Deploy to ELIXIR-LU
Deploy the GDI User Portal to ELIXIR Luxembourg infrastructure. This deployment uses Docker Compose and includes the User Portal, CKAN, REMS, Keycloak, and API Gateway.
Current deployment endpoints
The following endpoints are available in the development environment:
- User Portal:
portal.dev.gdi.lu - IAM (Identity and Access Management):
id.portal.dev.gdi.lu - API Gateway:
api.portal.dev.gdi.lu - Catalogue:
catalogue.portal.dev.gdi.lu
Prerequisites
- Access to the ELIXIR-LU server
- Docker and Docker Compose installed
- Admin access to CKAN, REMS, and Keycloak
- GitHub repository access to gdi-userportal-deployment
Clone the deployment repository
Clone the deployment repository to your server:
git clone https://github.com/GenomicDataInfrastructure/gdi-userportal-deployment.git
cd gdi-userportal-deployment
Configure environment variables
Copy the environment example file and update all secrets:
cp .env.example .env
Edit the .env file and update all the secrets and configuration values as required for your environment.
Deploy REMS
Build and deploy the REMS service first:
docker compose build
docker compose run --rm -e CMD="migrate" rems
docker compose up -d rems
Configure REMS
After REMS is running, configure the required API keys and users.
-
Configure the admin user. Enter the REMS Docker container and configure the admin user.
-
Configure access-management-service API key. Create an API key for any user and any REST method, limited to the following endpoints:
/api/users/create/api/catalogue-items/api/my-applications/api/applications/.*
-
Configure rems-synchronizer API key. Create an API key and robot for any REST method, limited to the following endpoints:
/api/organizations.*/api/forms.*/api/workflows.*/api/resources.*/api/catalogue-items.*
-
Configure ls-aai API key. Create an API key and robot, limited to:
GET /api/permissions/.* -
Update environment variables. Include the newly created API keys and users in the environment variables file.
Deploy all services
Deploy all remaining services:
docker compose up -d
Configure CKAN harvesting
After all services are running, set up data harvesting in CKAN.
-
Log in to CKAN: Log in to CKAN as a sysadmin user.
-
Add harvest sources: Configure and add the required harvest sources for your data catalogues.
-
Run REMS synchroniser: Wait for the REMS synchroniser to run automatically, or run it manually.
Configure Keycloak and LS-AAI
Configure authentication and authorisation with Keycloak and LS-AAI integration.
-
Access Keycloak: Go to your Keycloak instance at
id.portal.dev.gdi.lu. -
Configure LS-AAI identity provider: Set up LS-AAI as an identity provider in Keycloak.
-
Add claim to user attribute mapper: Add a mapper that maps the claim
subintoelixir_id. -
Create OIDC realm for GDI: Create a new OIDC realm for GDI that accepts redirections to User Portal, CKAN, and REMS.
-
Create client scope: Create a new client scope for the GDI realm.
-
Add user attribute mapper: Add a new User Attribute Mapper that maps the attribute
elixir_idinto a claim calledelixir_idand a scope calledelixir_id. -
Create clients: Create a new client for User Portal, REMS, and CKAN.
-
Add scope to clients: Add the scope
elixir_idto the newly created clients.
After deploying to ELIXIR-LU:
- Manage user roles and permissions: Set up user access levels in CKAN
- Manage data and services: Configure harvesters and data sources
- Monitor and maintain the system: Set up monitoring and logging