Production Deployment

Isabl API in Production

Install isabl-api on premise as a third party application in a Django project.

Isabl CLI in Production

In your production environment you can install Isabl CLI with:

# install isabl-cli from Github
pip install git+https://github.com/papaemmelab/isabl_cli#eggs=isabl-cli

# or clone locally and install as editable
git clone https://github.com/papaemmelab/isabl_cli <your-dir>/isabl_cli
pip install -e <your-dir>/isabl_cli

# let the client know what API should be used
export ISABL_API_URL="https://isabl.mskcc.org/api/v1/"

# set client id, you can create a new client in the admin site
export ISABL_CLIENT_ID="<replace with client primary key>"

# isabl should be now available
isabl --help

For example, if ISABL_CLIENT_ID=1 you can update the settings field at https://my.isabl/admin/isabl_api/client/1/change/. An example of such configuration could be:

This is how the admin website looks like for editing Isabl CLI settings:

Multiuser Setup

Isabl CLI can be used by multiple users. By default, any user can import data and result files are owned by whoever triggered the application. These capabilities can be limited to an ADMIN_USER. In this setup, data and results are owned by theADMIN_USER yet applications can be triggered by any user.

First you need to assign the right API permissions to your users. To facilitate this Isabl comes with the following command:

This command will create the following three Django groups:

Then you will need to configure the ADMIN_USER and the DEFAULT_LINUX_GROUP in the Isabl CLI client object (you can do so by updating your client ISABL_CLIENT_ID from the Django admin website). For example:

Once you follow the writing applications guide, you will understand that Isabl Applications can be managed using a python package. If you have multiple users triggering applications, you may want to have them all pointing to the same package. This can be either using the PYTHONPATH environment variable or pip installing locally your apps repo:

Learn more about Writing Applications:

Learn more about Isabl CLI settings:

Learn more about Retrieving Data using isabl-cli to fetch data:

Initialize Data Lake

With the admin user run the following snippet in the BASE_STORAGE_URL:

Isabl API on Premise

You can bootstrap a new Django project using Cookiecutter API:

Cookiecutter API Features

• Isabl out of the box

• For Django 2.0 & Python 3.6

• Renders a Django project with 100% starting test coverage

• 12-Factor based settings via django-environ

• Secure by default with SSL.

• Optimized development and production settings

• Registration via django-allauth

• Send emails via Anymail (using Mailgun by default, but switchable)

• Media storage using Amazon S3

• Docker-compose for development and production (using Caddy with LetsEncrypt support)

• Procfile for deploying to Heroku

• Run tests with py.test

• Customizable PostgreSQL version

• Celery with Flower

• optional - Serve static files from Amazon S3 or Whitenoise

• optional - Integration with MailHog for local email testing

Cookiecutter API Constraints

• Only maintained 3rd party libraries are used.

• Uses PostgreSQL everywhere (9.2+)

• Environment variables for configuration (This won't work with Apache/mod_wsgi except on AWS ELB).

Understanding the Docker Compose Setup

Before you begin, check out the production.yml file in the root of this project. Keep note of how it provides configuration for the following services:

• django: your application running behind Gunicorn;

• postgres: PostgreSQL database with the application's relational data;

• redis: Redis instance for caching;

• caddy: Caddy web server with HTTPS on by default.

Provided you have opted for Celery (via setting use_celery to y) there are three more services:

• celeryworker running a Celery worker process;

• celerybeat running a Celery beat process;

• flower running Flower (for more info, check out CeleryFlower instructions for local environment).

Configuring the Stack

The majority of services above are configured through the use of environment variables. Just check out envs and you will know the drill.

You will probably also need to setup the Mail backend, for example by adding a Mailgun API key and a Mailgun sender domain, otherwise, the account creation view will crash and result in a 500 error when the backend attempts to send an email to the account owner.

HTTPS is On by Default

The Caddy web server used in the default configuration will get you a valid certificate from Lets Encrypt and update it automatically. All you need to do to enable this is to make sure that your DNS records are pointing to the server Caddy runs on. You can read more about this here at Automatic HTTPS in the Caddy docs. Please note:

• If you are not using a subdomain of the domain name set in the project, then remember to put the your staging/production IP address in the DJANGO_ALLOWED_HOSTS environment variable (see settings) before you deploy your website. Failure to do this will mean you will not have access to your website through the HTTP protocol.

• Access to the Django admin is set up by default to require HTTPS in production or once live.

• ⚠️ Attention! If you are running your application on an intranet you may want to use tls caddy setting. Make sure that the DOMAIN_NAME configuration has the https:// schema prepended in the caddy environment file .envs/.production/.caddy (see this ticket to learn more). Then include the following configuration in compose/production/caddy/Caddyfile in order to use a self signed certificate:

  Alternatively, If you have a local certificate and key provided by your institution, you will need to copy the keys in the caddy compose/production/caddy/Dockerfile and use:

Postgres Data Volume Modifications

Optional | Postgres is saving its database files to the production_postgres_data volume by default. Change that if you want something else and make sure to make backups since this is not done automatically.

Building & Running Production Stack

You will need to build the stack first. To do that, run:

Once this is ready, you can run it with:

To run the stack and detach the containers, run:

To run a migration, open up a second terminal and run:

To create a superuser, run:

If you need a shell, run:

To check the logs out, run:

If you want to scale your application, run:

To see how your containers are doing run:

Mounting a Remote Data Directory

Its likely that the data resides in a different server than the web application. To make results available for the web server you may want to consider sshfs: