Deployment Guide

• -p 9200:9200 maps port 9200 of the host to port 9200 of the container

• -e discovery.type=single-node configures Elasticsearch to run in single-node mode, this bypasses the need for cluster discovery and formation protocols, making Elasticsearch start up as a standalone node, ideal for development, testing, or small-scale deployments where clustering is not necessary

• -e cluster.name=workflow.elasticsearch names the Elasticsearch cluster, this is good practice in case you choose to run multiple clusters or nodes in the future

• -e ES_JAVA_OPTS=-Xms512m -Xmx2048m sets the initial and maximum heap size for the Java Virtual Machine (JVM) running Elasticsearch. -Xms512m sets the initial heap size to 512 MB. -Xmx2048m sets the maximum heap size to 2048 MB (2 GB). Properly setting these values ensures that Elasticsearch has enough memory to handle its operations efficiently, but not so much that it starves other processes on the host machine.

• -e xpack.security.enabled=true activates security features such as authentication, authorization, encryption, and audit logging

• -e MANAGE_INDEX_TEMPLATES=true ensures Elasticsearch manages index templates, when true, the system expects to manage the index templates as part of its operations. In the next step we will create a client services to set up the default configurations for new indices

• -e ELASTIC_PASSWORD=myelasticpassword Sets the password for the elastic user

Maestro Variables

• MAESTRO_FAILURELOG_ENABLED enables or disables failure logging. When set to true, Maestro logs any failures that occur, which is useful for debugging and monitoring purposes

• MAESTRO_FAILURELOG_DIR sets the directory path where failure logs are stored. The value should be app/logs/maestro or another path of your choosing

• MAESTRO_LOGGING_LEVEL_ROOT sets the root logging level for Maestro. The value can be INFO, DEBUG or WARN. It determines the level of detail included in logs, where INFO is standard and DEBUG provides more detailed information

• MAESTRO_NOTIFICATIONS_SLACK_ENABLED enables or disables Slack notifications. When set to true, Maestro can send notifications to a Slack channel

Song Variables

• MAESTRO_REPOSITORIES_0_CODE sets the code identifier for the repository. The value here is song.overture, serving as a unique identifier used within Maestro to reference the repository

• MAESTRO_REPOSITORIES_0_URL is the URL of the metadata repository. The value is http://song:8080, specifying the endpoint where Maestro can connect to the Song repository

• MAESTRO_REPOSITORIES_0_NAME defines the display name for the repository. The value is Overture, providing a human-readable name for the repository used in logs and interfaces

• MAESTRO_REPOSITORIES_0_ORGANIZATION defines the name of the organization that owns the repository

• MAESTRO_REPOSITORIES_0_COUNTRY defines the country code for the repository's location. The value is CA (Canada), indicating the country associated with the repository

Elasticsearch Variables

• MAESTRO_ELASTICSEARCH_INDEXES_ANALYSISCENTRIC_ENABLED set to true specifing that analysis-centric indices are to be expected

• MAESTRO_ELASTICSEARCH_INDEXES_FILECENTRIC_ENABLED set to false specifing to Maestro that file-centric indices are not to be expected

• MAESTRO_ELASTICSEARCH_CLIENT_BASICAUTH_ENABLED enables basic authentication for the Elasticsearch client

• MAESTRO_ELASTICSEARCH_INDEXES_ANALYSISCENTRIC_NAME is the name of the analysis-centric Elasticsearch index. The value is analysis-conductor-index, aligned with our previously created index

• MAESTRO_ELASTICSEARCH_INDEXES_ANALYSISCENTRIC_ALIAS is the alias for the analysis-centric Elasticsearch index

• MAESTRO_ELASTICSEARCH_CLUSTER_NODES points to the address of the Elasticsearch cluster node(s). The value is elasticsearch:9200, specifying the Elasticsearch node that Maestro will interact with

• MAESTRO_ELASTICSEARCH_CLIENT_BASICAUTH_USER, MAESTRO_ELASTICSEARCH_CLIENT_BASICAUTH_PASSWORD is the username and password for Elasticsearch

• MANAGEMENT_HEALTH_ELASTICSEARCH_ENABLED: Enables or disables Elasticsearch health checks. The value can be false (disabled) or true (enabled), controlling whether health checks for Elasticsearch are performed.

• MANAGEMENT_SECURITY_ENABLED: Enables or disables security management. The value can be false (disabled) or true (enabled), controlling whether security features are enabled.

Spring Variables

• SPRING_MVC_ASYNC_REQUESTTIMEOUT is -1 (no timeout), this setting determines how long asynchronous requests are allowed to run before timing out

• SPRINGDOC_SWAGGERUI_PATH is /swagger-api, specifying the URL path where the Swagger UI can be accessed (localhost:11235/swagger-api).

Kafka Variables

• SPRING_CLOUD_STREAM_KAFKA_BINDER_BROKERS defines the address of the Kafka broker(s). The value is set to kafka:9092, specifying the Kafka instance we set up earlier

• SPRING_CLOUD_STREAM_BINDINGS_SONGINPUT_DESTINATION is the destination topic for the Song input binding. The value is song-analysis, pointing to the Kafka topic we configured earlier

When creating the .env.arranger file:

• ES_HOST is the URL of your Elasticsearch instance

• ES_USER and ES_PASS are the credentials for accessing Elasticsearch

• REACT_APP_BASE_URL is the base URL for your front-end application, in this case Stage, which we will set up next

• REACT_APP_ARRANGER_ADMIN_ROOT is the URL for the Arranger GraphQL endpoint

When running Arranger:

• -p 5050:5050 maps port 5050 of the host to port 5050 of the container.

• -v ./arrangerConfigs/...:/app/modules/server/configs/... mounts configuration files into the container
  • base.json contains the base configuration for the Arranger server
  • extended.json contains all possible fields inputted into arranger
  • facets.json defines the facets found within the facet panel of the data exploration page in Stage
  • table.json defines the formatting of the tables found on the data exploration page in Stage
  • matchbox.json contains matchbox configuration settings

Stage Variables

• NEXTAUTH_URL specifies the base URL for NextAuth.js, which handles authentication in Next.js applications. This setting is used to configure the authentication flow, including where to redirect users after successful authentication.

• NEXT_PUBLIC_LAB_NAME is the name that will be displayed in the top left of the portal interface. Feel free to get creative here

• NEXT_PUBLIC_ADMIN_EMAIL is the email address of the administrator or support contact. This setting updates the help link found by default in the footer navigation of the portal interface

Keycloak Variables

• NEXT_PUBLIC_AUTH_PROVIDER specifies the authentication provider, in this case, Keycloak

• ACCESSTOKEN_ENCRYPTION_SECRET defines the secret used to encrypt access tokens, enhancing security by preventing easy decoding of intercepted tokens

• SESSION_ENCRYPTION_SECRET specifies the secret used to encrypt session cookies, protecting sensitive information stored in the cookie from unauthorized access

• NEXT_PUBLIC_KEYCLOAK_HOST specifies the URL where the Keycloak server is hosted https://localhost:8443 while NEXT_PUBLIC_KEYCLOAK_REALM defines the realm in Keycloak that contains the users and roles for our application

• NEXT_PUBLIC_KEYCLOAK_CLIENT_ID and client secret KEYCLOAK_CLIENT_SECRET are assigned to the application by Keycloak, linking the application to its configuration within Keycloak

• NEXT_PUBLIC_KEYCLOAK_PERMISSION_AUDIENCE specifies the audience for the permission claims in the access token, restricting the scope of access granted to the token

Score Variables

• NEXT_PUBLIC_SCORE_API_URL is the URL of the Score API, which the application uses to communicate with the Score service

Arranger Variables

• NEXT_PUBLIC_ARRANGER_DOCUMENT_TYPE indexes can be either file centric or analysis (participant) centric, the document type variable specifies which of these configurations is true

• NEXT_PUBLIC_ARRANGER_INDEX defines the index used by the Arranger service

• NEXT_PUBLIC_ARRANGER_API_URL is the URL of the Arranger graphQL API, by default Arrangers API is mapped to port 5050

• NEXT_PUBLIC_ARRANGER_MANIFEST_COLUMNS lists the columns to be included in the manifest generated for download with Score