From bc3f75157761e410ec041b997c09e652e488761a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andony=20N=C3=BA=C3=B1ez?= Date: Wed, 20 Dec 2023 15:57:47 -0600 Subject: [PATCH] [RND-675] Adding instructions to use Azure Key Vault (#333) --- .github/workflows/on-pullrequest.yml | 2 +- Meadowlark-js/.vscode/settings.json | 2 +- .../package.json | 6 +- .../meadowlark-mongodb-backend/package.json | 8 +- .../package.json | 6 +- .../package.json | 8 +- Meadowlark-js/lerna.json | 2 +- Meadowlark-js/package-lock.json | 50 +++---- .../meadowlark-authz-server/package.json | 4 +- .../packages/meadowlark-core/package.json | 4 +- .../meadowlark-utilities/package.json | 2 +- .../services/meadowlark-fastify/package.json | 8 +- Meadowlark-js/tests/e2e/package.json | 4 +- eng/deploy/azure/README.md | 125 +++++++++++++----- 14 files changed, 148 insertions(+), 83 deletions(-) diff --git a/.github/workflows/on-pullrequest.yml b/.github/workflows/on-pullrequest.yml index 306ba8ca..2c936e38 100644 --- a/.github/workflows/on-pullrequest.yml +++ b/.github/workflows/on-pullrequest.yml @@ -55,7 +55,7 @@ jobs: - name: Update versions if: steps.versions.outputs.update-required - run: npx lerna@6.6.2 version prerelease --exact --no-git-tag-version --yes + run: npx lerna@6.6.2 version prerelease --exact --no-git-tag-version --preid pre --yes - name: Set Version if: steps.versions.outputs.update-required diff --git a/Meadowlark-js/.vscode/settings.json b/Meadowlark-js/.vscode/settings.json index 11a3b20a..263f6a37 100644 --- a/Meadowlark-js/.vscode/settings.json +++ b/Meadowlark-js/.vscode/settings.json @@ -20,7 +20,7 @@ "**/.vscode": true }, "editor.codeActionsOnSave": { - "source.fixAll.eslint": true + "source.fixAll.eslint": "explicit" }, "cSpell.words": [ "ANONYMIZATION", diff --git a/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json b/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json index cecb0f04..a54c74ff 100644 --- a/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-elasticsearch-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-elasticsearch-backend", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark backend plugin for elasticsearch", "license": "Apache-2.0", "publishConfig": { @@ -19,8 +19,8 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@elastic/elasticsearch": "^8.10.0", "@elastic/transport": "^8.3.4" }, diff --git a/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json b/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json index 5eb5c8e8..d5c9f63a 100644 --- a/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-mongodb-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-mongodb-backend", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark backend plugin for MongoDB", "license": "Apache-2.0", "publishConfig": { @@ -19,9 +19,9 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.0", - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-authz-server": "0.4.1-pre.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "async-retry": "^1.3.3", "mongodb": "^5.9.2", "ramda": "0.29.1" diff --git a/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json b/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json index bbdd958d..d8afc0e2 100644 --- a/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-opensearch-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-opensearch-backend", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark backend plugin for OpenSearch", "license": "Apache-2.0", "publishConfig": { @@ -19,8 +19,8 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@opensearch-project/opensearch": "^2.4.0" }, "devDependencies": { diff --git a/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json b/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json index 3ccadd5d..ef5d20d8 100644 --- a/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json +++ b/Meadowlark-js/backends/meadowlark-postgresql-backend/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-postgresql-backend", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark backend plugin for PostgreSQL", "license": "Apache-2.0", "publishConfig": { @@ -19,9 +19,9 @@ "build:copy-non-ts": "copyfiles -u 1 -e \"**/*.ts\" \"src/**/*\" dist --verbose" }, "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.0", - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-authz-server": "0.4.1-pre.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "pg": "^8.11.3", "pg-format": "^1.0.4", "ramda": "0.29.1" diff --git a/Meadowlark-js/lerna.json b/Meadowlark-js/lerna.json index 3cb27187..bd91b3d1 100644 --- a/Meadowlark-js/lerna.json +++ b/Meadowlark-js/lerna.json @@ -3,7 +3,7 @@ "packages": [ "packages/*" ], - "version": "0.4.0", + "version": "0.4.1-pre.0", "npmClient": "npm", "useWorkspaces": true } diff --git a/Meadowlark-js/package-lock.json b/Meadowlark-js/package-lock.json index f281aeda..4accdf9f 100644 --- a/Meadowlark-js/package-lock.json +++ b/Meadowlark-js/package-lock.json @@ -52,11 +52,11 @@ }, "backends/meadowlark-elasticsearch-backend": { "name": "@edfi/meadowlark-elasticsearch-backend", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@elastic/elasticsearch": "^8.10.0", "@elastic/transport": "^8.3.4" }, @@ -70,12 +70,12 @@ }, "backends/meadowlark-mongodb-backend": { "name": "@edfi/meadowlark-mongodb-backend", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.0", - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-authz-server": "0.4.1-pre.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "async-retry": "^1.3.3", "mongodb": "^5.9.2", "ramda": "0.29.1" @@ -88,11 +88,11 @@ }, "backends/meadowlark-opensearch-backend": { "name": "@edfi/meadowlark-opensearch-backend", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@opensearch-project/opensearch": "^2.4.0" }, "devDependencies": { @@ -105,12 +105,12 @@ }, "backends/meadowlark-postgresql-backend": { "name": "@edfi/meadowlark-postgresql-backend", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.0", - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-authz-server": "0.4.1-pre.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "pg": "^8.11.3", "pg-format": "^1.0.4", "ramda": "0.29.1" @@ -22595,11 +22595,11 @@ }, "packages/meadowlark-authz-server": { "name": "@edfi/meadowlark-authz-server", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "ajv": "^8.12.0", "didyoumean2": "^6.0.1", "dotenv": "^16.3.1", @@ -22649,11 +22649,11 @@ }, "packages/meadowlark-core": { "name": "@edfi/meadowlark-core", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@isaacs/ttlcache": "^1.4.1", "ajv": "^8.12.0", "ajv-formats": "^2.1.1", @@ -22743,7 +22743,7 @@ }, "packages/meadowlark-utilities": { "name": "@edfi/meadowlark-utilities", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { "pino": "^8.15.7", @@ -22790,12 +22790,12 @@ }, "services/meadowlark-fastify": { "name": "@edfi/meadowlark-fastify", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.0", - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-authz-server": "0.4.1-pre.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@fastify/rate-limit": "^6.0.1", "dotenv": "^16.3.1", "fastify": "^3.29.5" @@ -22808,10 +22808,10 @@ }, "tests/e2e": { "name": "@edfi/meadowlark-e2e-tests", - "version": "0.4.0", + "version": "0.4.1-pre.0", "license": "Apache-2.0", "devDependencies": { - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@testcontainers/mongodb": "^10.3.1", "@testcontainers/postgresql": "^10.3.1", "@types/chance": "^1.1.6", diff --git a/Meadowlark-js/packages/meadowlark-authz-server/package.json b/Meadowlark-js/packages/meadowlark-authz-server/package.json index c7119e90..dce307f1 100644 --- a/Meadowlark-js/packages/meadowlark-authz-server/package.json +++ b/Meadowlark-js/packages/meadowlark-authz-server/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-authz-server", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark authorization server", "license": "Apache-2.0", "publishConfig": { @@ -14,7 +14,7 @@ ], "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "ajv": "^8.12.0", "didyoumean2": "^6.0.1", "dotenv": "^16.3.1", diff --git a/Meadowlark-js/packages/meadowlark-core/package.json b/Meadowlark-js/packages/meadowlark-core/package.json index ebe5ad11..f08e6f4e 100644 --- a/Meadowlark-js/packages/meadowlark-core/package.json +++ b/Meadowlark-js/packages/meadowlark-core/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-core", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark core functionality", "license": "Apache-2.0", "publishConfig": { @@ -14,7 +14,7 @@ ], "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@isaacs/ttlcache": "^1.4.1", "ajv": "^8.12.0", "ajv-formats": "^2.1.1", diff --git a/Meadowlark-js/packages/meadowlark-utilities/package.json b/Meadowlark-js/packages/meadowlark-utilities/package.json index 22dc468a..1195fe3f 100644 --- a/Meadowlark-js/packages/meadowlark-utilities/package.json +++ b/Meadowlark-js/packages/meadowlark-utilities/package.json @@ -1,7 +1,7 @@ { "name": "@edfi/meadowlark-utilities", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark shared utilities", "license": "Apache-2.0", "publishConfig": { diff --git a/Meadowlark-js/services/meadowlark-fastify/package.json b/Meadowlark-js/services/meadowlark-fastify/package.json index 4460b059..8e412430 100644 --- a/Meadowlark-js/services/meadowlark-fastify/package.json +++ b/Meadowlark-js/services/meadowlark-fastify/package.json @@ -1,6 +1,6 @@ { "name": "@edfi/meadowlark-fastify", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark service using Fastify", "license": "Apache-2.0", "publishConfig": { @@ -12,9 +12,9 @@ "/package.json" ], "dependencies": { - "@edfi/meadowlark-authz-server": "0.4.0", - "@edfi/meadowlark-core": "0.4.0", - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-authz-server": "0.4.1-pre.0", + "@edfi/meadowlark-core": "0.4.1-pre.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@fastify/rate-limit": "^6.0.1", "dotenv": "^16.3.1", "fastify": "^3.29.5" diff --git a/Meadowlark-js/tests/e2e/package.json b/Meadowlark-js/tests/e2e/package.json index 59db0e51..ee0d2ab7 100644 --- a/Meadowlark-js/tests/e2e/package.json +++ b/Meadowlark-js/tests/e2e/package.json @@ -1,13 +1,13 @@ { "name": "@edfi/meadowlark-e2e-tests", "main": "dist/index.js", - "version": "0.4.0", + "version": "0.4.1-pre.0", "description": "Meadowlark Ed-Fi API end to end tests", "license": "Apache-2.0", "private": true, "files": [], "devDependencies": { - "@edfi/meadowlark-utilities": "0.4.0", + "@edfi/meadowlark-utilities": "0.4.1-pre.0", "@testcontainers/mongodb": "^10.3.1", "@testcontainers/postgresql": "^10.3.1", "@types/chance": "^1.1.6", diff --git a/eng/deploy/azure/README.md b/eng/deploy/azure/README.md index ea4a5f95..0218190a 100644 --- a/eng/deploy/azure/README.md +++ b/eng/deploy/azure/README.md @@ -1,23 +1,32 @@ # Azure Deployment -To deploy to Azure, this can be done thorough Azure Container Instances (ACI) deploying with the [Azure -CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) or with the [Docker Azure -Integration](https://docs.docker.com/cloud/aci-integration/). +To deploy to Azure, this can be done thorough Azure Container Instances (ACI) +deploying with the [Azure +CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) or with the +[Docker Azure Integration](https://docs.docker.com/cloud/aci-integration/). ## Deploy with Azure CLI -For Azure CLI, it's necessary to specify all environment variables in the command line since it is not possible to read a -.env file. Additionally, it is not possible to add all containers into the same container group, it must be one container per -group. +> [!NOTE] +> For Azure CLI, it's necessary to specify all environment variables in the +> command line since it is not possible to read a .env file. Additionally, it is +> not possible to add all containers into the same container group, it must be one +> container per group. + +### Prerequisites ```pwsh # Login to Azure az login +``` + +### Configure backend + +```pwsh $resourceGroup={resource group name} # The combination of DNS labels and azure regions must be globally unique. -$meadowlarkDnsLabel={meadowlark dns} $mongoDnsLabel={mongo dns} $openSearchDnsLabel={opensearch dns} @@ -38,44 +47,96 @@ az container create --resource-group $resourceGroup -n ml-opensearch ` ``` -> > [!NOTE] -> See [Enable Logging](#enable-logging) before setting up meadowlark container if you want to get log information. +> [!NOTE] +> See [Enable Logging](#enable-logging) before setting up meadowlark +> container if you want to get log information. -```pwsh +### Configure Meadowlark +> [!IMPORTANT] +> For security purposes, setup the secrets with Azure Key Vault. +> See [Using Azure Key Vault](#using-azure-key-vault) for notes on how to set +> and read values from the Key Vault. + +```pwsh # Define variables # Replace with signing key -$signingKey="" -$mongoUri='"mongodb://'+$mongoDnsLabel+'.southcentralus.azurecontainer.io:27017/?replicaSet=rs0&directConnection=true"' -$openSearchUrl="http://${openSearchDnsLabel}.southcentralus.azurecontainer.io:9200" +$signingKey="" or read from key vault + +$meadowlarkDnsLabel={meadowlark dns} +$azRegion="southcentralus" +$mongoUri='"mongodb://'+$mongoDnsLabel+'.'+$azRegion+'.azurecontainer.io:27017/?replicaSet=rs0&directConnection=true"' +$openSearchUrl="http://${openSearchDnsLabel}.${azRegion}.azurecontainer.io:9200" $documentStore="@edfi/meadowlark-mongodb-backend" +$authorizationPlugin="@edfi/meadowlark-mongodb-backend" $queryHandler="@edfi/meadowlark-opensearch-backend" $listenerPlugin="@edfi/meadowlark-opensearch-backend" -$authorizationPlugin="@edfi/meadowlark-mongodb-backend" +$port=3000 # Create meadowlark container az container create --resource-group $resourceGroup -n ml-api ` - --image edfialliance/meadowlark-ed-fi-api:pre --ports 3000 ` + --image edfialliance/meadowlark-ed-fi-api:pre --ports $port ` --dns-name-label $meadowlarkDnsLabel ` - --environment-variables OAUTH_SIGNING_KEY=$signingKey `OAUTH_HARD_CODED_CREDENTIALS_ENABLED=true ` + --secure-environment-variables OAUTH_SIGNING_KEY=$signingKey ` + OPENSEARCH_USERNAME=admin OPENSEARCH_PASSWORD=admin ` + --environment-variables OAUTH_HARD_CODED_CREDENTIALS_ENABLED=true ` OWN_OAUTH_CLIENT_ID_FOR_CLIENT_AUTH=meadowlark_verify-only_key_1 ` OWN_OAUTH_CLIENT_SECRET_FOR_CLIENT_AUTH=meadowlark_verify-only_secret_1 ` - OAUTH_SERVER_ENDPOINT_FOR_OWN_TOKEN_REQUEST=http://${meadowlarkDnsLabel}.southcentralus.azurecontainer.io:3000/stg/oauth/token ` - OAUTH_SERVER_ENDPOINT_FOR_TOKEN_VERIFICATION=http://${meadowlarkDnsLabel}.southcentralus.azurecontainer.io:3000/stg/oauth/verify ` - OPENSEARCH_USERNAME=admin OPENSEARCH_PASSWORD=admin OPENSEARCH_ENDPOINT=$openSearchUrl OPENSEARCH_REQUEST_TIMEOUT=10000 ` + OAUTH_SERVER_ENDPOINT_FOR_OWN_TOKEN_REQUEST=http://${meadowlarkDnsLabel}.${azRegion}.azurecontainer.io:${port}/stg/oauth/token ` + OAUTH_SERVER_ENDPOINT_FOR_TOKEN_VERIFICATION=http://${meadowlarkDnsLabel}.${azRegion}.azurecontainer.io:${port}/stg/oauth/verify ` + OPENSEARCH_ENDPOINT=$openSearchUrl OPENSEARCH_REQUEST_TIMEOUT=10000 ` DOCUMENT_STORE_PLUGIN=$documentStore QUERY_HANDLER_PLUGIN=$queryHandler LISTENER1_PLUGIN=$listenerPlugin ` - FASTIFY_RATE_LIMIT=false FASTIFY_PORT=3000 FASTIFY_NUM_THREADS=10 MEADOWLARK_STAGE=stg ` + FASTIFY_RATE_LIMIT=false FASTIFY_PORT=$port FASTIFY_NUM_THREADS=10 MEADOWLARK_STAGE=stg ` LOG_LEVEL=info IS_LOCAL=false AUTHORIZATION_STORE_PLUGIN=$authorizationPlugin ` BEGIN_ALLOWED_SCHOOL_YEAR=2022 END_ALLOWED_SCHOOL_YEAR=2034 ALLOW_TYPE_COERCION=true ` ALLOW__EXT_PROPERTY=true MONGO_URI=$mongoUri ``` +### Using Azure Key Vault + +> [!IMPORTANT] +> It's highly recommended to store secrets and passwords in Azure +> Key Vault and provide to the container with `--secure-environment-variables` + +#### Create a Key Vault + +```pwsh +$vaultName={key vault name} +$resourceGroup={resource group name} +$azureRegion={azure region} + +az keyvault create --name $vaultName ` +--resource-group $resourceGroup --location $azureRegion +``` + +#### Add a Secret + +```pwsh +$generatedKey={} + +az keyvault secret set --vault-name $vaultName ` +--name "SigningKey" --value $generatedKey +``` + +#### Retrieve a Secret + +There are multiple ways to get the secret value, ACI requires the values to be +provided from the start in order for the container to start correctly, +therefore, the value can be retrieved and assigned with the Azure CLI. + +```pwsh +$signingKey=$(az keyvault secret show --name "SigningKey" --vault-name "meadowlarkKeys" --query "value") +``` + ### Enable Logging -To save the logs to a file, for a summarized result, set the flag `SAVE_LOG_TO_FILE` to true, which will create a -`meadowlark.log` file with the logs. +To save the logs to a file, for a summarized result, set the flag +`SAVE_LOG_TO_FILE` to true, which will create a `meadowlark.log` file with the +logs. -For a production deployment, it's recommended to send the logs to _Log Analytics_, with the following steps: +For a production deployment, it's recommended to send the logs to [Log +Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial), +with the following steps: ```pwsh # Create workspace @@ -94,11 +155,13 @@ Copy the `customerId` from the result. Copy the `primarySharedKey` from the result. > [!NOTE] -> This information can be retrieved from the Portal, in Log Analytics Workspaces -> Settings -> Agents. [More +> This information can be retrieved from the Portal, in Log Analytics +> Workspaces -> Settings -> Agents. [More > information](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-log-analytics#get-log-analytics-credentials) -When creating the **meadowlark container**, include the customerId (workspace_id) and the primarySharedKey (workspace_key) as -additional properties with the following flags: +When creating the **meadowlark container**, include the customerId +(workspace_id) and the primarySharedKey (workspace_key) as additional properties +with the following flags: ```pwsh az container create ... ` @@ -120,7 +183,9 @@ curl http://$meadowlarkDnsLabel.southcentralus.azurecontainer.io:3000/stg | Conv This will output the summary of the deployment > [!WARNING] -> Not ready for production usage. This example is using a single mongo node with a simulated replica set and -> bypassing security with a direct connection, also, it's using the OAUTH hardcoded credentials. The current configuration is -> initializing the mongo replica manually, and this is not saved. Therefore, if the container instance is stopped, it's -> necessary to reinitialize the replica set. +> Not ready for production usage. This example is using a single +> mongo node with a simulated replica set and bypassing security with a direct +> connection, also, it's using the OAUTH hardcoded credentials. The current +> configuration is initializing the mongo replica manually, and this is not +> saved. Therefore, if the container instance is stopped, it's necessary to +> reinitialize the replica set.