DevOps related information for setting up / debug / maintain the application.
- Environment variables
- Keeping sensitive information secret with Vault
- Application setup steps (production)
- Performance checklist (production)
- CLI documentation
- LTI configuration
- Database UML diagram
- Generate RSA keypair for JWT authentication flow
- Applying custom route prefix
- Activate/Deactivate line items
- Change line item availability dates
- Configuring line item updater webhook
- Profiling with Blackfire
The main configuration file is .env, located in root folder.
| Variable | Description |
|---|---|
APP_ENV |
Application environment [Values: dev, docker, test, prod] |
APP_DEBUG |
Application debug mode [Values: true, false] |
APP_SECRET |
Application secret (use a secure random value, not a passphrase) |
APP_ROUTE_PREFIX |
To apply custom API route prefix [default: /api ]. More information here |
DATABASE_URL |
Database connection string. Supported formats are described here. Example: postgresql://dbuser:dbpassword@rdstao.eu-west-3.frdep05srp.internal.:5432/taodb?serverVersion=13&charset=utf8 |
JWT_SECRET_KEY |
Path to RSA private key for JWT authentication flow. Example: file://%kernel.project_dir%/config/secrets/prod/jwt_private.pem |
JWT_PUBLIC_KEY |
Path to RSA public key for JWT authentication flow. Example: file://%kernel.project_dir%/config/secrets/prod/jwt_public.pem |
JWT_PASSPHRASE |
Passphrase for JWT keypair |
JWT_ACCESS_TOKEN_TTL |
TTL for JWT access token in seconds |
JWT_REFRESH_TOKEN_TTL |
TTL for JWT refresh token in seconds |
CORS_ALLOW_ORIGIN |
Allowed origin domain for cross-origin resource sharing. Example: ^https?://test-taker-portal.com$ |
REDIS_DOCTRINE_CACHE_HOST |
Redis host for doctrine cache storage. Example: dccache.eu-west-3.frdep05srp.internal. |
REDIS_DOCTRINE_CACHE_PORT |
Redis port for doctrine cache storage. Example: 6379 |
REDIS_JWT_CACHE_HOST |
Redis host for JWT cache storage. Example: session.eu-west-3.frdep05srp.internal. |
REDIS_JWT_CACHE_PORT |
Redis port for JWT cache storage. Example: 6379 |
USER_CACHE_WARMUP_MESSAGE_PAYLOAD_BATCH_SIZE |
Number of users to include per event message payload for user cache warmup (batch size) |
USER_CACHE_WARMUP_RETRY_WAIT_INTERVAL |
Waiting time interval in microseconds between user cache warmup retry attempts |
CACHE_TTL_GET_USER_WITH_ASSIGNMENTS |
Cache TTL (in seconds) for caching individual users with assignments |
CACHE_TTL_LTI_INSTANCES |
Cache TTL (in seconds) for caching entire collection of LTI instances |
CACHE_TTL_LINE_ITEM |
Cache TTL (in seconds) for caching individual line items |
MESSENGER_TRANSPORT_DSN |
Messenger transport DSN for asynchronous cache warmup Example: https://sqs.eu-west-3.amazonaws.com/0123456789/frdep05srp-WorkerStack-11R1YT4PQBG9V-RosterCacheWarmup-2JN1K2H4ABCG?auto_setup=false |
WEBHOOK_BASIC_AUTH_USERNAME |
Basic auth username for webhook |
WEBHOOK_BASIC_AUTH_PASSWORD |
Basic auth password for webhook |
APP_API_KEY |
API key used by Lambda Assignment Manager to access bulk API endpoints |
ASSIGNMENT_STATE_INTERVAL_THRESHOLD |
Threshold for assignment garbage collection. [Example: P1D] Supported formats can be found here |
Note: LTI specific variables can be found here.
-
Configure all application related environment variables in
.envfile described here. -
Configure all LTI related environment variables in
.envfile described here. -
Install application dependencies:
$ sudo -u www-data composer install --no-dev --no-scripts --optimize-autoloader
-
Optimize configuration file with Composer:
$ sudo -u www-data composer dump-env prod
-
Clear application cache:
$ sudo -u www-data bin/console clear:cache
-
Generate RSA keys for JWT authentication flow
Please refer to Generate RSA keypair for JWT authentication flow section of this document.
-
Verify application and PHP settings:
$ sudo -u www-data bin/console about
-
Clear Doctrine caches:
$ sudo -u www-data bin/console doctrine:cache:clear-metadata $ sudo -u www-data bin/console doctrine:cache:clear-query $ sudo -u www-data bin/console doctrine:cache:clear-result
-
Ensure production settings:
$ sudo -u www-data bin/console doctrine:ensure-production-settings
-
Create database:
$ sudo -u www-data bin/console doctrine:database:create
-
Setup database schema:
$ sudo -u www-data bin/console doctrine:schema:update --force
-
Ensure application is healthy by calling the healthcheck API endpoint:
$ curl -sb -H https://{APPLICATION_URL}/api/v1Response should be something like this:
{ "isDoctrineConnectionAvailable": true, "isDoctrineCacheAvailable": true } -
Execute LTI instance ingestion (Only in case of LTI 1.1.1)
Documentation: LTI instance ingester command.
-
Execute line item ingestion
Documentation: Line item ingester command.
-
Execute user ingestion
Documentation: User ingester command.
-
Execute assignment ingestion
Documentation: Assignment ingester command.
-
Warm up LTI instance cache
Documentation: LTI instance cache warmer command.
-
Warm up line item cache
Documentation: Line item cache warmer command.
-
Warm up user cache
Documentation: User cache warmer command.
To generate private key:
$ openssl genpkey -aes-256-cbc -algorithm RSA -out config/secrets/prod/jwt_private.pemMake sure you update the JWT_PASSPHRASE environment variable with the passphrase of your choice.
To generate public key:
$ openssl pkey -in config/secrets/prod/jwt_private.pem -out config/secrets/prod/jwt_public.pem -puboutMake sure you have right permissions:
$ chown -R www-data: config/secrets/prodCustom route prefix can be defined via APP_ROUTE_PREFIX application environment.
Please make sure to include the leading slash character, but NO trailing slash.
Example:
APP_ROUTE_PREFIX=/apiTo apply the changes, you need to clear the application cache:
$ sudo -u www-data bin/console cache:clearTo verify the changes:
$ sudo -u www-data bin/console debug:router