The system is currently deployed on the SCD cloud. In theory it can be deployed on any cloud infrastructure but it will require changes before this will work.
It is not yet a production-grade, HA system.
There are several prerequisites steps required before deployment can begin. Please read them here.
If this is the first run of terraform/tofu, initialize the terraform directory:
> cd infra/ansible/terraform
> tofu initChoose the environment you are configuring for, dev or qa, and create a workspace:
> tofu workspace create <dev|qa>
> tofu workspace select <dev|qa>Now provision the resources:
> tofu plan -var-file <tfvars-file> -var cloud_name=<name-in-clouds-yaml>
> tofu apply -var-file <tfvars-file> -var cloud_name=<name-in-clouds-yaml>Move the newly generated inventory .ini file to infra/ansible/inventories/<dev|qa>.
The nodes are on a private network with the floating IP attached to the Traefik node.
ssh access to nodes other than Traefik requires a proxy command - the inventory is
configured for Ansible to understand this so no further configuration is required for
running Ansible. To be able to access the nodes via interactive ssh add the following
to $HOME/.ssh/config:
Host jumphost-lakehouse-qa
User ubuntu
HostName 130.246.214.124
Host 192.168.43.*
ProxyJump jumphost-lakehouse
StrictHostKeyChecking accept-new
Host jumphost-lakehouse-dev
User ubuntu
HostName 130.246.212.128
Host 192.168.44.*
ProxyJump jumphost-lakehouse-dev
StrictHostKeyChecking accept-new
See Vault access for retrieving a Vault token
and store it in a file infra/ansible/.vault_token. This file is ignored by git.
Deploy the services using Ansible.
> cd infra/ansible
> NO_PROXY="*" VAULT_ADDR=https://secrets.isis.rl.ac.uk VAULT_TOKEN=$(cat .vault_token) ansible-playbook -i inventories/<dev|qa>/inventory.ini site.yml [-e lakekeeper_admin_user=<admin_email>]The variable lakekeeper_admin_user is required the first time the playbooks are run. Further runs will add additional users
as Lakekeeper admins.
Once deployed the services are available at:
| Service | URL |
|---|---|
| Keycloak | https://analytics.isis.cclrc.ac.uk/auth |
| Lakekeeper UI | https://analytics.isis.cclrc.ac.uk/iceberg/ui |
| Superset (accelerator) | https://analytics.isis.cclrc.ac.uk/workspace/accelerator |
| Superset (experiment_ops) | https://analytics.isis.cclrc.ac.uk/workspace/experiment_ops |
See certificates for details on certificate management.