with any password.
• Get certificate from OpenCRVS.
• Get the opencrvs_client_id opencrvs_client_secret_key opencrvs_client_sha_secret from OPENCRVS
• Get the mosip_opencrvs_partner_client_id mosip_opencrvs_partner_client_secret mosip_opencrvs_partner_client_sha_secret mosip_opencrvs_uin_token_partner from MOSIP
• During the execution of the install.sh script, it will prompt for the private key and public key. Please ensure to provide the certificates supplied by the MOSIP team when prompted.
• Run the following to install the mediator and components (The script will prompt for inputs):

  ./install.sh <cluster-kubeconfig-file>
  

• Share the details with OpenCRVS: auth_url(mosip keycloak url), partner_client_id, partner_client_secret, partner_username, partner_password.
• Share MOSIP OpenCRVS Mediator public Certificate (that was created above).

Uploading sample birth data

• Run the following in current directory, to upload sample birth data to mediator:

  curl -XPOST \
    -H "content-type: application/json" \
    -d @samples/sampleDataFromOpencrvs2.json \
    https://<opencrvs-hostname-for-mosip-mediator>/<mosip-mediator-webhooks-uri>

• Replace url with http://localhost:4545/webhooks if running locally.

Uninstallation

• Run:

  ./delete.sh <cluster-kubeconfig-file>