Skip to content

Commit

Permalink
Deploying to gh-pages from @ 2ca215b 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
kelvinqian00 committed Jan 8, 2024
1 parent 628e69c commit cc48866
Show file tree
Hide file tree
Showing 15 changed files with 31 additions and 31 deletions.
4 changes: 2 additions & 2 deletions authority.html
Original file line number Diff line number Diff line change
Expand Up @@ -164,10 +164,10 @@
}
</code></pre><p>Possible claims vary by identity provider, see the <a href='https://www.iana.org/assignments/jwt/jwt.xhtml'>comprehensive list here</a>. SQL LRS provides one additional value, <code>lrsql/resolved-client-id</code> that resolves to the following claims in order of precedence:</p><ol><li><code>client&#95;id</code></li><li><code>azp</code></li><li><code>aud</code> (if <code>aud</code> is a string)</li><li><code>aud&#91;0&#93;</code> (if <code>aud</code> is an array)</li></ol><p>Note that the request will fail if expected claims are not present on the token.</p><p>As with the normal authority template, you can provide a custom version by setting the <code>LRSQL&#95;OIDC&#95;AUTHORITY&#95;TEMPLATE</code> (<code>lrs.oidcAuthorityTemplate</code>) config variable.</p><p><a href='index.html'><- Back to Index</a></p>
<div class="footer">
&copy; 2021-2023 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
&copy; 2021-2024 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
<a href="https://github.com/yetanalytics/lrsql/blob/main/LICENSE" target="_blank">Licensed under the Apache 2.0 License</a> |
Contribute on <a href="https://github.com/yetanalytics/lrsql" target="_blank">GitHub</a>
<span class="build">Build: 8e7939d0cdabfd0f301185cbbbdaecdcaf205030</span>
<span class="build">Build: 2ca215ba51f88f24815f02f035567ebe59af8e81</span>
</div>
</div>
</body>
Expand Down
4 changes: 2 additions & 2 deletions aws.html
Original file line number Diff line number Diff line change
Expand Up @@ -126,10 +126,10 @@
</div>
<p><a href='index.html'><- Back to Index</a></p><h1 id="example&#95;aws&#95;deployment">Example AWS Deployment</h1><p>In order to make it easy to get started deploying the SQL LRS, included in this repository is a set of sample Amazon Web Services (AWS) CloudFormation Templates. When deployed, the templates create a scalable and secured cloud installation of the SQL LRS.</p><p><b>NOTE:</b> <em>This configuration is not one-size-fits-all and you may require a different configuration for your particular needs. It is provided for demonstration purposes only and can be used as a reference to adapt to your particular enterprise's needs. If you apply these templates in your own AWS account, it can and will incur charges from Amazon Web Services. Yet Analytics is in no way responsible for any charges due to applying and implementing these templates, and is in no way responsible for any outcomes of applying these templates or implementing SQL LRS. If your team is interested in consulting or support in setting up or maintaining a SQL LRS please <a href='https://www.sqllrs.com/contact'>contact Yet here</a></em>.</p><h3 id="deployment&#95;overview">Deployment Overview</h3><p>This deployment entails the creation of an Auto-Scaling Group of EC2 Servers containing the SQL LRS Application, an RDS Aurora Postgres Database Cluster, an Application Load Balancer and associated network resources and utilities. The installation also makes use of DNS and TLS Certificates as needed to enable a secure connection to the SQL LRS.</p><p>The way that these resources are deployed is through the use of CloudFormation Templates, which in this case are YAML files containing descriptions of all required resources and associations. The basic methodology is to visit AWS CloudFormation, provide the template files in the correct order, and provide the appropriate parameters for each template. The process takes about 20-30 minutes (which is mostly waiting for AWS to spin up the required resources).</p><h3 id="step&#95;1:&#95;preparation">Step 1: Preparation</h3><p>In this step we will not be deploying any templates but will instead be preparing the ancillary resources that the templates will need in order to deploy the LRS properly. All you need to start off with is an AWS Account, the rest is detailed here.</p><h4 id="domain">Domain</h4><p>Configuring a domain or subdomain will allow you to access the SQL LRS at that URL. If you have (or can acquire) the domain through AWS Route53, these templates provide automated DNS updates that will route the domain to the LRS upon deployment or update. If you already have the domain you will be using through another registrar, you will need to update a DNS record in your own registrar at the end of deployment in order to use the domain.</p><p>Note that if you do not use Route53 DNS you MUST provide one or more allowed CORS origins with the CORSAllowedOrigins LRS template parameter (see Step 4 below).</p><h4 id="tls&#95;certificate">TLS Certificate</h4><p>In these templates the Load Balancer expects to provide access to the LRS via HTTPS/443. You will need to either acquire a free Amazon Certificate Manager cert (highly recommended) or import your own cert from another CA into ACM for use in the deployment.</p><h4 id="s3&#95;bucket&#95;(non-us&#95;regions&#95;only)">S3 Bucket (Non-US Regions Only)</h4><p>SQL LRS requires a Lambda function to create the application-level database user. For the following regions the code for this function is hosted by Yet Analytics and provided to the template automatically:</p><ul><li>us-east-1</li><li>us-east-2</li><li>us-west-1</li><li>us-west-2</li></ul><p>For other regions you will need to host your own bucket and provide this code manually:</p><ul><li>Create a new Amazon S3 bucket in the region in which you will deploy the template. Copy down the bucket name for use in the template parameters (see below).</li><li>In the <a href='https://github.com/yetanalytics/lrsql/blob/main/dev-resources/template/2_lrs.yml'>LRS CloudFormation Template</a>, look for the default value of the <code>DBInitFnVersion</code> parameter, it should be something like <code>0.0.2</code>.</li><li>Download the function code with the corresponding version from Yet's public bucket at <code>s3://yet-rds-db-init-deploy-us-east-1</code>. The file name will be in the format: <code>rds-db-init-v&lt;VERSION&gt;.zip</code>. For example, for version <code>0.0.2</code> the download location would be: <a href='https://yet-rds-db-init-deploy-us-east-1.s3.amazonaws.com/rds-db-init-v0.0.2.zip'>https://yet-rds-db-init-deploy-us-east-1.s3.amazonaws.com/rds-db-init-v0.0.2.zip</a>.</li><li>Place the zip file in the root of the bucket you just created. Copy down the name of the zip file.</li><li>When you launch the template (see below) provide your bucket name for the <code>DBInitFnBucketOverride</code> parameter. Provide the zip file name for the <code>DBInitFnKeyOverride</code> parameter.</li></ul><h4 id="database&#95;passwords&#95;in&#95;systems&#95;manager">Database Passwords in Systems Manager</h4><p>The deployment requires two passwords for the Postgres database. One 'Master' password provided to the database as it is created, and one 'App' password provided to SQL LRS to access the database. These passwords are managed in Systems Manager (SSM).</p><ul><li>Visit AWS Systems Manager</li><li>Go to 'Parameter Store'</li><li>Create two new parameters (Master and App Passwords)<ul><li>Name is up to you but you will need it later</li><li>For type choose SecureString</li><li>Value is the password, and must be 8-128 ASCII characters excluding /, &#8216;, or @</li></ul></li></ul><h4 id="ec2&#95;key-pair&#95;(optional)">EC2 Key-Pair (optional)</h4><p>If you foresee needing SSH access to the servers directly, you'll want to have the name of the EC2 Key-Pair of your choice ready to provide during deployment. In practice if you wish to SSH into the servers you will likely also need another EC2 instance (not covered in this guide) in a public subnet, because the servers themselves will be deployed into private subnets inaccessible from the internet directly.</p><h3 id="step&#95;2:&#95;networking&#95;(optional)">Step 2: Networking (optional)</h3><p>This step creates a VPC with two public subnets and two private subnets with routing and an internet gateway. For an advanced AWS user with an existing account this may not be needed or preferable, but either way at the end you will need two public and two private subnets, and the private subnets must have a NAT with outbound access to the internet and routing equivalent to the template. For simplicity, instructions in subsequent steps will assume you deployed this template.</p><ul><li>Go to AWS CloudFormation</li><li>Choose Create Stack (New Resources)</li><li>Choose 'Template is Ready' / 'Upload a template file'</li><li>Upload the Template <code>dev-resources/template/0&#95;vpc.yml</code></li><li>Click Next</li><li>Name the Stack, and review the CIDR ranges to make sure they do not conflict with existing network topology in your AWS account, and adjust as needed</li><li>Deploy the Stack</li></ul><p>After deployment is complete CloudFormation should give you access to an 'Outputs' tab which contains the details about the created subnets. You will be referencing these subnets extensively in the next steps, so it's advisable to keep this tab open.</p><h3 id="step&#95;3:&#95;database">Step 3: Database</h3><p>In this step you will deploy the Postgres Aurora database. The remainder of this guide will only cover the necessary parameters for deployment, and will assume that the default was accepted for all the others.</p><ul><li>Similar to Step 2, create and name a new stack and upload the DB template (1_db.yml)</li><li>Parameters<ul><li>DBMasterUsername: Create a username for the DB root user</li><li>DBMasterUserPasswordPath: Use the name selected in Systems Manager for the Master Password in Step 1</li><li>DBName: Choose desired database name</li><li>DBSubnets: Choose the two Private Subnets Created in Step 2</li><li>VPCId: Choose the VPC created in Step 2</li></ul></li><li>Deploy the Stack</li></ul><p>After deployment this stack will also have an 'Outputs' tab containing useful information for the next step.</p><h3 id="step&#95;4:&#95;lrs">Step 4: LRS</h3><p>This template deploys the application servers, the load balancer, and also a small AWS Lambda script which grants database access for application servers.</p><ul><li>Similar to previous steps, create and name a new stack and upload the LRS template (2_lrs.yml)</li><li>Parameters<ul><li>ALBCertARN: Copy the ARN from the ACM Certificate from Step 1</li><li>ALBHostName: (Optional) Set the desired (sub)domain name from Step 1</li><li>ALBHostedZone: (Optional) Set the Hosted Zone ID if the domain registrar is Route53 to enable automatic DNS management</li><li>ALBSubnets: Choose the two Public Subnets from Step 2</li><li>CORSAllowedOrigins: If you are using your own DNS and do not provide ALBHostName and ALBHostedZone above, put the HTTPS address of your LRS here, ie. <code>https://mydomain.com</code> to allow CORS requests.</li><li>DBStackName: Choose the name of the stack deployed in Step 3</li><li>DBAppUserName: Choose a desired database username for the application</li><li>DBAppUserPasswordPath: Use the name selected in Systems Manager for the App Password in Step 1</li><li>DBSubnets: Select the two Private Subnets from Step 2</li><li>DefaultAdminPass: Enter a temporary seed password for the LRS Admin login (for first login). <strong>NOTE: You will NOT be able to see this password after you set it, so please write it down!</strong></li><li>DefaultAdminUser: Enter initial seed username for LRS Admin Login</li><li>InstanceKeyName: (Optional) Enter the name of your preferred EC2 Key-Pair from Step 1</li><li>InstanceSubnets: Choose the two Private Subnets from Step 2</li><li>LogGroupPrefix: Leave this at the default: <code>/yet/lrsql/</code></li><li>LogGroupRetentionInDays: Leave this at the default of 7 (days)</li><li>LrsVersion: Select the desired version of SQL LRS from the GitHub Releases page <a href='https://github.com/yetanalytics/lrsql/releases'>here</a></li><li>DBInitFnVersion: Leave this at the default value</li><li>DBInitFnBucketOverride: Leave this blank unless you are deploying to a region outside of the US, in which case see the instructions in the S3 Bucket section of Step 1</li><li>DBInitFnKeyOverride: Leave this blank unless you are deploying to a region outside of the US, in which case see the instructions in the S3 Bucket section of Step 1</li><li>VPCId: VPC Created in Step 1</li></ul></li><li>Deploy the Stack</li></ul><p>If all goes well, the LRS should be fully deployed. In the 'Outputs' tab of this stack you will find two outputs, <code>LrsAddress</code> and <code>LBEndpoint</code>. If you used an AWS Route53 hosted zone you should be able to visit the LRS by following the <code>LRSAddress</code> URL as soon as DNS propagates. If you did not you will need to create an A record in your domain's registrar pointed to the value in <code>LBEndpoint</code>. Once the LRS is accessible you will be able to use <code>DefaultAdminUser</code> value from this template to log in for the first time.</p><p><a href='index.html'><- Back to Index</a></p>
<div class="footer">
&copy; 2021-2023 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
&copy; 2021-2024 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
<a href="https://github.com/yetanalytics/lrsql/blob/main/LICENSE" target="_blank">Licensed under the Apache 2.0 License</a> |
Contribute on <a href="https://github.com/yetanalytics/lrsql" target="_blank">GitHub</a>
<span class="build">Build: 8e7939d0cdabfd0f301185cbbbdaecdcaf205030</span>
<span class="build">Build: 2ca215ba51f88f24815f02f035567ebe59af8e81</span>
</div>
</div>
</body>
Expand Down
4 changes: 2 additions & 2 deletions dev.html
Original file line number Diff line number Diff line change
Expand Up @@ -134,10 +134,10 @@
| {&quot;verb&quot; &quot;https://w3id.org/xapi/video/verbs/seeked&quot;} | 20 | 3 | 33 | 18 | 604 |
</code></pre><p><a href='index.html'><- Back to Index</a></p>
<div class="footer">
&copy; 2021-2023 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
&copy; 2021-2024 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
<a href="https://github.com/yetanalytics/lrsql/blob/main/LICENSE" target="_blank">Licensed under the Apache 2.0 License</a> |
Contribute on <a href="https://github.com/yetanalytics/lrsql" target="_blank">GitHub</a>
<span class="build">Build: 8e7939d0cdabfd0f301185cbbbdaecdcaf205030</span>
<span class="build">Build: 2ca215ba51f88f24815f02f035567ebe59af8e81</span>
</div>
</div>
</body>
Expand Down
4 changes: 2 additions & 2 deletions docker.html
Original file line number Diff line number Diff line change
Expand Up @@ -172,10 +172,10 @@
CMD &#91;&quot;/lrsql/bin/run&#95;postgres.sh&quot;&#93;
</code></pre><p>The resulting image will use the provided configuration file and run Postgres. See <a href='startup.html'>Getting Started</a> for more configuration information.</p><p><a href='index.html'><- Back to Index</a></p>
<div class="footer">
&copy; 2021-2023 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
&copy; 2021-2024 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
<a href="https://github.com/yetanalytics/lrsql/blob/main/LICENSE" target="_blank">Licensed under the Apache 2.0 License</a> |
Contribute on <a href="https://github.com/yetanalytics/lrsql" target="_blank">GitHub</a>
<span class="build">Build: 8e7939d0cdabfd0f301185cbbbdaecdcaf205030</span>
<span class="build">Build: 2ca215ba51f88f24815f02f035567ebe59af8e81</span>
</div>
</div>
</body>
Expand Down
4 changes: 2 additions & 2 deletions endpoints.html
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,10 @@
}
</code></pre><h4 id="admin&#95;account&#95;routes">Admin Account Routes</h4><ul><li><code>POST http://example.org/admin/account/login</code>: Log into an existing account. The request body must be a JSON object that contains <code>username</code> and <code>password</code> strings. The response body contains a newly generated JSON Web Token (JWT) on success. A <code>401 UNAUTHORIZED</code> status code is returned if the credentials are incorrect.</li><li><code>POST http://example.org/admin/account/create</code>: Create a new admin account. The request body must be a JSON object that contains <code>username</code> and <code>password</code> strings. The endpoint returns a JSON object with the ID (UUID) of the newly created user on success, and returns a <code>409 CONFLICT</code> if the account already exists.</li><li><code>DELETE http://example.org/admin/account</code>: Delete an existing account. The JSON request body must contain a UUID <code>account-id</code> value. The endpoint returns a JSON object with the ID of the deleted account on success and returns a <code>404 NOT FOUND</code> error if the account does not exist.</li><li><code>GET http://example.org/admin/account</code>: Return an array of all admin accounts in the system on success.</li><li><code>GET http://example.org/admin/me</code>: Returns the currently authenticated admin accounts on success.</li></ul><h4 id="admin&#95;credential&#95;routes">Admin Credential Routes</h4><ul><li><code>POST http://example.org/admin/creds</code>: Create a new credential pair, with the specified scope values given by the <code>scopes</code> property in the request body.</li><li><code>PUT http://example.org/admin/creds</code>: Update an existing credential pair, given by <code>api-key</code> and <code>secret-key</code> properties in the request body, with the new scopes given by the <code>scopes</code> property.</li><li><code>GET http://example.org/admin/creds</code>: Read all credential pairs and their associated scopes for a particular account (denoted by the JWT).</li><li><code>DELETE http://example.org/admin/creds</code>: Delete an existing credential pair, given by the <code>api-key</code> and <code>secret-key</code> properties in the request body, as well as any associated scopes.</li></ul><h4 id="misc&#95;admin&#95;routes">Misc Admin Routes</h4><ul><li><code>GET http://example.org/admin/env</code>: Get select environment variables about the configuration which may aid in client-side operations. Currently returns a map containing the configuration variables <code>urlPrefix</code> and <code>enableStmtHtml</code>.</li><li><code>DELETE http://example.org/admin/agents</code>: Runs a <em>hard delete</em> of all records of an actor, and associated records (statements, attachments, etc). Intended for privacy purposes like GDPR. Body should be a JSON object of form <code>{&quot;actor-ifi&quot;:&lt;actor-ifi&gt;}</code>. Disabled unless the configuration variable enableAdminDeleteActor to be set to <code>true</code>.</li></ul><p><a href='index.html'><- Back to Index</a></p>
<div class="footer">
&copy; 2021-2023 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
&copy; 2021-2024 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
<a href="https://github.com/yetanalytics/lrsql/blob/main/LICENSE" target="_blank">Licensed under the Apache 2.0 License</a> |
Contribute on <a href="https://github.com/yetanalytics/lrsql" target="_blank">GitHub</a>
<span class="build">Build: 8e7939d0cdabfd0f301185cbbbdaecdcaf205030</span>
<span class="build">Build: 2ca215ba51f88f24815f02f035567ebe59af8e81</span>
</div>
</div>
</body>
Expand Down
4 changes: 2 additions & 2 deletions env_vars.html

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions https.html
Original file line number Diff line number Diff line change
Expand Up @@ -152,10 +152,10 @@

</code></pre><p><a href='index.html'><- Back to Index</a></p>
<div class="footer">
&copy; 2021-2023 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
&copy; 2021-2024 <a href="https://www.yetanalytics.com" target="_blank">Yet Analytics Inc.</a> |
<a href="https://github.com/yetanalytics/lrsql/blob/main/LICENSE" target="_blank">Licensed under the Apache 2.0 License</a> |
Contribute on <a href="https://github.com/yetanalytics/lrsql" target="_blank">GitHub</a>
<span class="build">Build: 8e7939d0cdabfd0f301185cbbbdaecdcaf205030</span>
<span class="build">Build: 2ca215ba51f88f24815f02f035567ebe59af8e81</span>
</div>
</div>
</body>
Expand Down
Loading

0 comments on commit cc48866

Please sign in to comment.