Bootstrap and continuous integration/deployment (CI/CD) for OGC API web-service components. See the website apitestdocs.geonovum.nl for docmentation and details.
Want to access the (OGC) web-services? Go to:
- Stable (production) server at apitestbed.geonovum.nl
- Sandbox (experimental) server at apisandbox.geonovum.nl (TODO)
This repo contains all that is needed to bootstrap, configure and maintain (CI/CD) a remote deployment of an OGC API web-service stack using modern "DevOps" tooling.
The main design principles are:
- any action on the server/VM host is performed from a client host
- i.e. no direct access/login to/on the server/VM is required, only maybe for problem solving
- remote actions can be performed manually or triggered by GitHub Workflows
- all credentials (passwords, SSH-keys, etc) are secured
- operational stack instances for "production" (stable) and "sandbox" (playground)
The (DevOps-) components used in this setup are:
- Docker "...OS-level virtualization to deliver software in packages called containers..." (Wikipedia)
- Docker Compose "...a tool for defining and running multi-container Docker applications..."
- Ansible "...an open-source software provisioning tool" (Wikipedia)
- GitHub Actions/Workflows "...Automate, customize, and execute software development workflows in a GitHub repository..."
The Docker-components are used to run the operational stack, i.e. the OGC API web-services. Ansible is used to provision both the server OS-software and the operational stack. Ansible is executed on a local client/desktop system to invoke operations on a remote server/VM. These operations are bundled in so called Ansible Playbooks, YAML files that describe a desired server state. GitHub Actions are used to construct Workflows. These Actions invoke these Ansible Playbooks, effectively configuring and provisioning the operational stack on a remote server/VM. GitHub Actions are triggered (selectively) on commit/push to this repo.
Security is enforced by the use of Ansible-Vault and GitHub Encrypted Secrets.
The operational stack has the following components:
- Traefik a frontend proxy/load-balancer and SSL (HTTPS) endpoint.
- pygeoapi a Python server implementation of the OGC API suite of standards.
- GeoServer a Java server implementation of the OGC API suite of standards.
- ldproxy a Java server implementation of the OGC API suite of standards.
- QGIS Server - server component of QGIS with OGC OAFeat support.
- PostgreSQL/PostGIS - geospatial database
For administration, documentation and monitoring the following components are used:
- mkdocs for live documentation and landing pages
- PGAdmin - visual PostgreSQL manager
- GeoHealthCheck to monitor the availability, compliance and QoS of OGC web services
- Portainer visual Docker monitor and manager
Read more on the setup in the documentation/website of this project.