Deployment¶
Prism/Lente allows for various deployment strategies, and some diagrams are shown here.
Lente deployment depends on your dashboarding and Prism station management strategy. A Lente station can manage Prism stations directly below it, in the connection hierarchy.
A deployment plan should be discussed with a Sistemi support engineer.
Ubuntu File System and Users¶
Install Ubuntu onto the computers and enable file system encryption
Note that enabling encryption will require a password to be entered for the computer to boot up. Consider this for remote sites.
Alternatively the home directory of the Prism/Lente account could be encrypted, which is where the Prism/Lente files will be hosted. The benefit of this approach is a password is not required to boot the computer. And the Prism/Lente files are still protected.
Set up at least two user accounts
Operator account,
should have very limited access
able to run Chrome
Prism/Lente setup account
hosts the Prism/Lente files
Installing Prism/Lente Stations¶
For Prism/Lente stations, follow the Full “Demo” instructions, but note the following changes,
Prism
install “full” per Prism Full Install
git clone your “scripts” repo instead of the demo repo
modify public/settings.json to suite the deployment
see settings.json details below
use the Prism helper script at public/prism.sh to start Prism,
in order for Prism to run every time the computer is turned on use option restart=always
Lente
install “full” per Lente Full Install HOWEVER, change the git source to be your repo.
Use Lente Station management to push your repo to downstream Prism (and/or Lente) computers.
use the helper script public/lente.sh and option restart=always so that Lente will automatically start on every computer boot up.
Settings.JSON File¶
Each Lente/Prism computer will have its own (local) settings file.
When setting up a new Prism/Lente instance, this file must be manually edited or copied from a reference source to reflect this instances configuration.
In practice, most Prism computers can use the same file, and therefore the file should be stored in a separate place and used as a source when new Prism computers are added to the deployment.
This file is NOT propagated within the deployment by Lente.
This file contains passwords in plain text so it should be handled appropriately.
// This file is NOT propagated by Lente to Prism stations.
// For each Prism/Lente install, this file should be modified as required.
// See https://sistemicorp.github.io/scripts/build/html/_deployment.html#settings-json-file
{
// turn on demo mode. Creates test user accounts, ...
// remove line, or set to false to disable demo mode
"demo": true,
// On startup optionally specify to load a traveller
//"load_traveller": "public/traveller/traveller_TZ6T.pdf",
//"load_user": "operator@here.com",
// Result JSON file encryption
// - a valid license file is required to encrypt results
// - passwrd must be |<- 16 long ->|
"result_encrypt_pw": "mysecretkey01234",
"result_encrypt": false,
// By default results that are sent to Lente are backed up
// locally, to disable this backup uncomment
//"result_bkup_dir": null,
// Result JSON files be backed up as encrypted, <true|false>,
// If the results were not encrypted by Prism, they won't be ecrypted by Lente
"results_bkup_encrypted": false,
// Use https secure transport, requires public/cert/key.pem files
// For Lente & Prism stations, all must be configured the same
"use_https": false,
// Prism/Lente internal connection password
"prism_lente_pw": "mysecret1",
// Manifest (enable/disable) checking
// Validates "public/prism" contents (sent by Lente)
// create manifest.exclude to list file exclusions
"manifest_check": false,
// password for scripts package sent from Lente to Lente/Prism
"manifest_pw": "mysecret2",
// network interface to use, used by VPNs
//"net_iface": "tun0",
// Send log files on startup for diagnostic purposes
"send_logs_on_startup": false,
// Health checks
// Levels: Warn, Error, Critical (case insensitive)
// "Warn" and "Error" only appear in the notification log
// "Critical" additionally prevents new test sessions from starting
// First rule that matches for each health check is reported
"health_checks": {
"disk_space": {
"enable": true,
"rules": [
// free format: <value> [MB|GB|%]
{"free": "10%", "level": "Critical"},
{"free": "100 MB", "level": "Error"},
{"free": "200 MB", "level": "Warn"}
]
}
},
// OPCUA Configuration
"opcua_server": {
"enable": false,
"security_policies":[
"NoSecurity",
"Basic256Sha256_Sign",
"Basic256Sha256_SignAndEncrypt"
],
"certificates": {
"enable": false,
// "path": "public",
// "certificate_file": "cert.pem",
// "private_key_file": "key.pem",
}
},
// ------------------------------------------------------------------
// Below are only used by Lente and can be removed for Prism stations
// Lente/Lente internal connection password
"lente_lente_pw": "mysecret3",
// Enter IP Address:port, example "http://35.123.432.190:6595"
// Use null to disable upstream sending.
"result_server_url": null,
// This Lente computer is pyramid root and creates manifest
"root_authority": true,
// automatically sync Prism clients scripts
"auto_sync_scripts": true,
"postgres": {
// resultbasekeysv1 is the name of the dB and cannot be changed
"resultbasekeysv1": {
// !! Change "pw" to a real password for a real deployment,
// !! This user/pw must match your postgres deployment too,
"user": "postgres",
"pw": "qwerty",
// ip address of the postgres database, use `127.0.0.1` if locahost
"ip": "127.0.0.1"
}
}
}
For Prism stations, a number of items can be removed per the comments, which will make the file smaller and easier to manage.
see HTTPS for creating necessary files if using HTTPS feature
As noted in the comments of the settings file, this file is NOT deployed as part of the scripts synchronization that Lente does through station management. The settings file is to be configured for each computer (Lente or Prism) in the deployment.
Prism/Lente Docker Images¶
On computers that are deployed, you will want the Docker images to run (and restart) every time the computer boots up.
The helper scripts to start Prism/Lente (see Helpers), have a restart=always option that should be used. Once that is done, Prism/Lente will forever startup.
Health Checks¶
When enabled/specified in settings.json (see example above) Prism will perform health checks on boot up and when the test configuration changes. Based on the health check item severity the system will indicate the status in the GUI. When the failure severity is Critical Prism will not allow testing to begin.