Prerequisites for Kubernetes

• Kubernetes cluster setup: Creating an Amazon EKS cluster
• DockerHub repository must be reachable from nodes.
• SSL certificates: Valid SSL certificates as per the DNS of the Core server, DB server, and the Kubernetes cluster.
• Kubectl, helm3 packages installed on the core server for installing pods and necessary permission should be available for deploying containers on the Kubernetes cluster.
• Helm charts downloaded to the core server into /tmp/{jiffy-install}/{helm}

  • Download helm charts into jiffycore server:
    wget –user {username} –ask-password downloads.jiffy.ai/4.6/Release/jiffy-helms-v4.6.zip
  • Extract the helm charts in jiffycore server: unzip jiffy-helms-v4.6.zip

Prerequisites for Core Server and DB Server

• SSH connectivity between core server and DB server (preferred method using the private key)
• Root user access should be available in both Core and DB servers.
• Ingress hostname should be resolvable from the Jiffy Core server.
• Repositories/Internet access should be provided on the DB server and Core server.

• If antivirus software is installed in the server: Jiffy, RabbitMQ, and Nginx installation directories must be whitelisted and do not allow these directories to scan through antivirus software.

  Recommended Repositories

  For RHEL Users	For CentOS
  rhel-7-server-rpms	epel-release
  rhel-7-server-extras-rpms	centos-release-scl
  rhel-7-server-optional-rpms	pypi.org
  rhel-server-rhscl-7-rpms
  epel-release
  pypi.org

• Download Artifacts to under /tmp/{jiffy-install} in core server

  • wget –user {username} –ask-password downloads.jiffy.ai/4.6/Release/jiffy-installation.tar.gz
  • wget –user {username} –ask-password downloads.jiffy.ai/4.6/Release/jiffy-playbook.tar.gz

  Contact support@jiffy.ai for the login credentials to download artifacts.

• Extract the ansible-playbook tar file in the core server (tar -xf jiffy-playbook.tar.gz). The extracted files include the inventory and variable.yml.

• Inventory file has to be filled as per the user environment(contains all the details of the servers and authentication methods)). View the sample inventory file here.

• Variables file has to be filled as per the user environment(contains all the parameters, such as, username, configurable values, mountpoint, etc.). View the sample variables file here.

Prerequisites for SAML

1. Generate self signed certificate. The name and format should be as follows.
   • private key : saml-private-key.pk8
   • public key : saml-public-key.crt
2. Convert the format of generated certificate file from .pem to .crt and .pk8 format using the following code.
   • private key : saml-private-key.pk8
     To convert public key to .crt format:

     openssl x509 -outform der -in localhost_cert.pem -out saml-public-key.crt

   • public key : saml-public-key.crt
     To convert public key to .pk8 format:

     openssl pkcs8 -topk8 -inform PEM -outform DER -in localhost_key.pem -out saml-private-key.pk8 -nocrypt

3. Place the certificate inside /opt/gus/certs folder.
   

Prerequisites(to enable Root Admin as an LDAP User)

• Rood Admin must have a valid LDAP user account and connection details.

Prerequisites (Jiffy Ports)

• External ports to be opened on the respective Servers.

Jiffy Compatible Java Versions

1. 1.8.0_252
2. 1.8.0_275
3. 1.8.0_282
4. 1.8.0_292
5. 1.8.0_322

Installation Steps

1. Kubernetes Initial Setup (To be done prior to Jiffy Core installation)

   • create namespace jiffy-cognitive
   • kubectl create namespace jiffy-cognitive
   • commands to setup creds for imagepull
   • kubectl apply -f imagepull-creds.yml -n jiffy-cognitive
   • create classic load balancer
   • update certificate arn in the controller service
   • service.beta.kubernetes.io/aws-load-balancer-ssl-cert
   • kubectl apply -f ingress-nginx.yaml
   • For installing opendistro elastic search and kibana
   • Update opendistro-es/values.yml with hostname values
   • Line no 94 and 436
   • helm install opendistro opendistro-es -n jiffy-cognitive
   • For installing fluentd daemonset
   • helm install fluentd fluentd -n jiffy-cognitive

2. Core and DB Server Deployment

   Switch to jiffy/non-root user in the jiffy core server.

   1. Change directory to the installation path, where the artifacts are present.

      cd /tmp/{jiffy-install}

   2. Extract the ansible-playbook tar, if not already done.

      tar -xf jiffy-playbook.tar.gz

      The extracted files include the inventory and variable.yml files in the /tmp/{jiffy-install} folder.

      Switch to root user in the jiffy core server(Keep the DB server's root credentials near at hand)

      1. Install ansible and dependent packages in the core server

         • Grant the permission to shell script and trigger the preAnsibleSetup.sh
         • chmod u+x preAnsibleSetup.sh
         • ./preAnsibleSetup.sh

         Wait for the setup to complete.

         
      2. Activate the ansible python virtual environment.

         source {mountpoint}/jiffy/.envs/ansibleEnv/bin/activate

      3. Execute the playbook to begin the installation and follow instructions on the screen.

         • ansible-playbook root.yml -i inventory -e @variable.yml
         • For debug mode
         • ansible-playbook root.yml -i inventory -e @variable.yml -v
         • For detailed debug mode
         • ansible-playbook root.yml -i inventory -e @variable.yml -vvvv
         • For sudo and ssh password prompt add -kK options along with run command
         • ansible-playbook root.yml -i inventory -e @variable.yml -kK

         Wait for the setup to complete.

      
   3. Change ownership of /tmp/{jiffy-install} to Jiffy/non-root user.

      chown -R {jiffyapp linux user}:{jiffyapp linux user} /tmp/{jiffy-install}

      Switch to jiffy/non-root user in the jiffy core server

   4. Run the non-root installer : (Sample variable and inventory file below)

      • source {mountpoint}/jiffy/.envs/ansibleEnv/bin/activate
      • ansible-playbook non-root.yml -i inventory -e @variable.yml
      • For debug mode,
      • ansible-playbook non-root.yml -i inventory -e @variable.yml -v
      • For detailed debug mode,
      • ansible-playbook non-root.yml -i inventory -e @variable.yml -vvvv

      Wait for the setup to complete.

   5. Initialize the Jiffy vault as follows and store the vault log file (vaultInitializelog{}.txt) for vault operations in the following screenshot.

      • Grant execute permission and execute vaultBootstrap.sh
      • source ~/.bashrc
      • chmod u+x vaultBootstrap.sh
      • ./vaultBootstrap.sh

      
   6. Update variable vault_token: {replaceme} in variables.yml with vault token.
   7. Bootstrap application with the following commands:

      • with masterkey prompt:
      • ansible-playbook jiffybootstrap.yml -e @variable.yml
      • without masterkey prompt:
      • ansible-playbook jiffybootstrap.yml -e masterKey='{replaceme}' -e @variable.yml

3. Kubernetes deployment
   1. Run the following commands to create necessary Kubernetes resources.

      • Create jiffy-auth secrets
      • kubectl create secret generic jiffy-auth --from-file={mountpoint}/jiffy/auth/password_key --from-file={mountpoint}/jiffy/auth/.at --from-file={mountpoint}/jiffy/auth/.ht -n jiffy-cognitive
      • create configmap
      • kubectl create configmap services-properties --from-file={mountpoint}/jiffy/ml/config/services.properties -n jiffy-cognitive
      • commands to deploy Kubernetes pods
      • export clusterDNS="{clusterDNS}"
      • helm install portfolio portfolio/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-Portfolio_21113Nov21 --set image.repository=jiffyai/portfolio --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install pdfsplit pdfsplit/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-Pdfsplit_3524Nov21 --set image.repository=jiffyai/pdfsplit --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install bolml bolml/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-T4.3.012806Oct21 --set image.repository=jiffyai/bolml --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install bolcategory bol_category/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-vendorcategorisation_7506Oct21 --set image.repository=jiffyai/bolcategory --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install handwritingsegmentation handwritingsegmentation/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-HWSegmentaion_6615Nov21 --set image.repository=jiffyai/hwsegmentation --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install invoicecategory invoicecategory/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-T4.3.012806Oct21 --set image.repository=jiffyai/invoicecategory --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install pdf2image pdf2image/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-Pdf2Image_3206Oct21 --set image.repository=jiffyai/pdf2image --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install pdf2json-service pdf2json-service/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-Pdf2JsonService_4725Nov21 --set image.repository=jiffyai/pdf2json-service --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install template-converter template-converter/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-132 --set image.repository=jiffyai/template-converter --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install w2split w2split/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-W2Split_6712Nov21 --set image.repository=jiffyai/w2split --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install backward-comp backward-comp/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-BackwardCompatibilityEngine3406Oct21 --set image.repository=jiffyai/backward-compatibility-engine --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install functionator functionator/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-147 --set image.repository=jiffyai/functionator --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install invoiceml invoiceml/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-T4.3.012806Oct21 --set image.repository=jiffyai/invoiceml --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install w2ml w2ml/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-w2ml_3911Nov21 --set image.repository=jiffyai/w2ml --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • helm install docplit docsplit/ --set ingress.host=$clusterDNS --set image.tag=JARVIS-MAIN-DocumentSplit_1613Nov21 --set image.repository=jiffyai/docsplit --set replicaCount=1 --set image.namespace=jiffy-cognitive -n jiffy-cognitive
      • ##########

   2. Please access the jiffy in the bot machine with the root tenant.
   3. Create tenant admin by adding email configuration details.

Generate Self Signed Certificates

(Use only in non-prod environments as a temporary measure if valid SSLs are not available.)

1. To Generate SSL Certificate for DB Instance and Cognitive Instance:

   1. Navigate to /tmp/{jiffyinstall}; folder.
   2. Execute the following commands:

      chmod +x generate-db-cert.sh
      ./generate-db-cert.sh -d {DBInstanceDomainname}

   3. The following files are generated:
      • db_ca_key.pem
      • db_ca_cert.pem
      • dbcn_cert.pem
      • dbcn_key.pem
        

2. Localhost certificates for the core server are generated by ansible and are available under /tmp/{jiffyinstall}

   • ca_key.pem
   • ca_cert.pem
   • localhost_key.pem
   • localhost_cert.pem