Canvas Deployment

From CMU ITSC Network

Diagram

Canvas.cm.edu.png

domain : canvas.cm.edu
rce domain : rce-canvas.cm.edu
nginx load balancer
- ip : 10.110.60.55
share file ip : 10.110.60.239
- server ubuntu 18.04 with docker, cpu 4, ram 8
- ip : 10.110.60.239
postgres :
- server : ubuntu 18.04 with docker, cpu 4, ram 8
- ip :10.110.60.209
canvas-lms
- server : ubuntu 16.04 cpu 8, ram 8
- ip : 10.110.60.215

nfs share file configuration

on file share server

  • install nfs
$ sudo apt-get install -y nfs-kernel-server
  • create directory for file sharing
$ mkdir -p /home/cnoc/share
$ sudo mkdir -p /export/cnoc
$ sudo chown cnoc:cnoc /export/cnoc
  • bind mount filesystem edit file /etc/fstab
$ sudo vim /etc/fstab

add line end of file like

UUID=702da501-ff9a-11e9-a6a6-506b8dc215cd / ext4 defaults 0 0
UUID=702da500-ff9a-11e9-a6a6-506b8dc215cd /boot ext4 defaults 0 0
/swap.img       none    swap    sw      0       0
/home/cnoc/share /export/cnoc none bind 0 0

mount filesystem

$ sudo mount -a
  • export fs configuration
$ sudo vim /etc/exports

add line end of file like this allow canvas lms use nfs exports if add canvas-lms server you have to add new server ip address here

/export/cnoc 10.110.60.215(rw,sync,no_root_squash,no_subtree_check)
/export/cnoc 10.110.60.144(rw,sync,no_root_squash,no_subtree_check)

restart nfs service

$ sudo service nfs-kernel-server restart

postgres database deployment

on postgres server

  • create dokcer-compose.yml for deploy postgres database
$ mkdir postgres
$ cd postgres
$ vim docker-compose.yml

add line in docker-compose.yml like

version: '3'
services:
        pg:
                image: postgres:12.3
                container_name: postgres
                restart: always
                environment:
                        POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
                        POSTGRES_DB: ${POSTGRES_DB}
                volumes:
                        - ./data:/var/lib/postgresql/data
                ports:
                        - 5432:5432
        adminer:
                image: adminer
                restart: always
                ports:
                        - 8080:8080
  • create .env file for environment variables use in container
$ vim .env

add line in .env file like

POSTGRES_PASSWORD=<your password>
POSTGRES_DB=canvas
  • deploy postgres
$ docker-compose up -d


redis cache deployment

on file share server

  • create docker-compose.yml for deploy redis
$ mkdir redis
$ cd redis
$ vim docker-compose.yml

add line in docker-compose.yml like

version: '3'
services:
        redis:
                container_name: redis
                image: redis:6.0.4
                ports:
                        - 6379:6379
                restart: always
  • deploy redis
$ docker-compose up -d

canvas rce api deployment

on file share server

  • create docker-compose.yml for deployment
$ mkdir canvas-rce-api
$ cd redis
$ vim docker-compose.yml

add line in docker-compose.yml like

version: '3'
services:
        canvas-rce-api:
                container_name: canvas-rce-api
                image: instructure/canvas-rce-api
                ports:
                        - 80:80
                environment:
                        ECOSYSTEM_KEY: ${ECOSYSTEM_KEY}
                        ECOSYSTEM_SECRET: ${ECOSYSTEM_SECRET}
                        NODE_ENV: production
                        STATSD_HOST: statsd
                        STATSD_PORT: 1825
                restart: always
                extra_hosts:
                        - "canvas.cm.edu:10.110.60.55"
        statsd:
                container_name: statsd
                image: statsd/statsd
                restart: always
  • create .env file for environment variables use in container
$ vim .env

add line in .env like

ECOSYSTEM_KEY="astringthatisactually32byteslong"
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
  • deploy canvas rce api
$ docker-compose up -d

canvas lms build and deployment

on canvas lms server

  • mount nfs file share edit file /etc/fstab
$ sudo apt-get install -y nfs-common
$ sudo vim /etc/fstab

add line end of file like

10.110.60.239:/export/cnoc /home/cnoc/share nfs auto,noatime,nolock,bg,nfsvers=4,intr,tcp,actimeo=1800 0 0

create mount point

$ mkdir /home/cnoc/share

mount nfs file share

$ sudo mount -a
  • clone canvas source code
$ git clone https://github.com/instructure/canvas-lms.git canvas
$ cd canvas
$ git checkout stable
  • install ruby
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:brightbox/ruby-ng
$ sudo apt-get update
$ sudo apt-get install ruby2.4 ruby2.4-dev zlib1g-dev libxml2-dev \
                       libsqlite3-dev libpq-dev \
                       libxmlsec1-dev curl make g++
  • install node.js
$ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
$ sudo apt-get install nodejs
  • install Bundler
$ sudo gem install bundler --version 1.13.6
$ bundle _1.13.6_ install --path vendor/bundle
  • install Yarn
$ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
$ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
$ sudo apt-get update && sudo apt-get install yarn=1.10.1-1

$ yarn install
  • copy configuration file
$ for config in amazon_s3 database \
  delayed_jobs domain file_store outgoing_mail security external_migration; \
  do cp config/$config.yml.example config/$config.yml; done
  • Dynamic settings configuration
$ cp config/dynamic_settings.yml.example config/dynamic_settings.yml
$ vim config/dynamic_settings.yml

add configuration on top of file

production:
  config:
    canvas:
      canvas:
        encryption-secret: "your secret on rce .env file"
        signing-secret: "your secret on rce .env file"
      rich-content-service:
        app-host: "rce-canvas.cm.edu"
  • Database configuration
$ cp config/database.yml.example config/database.yml
$ vim config/database.yml

edit production block reflect your Postgres server

production:
  adapter: postgresql
  encoding: utf8
  database: canvas
  host: 10.110.60.209
  username: postgres
  password: <youre password on postgres .env file>
  timeout: 5000
  • Outgoing mail configuration
$ cp config/outgoing_mail.yml.example config/outgoing_mail.yml
$ vim config/outgoing_mail.yml

edit production block, please tell your canvas-lms server's ip address to mail administrator to allow canvas-lms send mail

production:
  address: "202.28.249.12"
  port: "25"
#  user_name: "user"
#  password: "password"
#  authentication: "plain" # plain, login, or cram_md5
  domain: "cmu.ac.th"
  outgoing_address: "no-reply-canvas-cm-edu@cmu.ac.th"
  default_name: "CM EDU Canvas"


  • URL configuration
$ cp config/domain.yml.example config/domain.yml
$ vim config/domain.yml

edit production block

production:
  domain: "canvas.cm.edu"
  # whether this instance of canvas is served over ssl (https) or not
  # defaults to true for production, false for test/development
  ssl: true
  # files_domain: "canvasfiles.example.com"
  • Security configuration
$ cp config/security.yml.example config/security.yml
$ vim config/security.yml

edit production block

production: &default
  # replace this with a random string of at least 20 characters
  encryption_key: qwertyuiopasdfghjklzxcvbnm
  lti_iss: 'https://canvas.instructure.com'
  • Generate Assets
$ mkdir /home/cnoc/share/tmp
$ ln -s /home/cnoc/share/tmp tmp
$ mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands
$ touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss
$ touch Gemfile.lock
$ touch log/production.log
$ sudo chown -R cnoc config/environment.rb log tmp public/assets \
                              app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
                              app/stylesheets/brandable_css_brands Gemfile.lock config.ru

$ yarn install
$ RAILS_ENV=production bundle exec rake canvas:compile_assets


  • Database population
$ RAILS_ENV=production bundle exec rake db:initial_setup


  • install apache
$ sudo apt-get install passenger libapache2-mod-passenger apache2
$ sudo a2enmod rewrite
  • Configure Passenger with Apache
$ sudo a2enmod passenger
  • Configure SSL with Apache
$ sudo a2enmod ssl
  • Configure Canvas with Apache
$ sudo a2dissite 000-default.conf
$ sudo vim /etc/apache2/sites-available/canvas.conf

in canvas.conf add

<VirtualHost *:443>
  ServerName canvas.cm.edu
  ServerAdmin supawit.w@cmu.ac.th
  DocumentRoot /home/cnoc/canvas/public
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
  SSLEngine on
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  # the following ssl certificate files are generated for you from the ssl-cert package.
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  SetEnv RAILS_ENV production
  <Directory /home/cnoc/canvas/public>
    Options All
    AllowOverride All
    Require all granted
  </Directory>
  PassengerDefaultUser cnoc
  XSendFile On
  XSendFilePath /home/cnoc/canvas
</VirtualHost>

enable canvas site

$ sudo a2ensite canvas
  • Optimizing File Downloads
$ sudo apt-get install libapache2-mod-xsendfile
  • Cache configuration
$ cp config/cache_store.yml.example config/cache_store.yml
$ vim config/cache_store.yml

add end of file

production:
  cache_store: redis_cache_store

copy redis configuration file

$ cp config/redis.yml.example config/redis.yml
$ vim config/redis.yml

edit production block

production:
   servers:
#   # list of redis servers to use in the ring
   - redis://10.110.60.239
  • restart apache
$ sudo service apache2 restart

Automated jobs

$ sudo ln -s /home/cnoc/canvas/script/canvas_init /etc/init.d/canvas_init
$ sudo update-rc.d canvas_init defaults
$ sudo /etc/init.d/canvas_init start

nginx configuration

on nginx server

add file configuration for canvas.cm.edu site

$ sudo vim /etc/nginx/sites-available/canvas.cm.edu.conf

add configuration

upstream canvas.cm.edu {
        server 10.110.60.215:443;
}
server {
        listen 80;
        server_name canvas.cm.edu;
        client_max_body_size 1G;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass https://canvas.cm.edu;
        }
}

enable site

$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/canvas.cm.edu.conf && cd
$ sudo nginx -t && sudo service nginx reload

enable https for site

$ sudo certbot --nginx

then select canvas.cm.edu site

add file configuration for rce-canvas.cm.edu site

$ sudo vim /etc/nginx/sites-available/rce-canvas.cm.edu.conf

add configuration

upstream rce-canvas.cm.edu {
        server 10.110.60.239:80;
}
server {
        listen 80;
        server_name rce-canvas.cm.edu;
        client_max_body_size 1G;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://rce-canvas.cm.edu;
        }
}

enable site

$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/rce-canvas.cm.edu.conf && cd
$ sudo nginx -t && sudo service nginx reload

enable https for site

$ sudo certbot --nginx

then select rce-canvas.cm.edu site

Reference

https://github.com/instructure/canvas-lms/wiki/Production-Start