Middleware Setup on new ubuntu machine

# Middleware Setup on new ubuntu machine ### Add middleware user 1. ```sudo adduser --disabled-password --shell /bin/bash middleware_v2_user``` 2. ```sudo nano /etc/sudoers``` and then append this line ```middleware_v2_user ALL=(ALL) NOPASSWD: ALL``` 3. ```sudo apt install python3-venv libmysqlclient-dev gcc build-essential python3-dev -y``` ### Take git checkout 1. Switch to middleware_v2_user using ```sudo su middleware_v2_user``` 2. Create private-public key pair using command ```ssh-keygen``` 3. Upload the public key to ssh and gpg keys in github.com 4. Change to user home directory ```cd ~``` 5. ```git clone git@github.com:DataChannelTechnologies/DataChannelMiddlewareV2.git``` ### Install dependencies 1. Create virtualenv and install necessary dependencies ``` python3 -m venv .venv pip install --upgrade pip wheel setuptools pip install -r requirements.txt # You might face some errors so comment out the problematic dependencies accordingly pip install -r requirements.stage.txt ``` 2. Create the .env file and paste it's content: ```nano .env``` 3. Copy these files from older system to this system: ``` /home/middleware_v2_user/bigquery_creds.json /home/middleware_v2_user/datachannel-237710-service-account.json ``` ### Gunicorn and nginx setup 1. Try to test whether everything is working correctly till now by running ```gunicorn -b 0.0.0.0:5005 --workers=2 --threads=2 app:app``` 2. Create service file ```sudo nano /etc/systemd/system/middlewareV2.service``` and paste the following content: ``` [Unit] Description=Gunicorn instance for MiddlewareV2 After=network.target [Service] User=middleware_v2_user Group=www-data WorkingDirectory=/home/middleware_v2_user/DataChannelMiddlewareV2 Environment="PATH=/home/middleware_v2_user/DataChannelMiddlewareV2/.venv/bin" EnvironmentFile=/home/middleware_v2_user/DataChannelMiddlewareV2/.env ExecStart=/home/middleware_v2_user/DataChannelMiddlewareV2/.venv/bin/gunicorn -b 0.0.0.0:5005 --wor> Restart=always [Install] WantedBy=multi-user.target ``` 3. Install nginx: ```sudo apt install nginx```. Ref: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04 5. ```sudo systemctl enable nginx && sudo systemctl restart nginx``` 6. Edit the nginx sites-available file: ```sudo nano /etc/nginx/sites-available/middleware-stage.datachannel.co``` and paste this content: ``` upstream middleware-stage { server 127.0.0.1:5005; } server { listen 443; listen [::]:443; ssl on; ssl_certificate /etc/nginx/ssl/datachannel.co.chained.crt; ssl_certificate_key /etc/nginx/ssl/datachannel.co.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; error_log /var/log/nginx/error_log; index index.html index.htm index.nginx-debian.html; server_name middleware-stage.datachannel.co; location / { proxy_pass http://middleware-stage; proxy_read_timeout 120; } } ``` 6. Place the certificate files as mentioned in the above conf file and make sure they have only -rw (i.e chmod 600) permission 7. ```sudo systemctl restart middlewareV2.service``` 8. ```journalctl -u middlewareV2.service -e -f``` and make sure everything is working properly 9. To test the middleware, edit the ```/etc/nginx/sites-available/default``` file and update these 2 things so that nginx default page will point to middleware ``` upstream middleware-stage { server 127.0.0.1:5005; } ## Add the next directive inside server tag location / { proxy_pass http://middleware-stage; proxy_read_timeout 120; } ``` 10. Restart nginx and open it's default page. It should now show middleware's default page. ### Other dependent services 1. Setup `dc_validation.service` by just copying the service file from older machine. No need to create any environment or git cloning. ```[Unit] Description=DataChannelValidation Service After=network.target rabbitmq-server.service Wants=rabbitmq-server.service [Service] Type=simple User=middleware_v2_user Group=middleware_v2_user Restart=always EnvironmentFile=/home/middleware_v2_user/DataChannelMiddlewareV2/.env ExecStart=/bin/bash -c 'cd /home/middleware_v2_user/DataChannelMiddlewareV2;source /home/middleware_v2_user/DataChannelMiddlewareV2/env/bin/activate;celery --app=datachannel_validation.process_job worker -Q dc_validations_q -n validation_host' [Install] WantedBy=multi-user.target ``` 3. To test dc_validation.service, stop the service in the older machine and start it in this machine. In this way, it will start listening to the rabbitmq queue and will pick up any task which goes to that queue. 4. Setup `dc_async_middleware_tasks_q.service` by copying the file from previous system. Test it by using the same method as in step 2. ``` [Unit] Description=DataChannelAsyncTask Service for Middleware After=network.target rabbitmq-server.service Wants=rabbitmq-server.service [Service] Type=simple User=middleware_v2_user Group=middleware_v2_user Restart=always EnvironmentFile=/home/middleware_v2_user/DataChannelMiddlewareV2/.env ExecStart=/bin/bash -c 'cd /home/middleware_v2_user/DataChannelMiddlewareV2;source /home/middleware_v2_user/DataChannelMiddlewareV2/env/bin/activate;celery --app=async_tasks.task_register worker -Q dc_async_tasks_middleware_q --concurrency=2' [Install] WantedBy=multi-user.target ``` ### CI CD setup 1. Create a user gh-actions following the same steps as in middleware_v2_user 2. Add it's public key to github and take git clone of DataChannelScripts in `/home/gh-actions/DataChannelScripts` folder 3. Add `/home/gh-actions/DataChannelScripts/.env` file. 4. Setup venv and install requirement files. ### Final steps If everything is ok, change the DNS to point to this server and stop `middlewareV2, dc_validation and dc_async_middleware_tasks_q` services in the older system and start them here.