Skip to content

1.2 Deployment: SAP Cloud Foundry Deployment

Jump to bottom
Paul Aschmann edited this page Jan 21, 2022 · 8 revisions

Overview

ASC can be run on any cloud platform pending the requirements of Node.js and Postgres are met. At SAP we run ASC on SAP Cloud Platform using Cloud Foundry and include manifest file in the repo describing this deployment option. The benefits of running on SCP include security, user provisioning and database backups - none of which are included in the local deployment option.

Step 1: Cloud Foundry Deployment Requirements

Install the Cloud Foundry CLI

Step 2: Clone Repo

Download or clone this repo

Step 2: Login to Cloud Foundry

Login to CF Environment and from the downloaded/cloned application directory:

cf login -a API_URL -u USERNAME -p PASSWORD -o ORG -s SPACE

Step 3: Create CF Services

  • Note: You will need to edit the xs-security.json file with the appropriate redirect-uris, but may only know these after step 4.
cf create-service xsuaa application asc_uaa -c security/xs-security.json 
NB: xsuaa_t for test account

cf create-service postgresql v9.6-xxsmall asc_db (No longer supported on BTP)

cf create-service postgresql-db standard asc_db  -t "postgresql"

NB: asc_db_t for test account
cf create-service application-logs lite asc_al
NB: asc_al_t for test account

cf create-service fs-storage lite asc_storage
NB: asc_storage_t for test account

Step 4: Initial Deployment

Next, we need to push the applications to the server. Technically the applications will not work because the DB does not have the schema or any data yet, however it is a prerequisite to do an initial deployment so that we can use the router to connect to the database. Edit the manifest_template.yml file to update the corresponding URL's for your deployment.

cf push -f manifest_template.yml

The output of cf push should provide a URL for the router component, since this is the central entry point for the app, its the one we need to take note of.

Step 5: Setup the DB

In order to connect to the Postgres DB once it is created, you need to create a service key and enable SSH. This allows you to create the schema or setup/import/export data from the DB.

cf create-service-key asc_db asc_access_key
cf service-key asc_db asc_access_key
cf enable-ssh asc_router

Important: Take note of the hostname, username, password and port. We will then create a SSH session between our local machine and service to setup and create the DB objects.

Notes: - This session will need to stay open while you need access to the DB from your local machine. - The command below will need to be run each time you need access from your local machine. - If you have multiple instances (dev, test, prod) of ASC running, you would need to specify a different port number for each instance (replace 63306 with 63307 etc...) - To close the SSH tunnel, type exit

cf ssh -L 63306:<IP Address of Database>:5432 asc_router

You should now be able to connect to your Postgres DB using a connection string from the psql command line or a UI based tool like Datagrip.

psql "dbname=dbname host=localhost user=username password=password port=63306"

You can now create the DB using the scripts found in resources/asc.sql

Once the DB creation scripts have been run, you will need to restart the server component, in the event the start of the application is successful, the logs shown in Cloud Foundry of the asc_server component should show "DB Connected"

The application should be using the asc_router URL.

Step 6: Configure Permissions on SAP Cloud Platform

  1. Go to the SAP Cloud Platform cockpit -> -> Subaccount -> Security -> Role Collections, and create 3 role collections: ASC_Admin, ASC_ViewOnly and ASC_AppOwner. Select each of the newly created Role Collections and add their corresponding Role Template.

  2. In the SAP Cloud Platform cockpit, choose -> Subaccount -> Security -> Trust configuration -> SAP ID Service, and then enter your e-mail address in the "User" field. While "Show Assignments" displays no data, add the needed role using the "Add Assignment" button.

Step 7: Optional - Configure a custom domain for your application

If you would like to use a custom domain for your website on Cloud Foundry, follow these steps: https://help.sap.com/viewer/74af813c7ee2457cb5eddca0cc70a0c1/Cloud/en-US/2ab0040222ce4c018dfe798be13be379.html mapping the domain name to the asc_router application is this is the entry point for all requests.

If you are using the UAA service for authentication, ensure that your custom domain is listed in the security/xs-security.json file under the oauth2-configuration -> redirect-uris

You can check the domains available in the account using cf domains and which applications they are linked to using cf routes

Clone this wiki locally