Search

Jiffy Installation

Articles

Artifact list

Name Version Type Description
jiffy-playbook.tar.gz 4.8 Ansible playbook Ansible scripts which does the upgrade
jiffy-installation.tar.gz 4.8 Compressed tar Jiffy core artifacts
jiffy-helms-v.4.8s.zip 4.8 Helm charts Helm charts for container deployments

Containers List

Container Tags (4.8)
backward-comp JARVIS-MAIN-BackwardCompatibilityEngine7122Jun22
bolcategory JARVIS-MAIN-vendorcategorisation_14226Jul22
bolml JARVIS-MAIN-T4.3.020626Jul22
docsplit JARVIS-MAIN-DocumentSplit_7322Jun22
functionator JARVIS-MAIN-263
handwritingsegmentation JARVIS-MAIN-HWSegmentation_14719Jul22
invoicecategory JARVIS-MAIN-T4.3.020626Jul22
invoiceml JARVIS-MAIN-T4.3.020626Jul22
pdf2image JARVIS-MAIN-Pdf2Image_8422Jun22
pdf2json-service JARVIS-MAIN-Pdf2JsonService_12521Jul22
pdfsplit JARVIS-MAIN-Pdfsplit_7622Jun22
portfolio JARVIS-MAIN-Portfolio_36828Jul22
template-converter JARVIS-MAIN-251
w2ml JARVIS-MAIN-w2ml_9922Jun22
w2split JARVIS-MAIN-W2Split_11122Jun22
lineitemmatch JARVIS-MAIN-LineItemMatch_8222Jun22

No changes are made to the helm charts after release 4.6.

Ports and Processes

Component Port Process Source Destination
Email Server (TCP Ports) 25 SMTP Server Core Application Server
Email Server 993 IMAP/IMAPS Core Application Server
Jiffy Web 443 Nginx Any windows machine where the
user accesses Jiffy application
Core Application Server
JPipe gRPC 443 Nginx All the windows client machines
where BOT is installed
Core Application Server
RabbitMQ Viewer 15672 RabbitMQ Any windows machine
where the user accesses RabbitMQ web page
Core Application Server
MongoDB 27017 MongoDB Core Application Server Database Server
Postgres 5432 Postgres Core Application Server Database Server
Kubernetes Server 443 Nginx Ingress Core Application Server Kubernetes Server
LDAP Server 389 LDAP Core application server LDAP Server

Yum Packages List

Click here to view the detailed list of Yum packages and their respective versions.

General Prerequisites

  • SSL Certificates:
    • Valid SSL certificates should be available inside the core server with the Common Name(CN) or Subject Alternate Name(SAN) matching the DNS of the Core server and DB server.
    • Valid SSL certificates should be available with the Common Name(CN) matching the Kubernetes ingress hostname.

Prerequisites for Kubernetes

  • For AWS users, EKS cluster should be provisioned and configured.: Creating an Amazon EKS cluster
  • Docker Hub is reachable from the Kubernetes worker nodes (Container artifacts will be pulled from dockerhub during the install process)

Prerequisites for Core Server and DB Server

  • Access to epel-release and python packages repositories should be enabled on the core server irrespective of OS flavor.
  • Root user privileges (Used for yum installs, compile, and installation of third-party packages such as Nginx, Python, Redis, RabbitMQ configuration and administration, UNIX user creation).
  • SSH connectivity between the core server and DB server (preferred method is to use a private key)
  • Access to Python packages repository.
  • Ports opened as per the list given in Ports and Processes table.
  • Kubernetes ingress URL should be resolvable from Core server.
  • Permissions are required for deploying containers on the Kubernetes cluster from Core server.
  • Authentication for both databases(Postgresql and Mongo) should be using basic authentication.(username/password-based)
  • The databases should listen only via SSL connections.
  • The Mongo instance should be dedicated to Jiffy.
  • Access to the repositories mentioned in the following table via the Internet or a proxy.

    Recommended Repositories

    Additional Repositories to be Enabled Specific to Redhat Additional Repositories to be Enabled Specific to Centos
    rhel-7-server-rpms centos-release-scl
    rhel-7-server-extras-rpms
    rhel-7-server-optional-rpms
    rhel-server-rhscl-7-rpms
    rhel-7-server-devtools-rpms

    For RHEL:

    Package name Version
    llvm-toolset-7-clang 5.0.1-4
    postgresql-devel 14.2

To install llvm-toolset-7-clang, use the following steps.

  • subscription-manager repos --enable rhel-7-server-devtools-rpms
  • subscription-manager repos --enable rhel-server-rhscl-7-rpms
  • cd /etc/pki/rpm-gpg
  • wget -O RPM-GPG-KEY-redhat-devel https://www.redhat.com/security/data/a5787476.txt
  • rpm --import RPM-GPG-KEY-redhat-devel
  • yum install http://mirror.centos.org/centos/7/os/x86_64/Packages/libedit-devel-3.0-12.20121213cvs.el7.x86_64.rpm
  • yum install llvm5.0-devel
  • yum install llvm-toolset-7-clang -y

Pre-Installation Tasks for Core Server

  • Install Kubectl and helm3.

  • Download helm charts from downloads.jiffy.ai into in /tmp/jiffy4.8.0/helm(can be performed by any valid Linux user).

    • export RELEASE_VERSION=4.8
    • mkdir -p /tmp/jiffy-install/$RELEASE_VERSION/
    • cd /tmp/jiffy-install/$RELEASE_VERSION/
    • wget –user {username} –ask-password downloads.jiffy.ai/4.8/Release/jiffy-helms-v4.8.zip

    • Extract the helm charts in core server.

      unzip jiffy-helms-v4.8.zip


  • Download and extract Artifacts to /tmp/jiffy-install/$RELEASE_VERSION/(can be performed by any valid Linux user).

    • cd /tmp/jiffy-install/$RELEASE_VERSION/
    • wget –user {username} –ask-password downloads.jiffy.ai/4.8/Release/jiffy-installation.tar.gz
    • wget –user {username} –ask-password downloads.jiffy.ai/4.8/Release/jiffy-playbook.tar.gz
    • tar -xf jiffy-playbook.tar.gz>

    Contact support@jiffy.ai for the login credentials to download artifacts.

  • Extract the ansible-playbook tar file in the core server (tar -xf jiffy-playbook.tar.gz). The extracted files include the inventory and variable.yml.

  • Inventory file has to be filled as per the user environment(contains all the details of the servers and authentication methods)).

  • Variables file has to be filled as per the user environment(contains all the parameters, such as, username, configurable values, mountpoint, etc.).

Installation Steps

Kubernetes Initial Setup (To be done Before Jiffy Core Installation)

  • export RELEASE_VERSION=4.8
  • cd /tmp/jiffy-install/$RELEASE_VERSION/
  • kubectl create namespace jiffy-cognitive
  • kubectl apply -f imagepull-creds.yml -n jiffy-cognitive
  • create classic load balancer
  • Update certificate arn in the controller service
  • service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
  • Applicable for AWS EKS Users
  • kubectl apply -f ingress-nginx.yaml
  • For installing opendistro elastic search and kibana
  • Update opendistro-es/values.yml with hostname values
  • Line no 94 and 436
  • helm install opendistro opendistro-es -n jiffy-cognitive
  • For installing fluentd daemonset
  • helm install fluentd fluentd -n jiffy-cognitive

Initial Ansible Setup

Install ansible and dependent yum packages in the core server.

  1. export RELEASE_VERSION=4.8
  2. cd /tmp/jiffy-install/$RELEASE_VERSION/
  3. chmod u+x preAnsibleSetup.sh
  4. ./preAnsibleSetup.sh

Wait for the setup to complete.

Image description

Core and DB Server Deployment

  1. Switch to root user in the jiffy core server.(Keep the DB server’s root credentials)
  2. Execute the playbook to begin the installation and follow instructions on the screen.

    • source /opt/jiffy3rdparty/ansibleEnv/bin/activate
    • ansible-playbook root.yml -i inventory -e @variable.yml
    • For debug mode:
    • ansible-playbook root.yml -i inventory -e @variable.yml -v
    • For detailed debug mode:
    • ansible-playbook root.yml -i inventory -e @variable.yml -vvvv
    • For sudo and ssh password prompt add -kK options along with run command:
    • ansible-playbook root.yml -i inventory -e @variable.yml -kK

    Wait for the setup to complete.

    Image description
  3. Change ownership of /tmp/{jiffy-install} to Jiffy/non-root user.

    chown -R {jiffyapp linux user}:{jiffyapp linux user} /tmp/{jiffy-install}

Switch to Jiffy/Non-root User in the Jiffy Core Server:

  1. Run the non-root installer : (Sample variable and inventory file below)

    • export RELEASE_VERSION =4.8
    • cd /tmp/jiffy-install/$RELEASE_VERSION/
    • source /opt/jiffy3rdparty/ansibleEnv/bin/activate
    • ansible-playbook non-root.yml -i inventory -e @variable.yml
    • For debug mode:
    • ansible-playbook non-root.yml -i inventory -e @variable.yml -v
    • For detailed debug mode:
    • ansible-playbook non-root.yml -i inventory -e @variable.yml -vvvv

    Wait for the setup to complete.

    Image description
  2. Initialize the Jiffy vault as follows and store the vault log file (vaultInitializelog <>.txt) for vault operations in the following screenshot. Image description

    • Grant execute permission and execute vaultBootstrap.sh
    • source ~/.bashrc
    • chmod u+x vaultBootstrap.sh
    • ./vaultBootstrap.sh

    Image description
  3. Update variable vault_token: {replaceme} in variables.yml with vault token.
  4. Bootstrap application with the following commands:

    • with masterkey prompt:
    • ansible-playbook jiffybootstrap.yml -e @variable.yml
    • without masterkey prompt:
    • ansible-playbook jiffybootstrap.yml -e masterKey=‘{replaceme}’ -e @variable.yml

Kubernetes Deployment

  1. Connect to Core server as a jiffy application user
  2. Execute the following commands:

    • export clusterDNS=“{clusterDNS}”
    • chmod 777 k8s-deployment.sh
    • Create jiffy-auth secrets
    • kubectl create secret generic jiffy-auth –from-literal=password_key=‘{masterkey}’ –from-file={mountpoint}/jiffy/auth/.at -n jiffy-cognitive

  3. Execute the script for the Kubernetes installation.

Default values for the Kubernetes-upgrade script.

  • namespace(n)=jiffy-cognitive
  • replicacount(r)=1
  • mountpoint(m)=/opt

./k8s-deployment.sh -k '{masterkey|mandatory}' -n {namespace} -c {clusterDNS|mandatory} -r {replicacount} -m {mountpoint}

Generate Self Signed Certificates

(Use only in non-prod environments as a temporary measure if valid SSLs are not available.)

  1. To Generate SSL Certificate for DB Instance and Cognitive Instance:

    1. Execute the following commands:

      • export RELEASE_VERSION=4.8
      • cd /tmp/jiffy-install/$RELEASE_VERSION/
      • chmod +x generate-db-cert.sh
      • ./generate-db-cert.sh -d {DBInstanceDomainname}

    2. The following files are generated:
      • db_ca_key.pem
      • db_ca_cert.pem
      • dbcn_cert.pem
      • dbcn_key.pem
  2. Localhost certificates for the core server are generated by ansible and are available under /tmp/jiffy-install/$RELEASE_VERSION/

    • ca_key.pem
    • ca_cert.pem
    • key.pem
    • cert.pem
Did you find what you were looking for?