Installation¶
Platform Installation Instructions¶
This document is for developers / sysadmins who want to install the Rasa platform on premise or on a private cloud.
At a high level, what you need to do is first install Rasa Platform on a server, and then put your own application in a docker container to run alongside it.
Note
Rasa uses docker compose to manage the lifecycle of the containers. The installation script should be used to provision a new server. If you want to run the application alongside other software on an existing server, you should consider installing docker compose manually.
Quickstart¶
- copy the license file to the server
scp rasa_platform.yml example.com:~/rasa_platform.yml
- Download and run the install script on the server:
curl -sSL -o install.sh https://storage.googleapis.com/rasa-releases/stable/install.sh
sudo bash ./install.sh
Replace stable
with a specific version number if you want to install a specific version.
- Start the platform
cd /etc/rasaplatform
sudo docker-compose up -d
- Create a platform user you can use to login
cd /etc/rasaplatform
sudo python rasa_commands.py create admin USER PASSWORD
Detailed Setup¶
Rasa Platform is built as a collection of docker containers. Here we provide suggested hardware for running on a single server.
Hardware & OS Requirements¶
We recommend 8Gb RAM & 2-6 vCPUs for optimal performance. 4Gb RAM is the bare minimum. Your server should also have 100 Gb Disk space available. You will need a server running a modern Linux distribution that can run docker. The following OS’s work with the easy install script below:
- Debian 7.7+
- Ubuntu 14.04 / 15.10 / 16.04
For any other operating systems, please follow the manual installation instructions. As long as docker is available for your operating system, Rasa Platform should run fine.
Firewall¶
Make sure the following ports are open:
Port | Service | Description |
---|---|---|
443 | HTTPS | Web application over HTTPS access. |
80 | HTTP | Web application access. |
22 | SSH | SSH access. |
If you install on Google Cloud this means:
- make sure to check “Allow HTTP traffic” as well as “Allow HTTPS traffic” in the firewall settings of the VM instance.
Prepare the installation¶
Before you can install Rasa Platform, you need to have a license file. We will
send you that file, it is named rasa_platform.yml
. It contains licensing
information as well as configuration parameters.
Make sure to upload the license file to the server, e.g. using
scp rasa_platform.yml HOSTNAME:~/rasa_platform.yml
where HOSTNAME
is the hostname or ip of your server.
Install Docker Compose¶
Rasa uses docker compose to spin up a collection of docker containers that
combined make up the platform. You can either install a specific release,
or use latest
which corresponds to the most recent release (we recommend
pinning a specific version though).
Download the install script and run it. Make sure the current directory contains the license file:
curl -sSL -o install.sh https://storage.googleapis.com/rasa-releases/latest/install.sh
sudo bash ./install.sh
The installation script will install docker compose and ansible. ansible is a popular tool for automation - it will download the docker compose setup as well as prepare the environment for docker to run in.
The platform related files will be installed into /etc/rasaplatform
. This includes
credentials to login to the docker registry under /etc/rasaplatform/gcr_auth.json
.
Note
Although, this is the easiest way to get your server ready to run the platform you can also follow the manual steps which will walk you through a couple more steps but will give you more control over the setup.
Accept the terms and conditions¶
To accept the terms and conditions, run echo "${USER} $(date)" > /etc/rasaplatform/terms/agree.txt
.
You can find the terms here.
Start the application¶
After you have successfully installed the platform you can now start it:
cd /etc/rasaplatform
sudo docker-compose up -d
This will run the platform in the background (due to -d
) and the
application will continue to run even if you log out of the server.
Create a User¶
To login into the platform, you need to create user accounts. At first, it is best to create at least one administrator account. To do so run:
cd /etc/rasaplatform
sudo python rasa_commands.py create admin USER PASSWORD
replacing the USER
and PASSWORD
fields, for
example python rasa_commands.py create admin admin PasswOrd
.
To create non-admin users, just replace admin
with user
:
sudo python rasa_commands.py create user USER PASSWORD
Test Your Login¶
Visit http://HOSTNAME
in a web browser, and log in with the
username & password entered in the previous command.
Installing Updates¶
How about:
curl -sSL -o install.sh https://storage.googleapis.com/rasa-releases/VERSION/install.sh
sudo bash ./install.sh
replacing VERSION
with the version you want to install.
Warning
Be aware, that during the update the following files will be overwritten:
/etc/rasaplatform/docker-compose.yml
/etc/rasaplatform/.env
Make sure there are no changes in these files that you still need. E.g.
instead of directly modifying docker-compose.yml
you should rather
create a new file called docker-compose.override.yml
. Docker will
automatically take that file into account and override any attributes in
docker-compose.yml
with changes from the override file.
Next Steps¶
Now that you have the main pieces of the platform installed, you can go ahead and run the Deploy an Example App.
Manual Installation¶
Make sure
python
,docker
, anddocker compose
are installed on your platform. Detailed instructions can be found in the docker documentation. You should be able to rundocker-compose --version
Create the project directory and switch to it:
mkdir /etc/rasaplatform cd /etc/rasaplatform
Download the platform files (
docker-compose.yml
andrasa_commands.py
) that contain the containers and their setup (replacinglatest
with the version to install):wget -qO docker-compose.yml https://storage.googleapis.com/rasa-releases/latest/docker-compose.yml wget -qO rasa_commands.py https://storage.googleapis.com/rasa-releases/latest/rasa_commands.py
Create the authentication file to download containers from the docker registry. To authenticated with the registry that contains the platform containers, you need to create a file in
/etc/rasaplatform/gcr-auth.json
that contains the JSON of the fielddocker_registry_license
from your license.Make sure to copy everything between the outer
"
of thedocker_registry_license
key to that file. The contents of/etc/rasaplatform/gcr-auth.json
should look like this:{ "type": "service_account", "project_id": "rasa-platform", "private_key_id": "sdferw234qadst423qafdgxhw", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvfwrt423qwadsfghtzw0BAQEFAASCBKgwggSkAgEAAoIBAQCgt338FkWbW13dghtzew4easdf5wAi15jrA9t4uOk8dghrtze4weasfgdhtAFZNfrLgvr2\nPBTu1lAJDLo136ZGTdMKi+/TuRqrIMg/sr8q0Ungish8v6t5Jb4gsjBi9StytCT4\nhWXDL3qeadfsgeDOudl6c3iMzylBws+VffrFfaZWjDpGtxmlYwIUa2e\noNSe7BYLnY9tDrX3zrP/wu/6FPbbGkBjguDG1l3Kx7l1wmiPtK5lIhjt+k7Oyx/u\nd6+gvfs+7RX9wUxnZT/tLggybYdsr8BA1Pqr0hDmhdDl7tjXVTmGLG+1/+lXVGFc\nqKEg+uLXAgMBAAECggEAESzwRK0Cp62LgBjInk+jvTmMI4lYP/XTnfk0TNwyiLxd\nT7mkw/TzkSVRifZ37lBQ6BS6BiqBJherh1N4xI+DF9HUN/wHR93QTyu7p8umlcxC\nlPV0KE4b5ZMfWvRG4y236cRGly9urcBNGoFzFHl8pd2iS5DMqZOYpSXY+qvkXTKE\nUOm5mVSs4S4Qa9cHL+jWXCvY0789fG1GrT+L3Fn+StKacgQuBnN1krYFYBSjCAh8\nsnSdjkvGguw/6OApPHd8HqkHtjU0PD67uU5QIm5N1bmz9KT4s9Pm+WbCinEstIiN\nIfln5ikmHcMAiIS0gzSnZavsY21PsDHBkD8SUO7CTQKBgQDgMPhx0TsB/oVH/SnU\nt3oTME+tfAKI69tozX02jHj6DY/vDpI1hXNmb4oMOos5+3ulborHqnso9za1RgV7\nm2N04QQVfzYEuZzJzXL11SHvBYVjHkXYy6HR5GhnPmwA+CzrDNy2/oYxlaqH7TBA\nR+f7IHToIPKGCVrhCJztlAgzIwKBgQC3hQNclIQ5Iw0gm9Rr8zAP/YoRJdiUSYtv\nNBmav+dTTSkPh51Bomj/J4Rrg8OLvHG5U79pmzbQdIFGYGKlR0l4/QepKpbaGm7x\nM/gRp/GXu9sN8LgI+h+FskCYi4cuqDjQ9L2S0gwMre4witmeVSIiBxLWxS7mvkZX\nWRW58ml2vQKBgBozPuW2SQobn6HhIUFdy+NwMu+YXYd44ORnl2mHkx/N8/NBJa8h\nkHH5OQ3izaCSFkooGAnrj4cjFP6sVzmx2DaxkVOd0UdOFdezreqy5MtVPthtkkYa\nzieEZPsj3WVjm4RAtY6hQjeLQSmve4MXpDHCAkeaih1F/Jvt8MEHGso3AoGBAJez\nTioTYpFQliNkbN2nMw2kyaKPJE6/1JDiAmBXTcMgP1blBWsh86UnZ2DwlI5IAcHu\npoWHlnIOPGaOejyhhuyKTPDbkcNMonSkPuVpbF2/Hb6SQ664A6KizJ7Mh7xbtkuU\nY7igBPHePMzHmkg1m3eBXWNHsBNxKfg+XaVN6zwJAoGBAN6VhGMmyDcn0GqkkP6d\nrSsQ0Ig7L4PnU633oYWoGWa8q/XYiFbcACMFynMbrmHG+/0c3Iwt32bi3th60Cwb\nT66yqmv4MaT72+EfQHxiLxnUxhqSpBXM0eoXbyvDg97Zp/slsYvGGLjONmmretlE\nsjAsuAH4Iz1XdfdenzGnyBZH\n-----END PRIVATE KEY-----\n", "client_email": "company@rasa-platform.iam.gserviceaccount.com", "client_id": "114123456713428149", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://accounts.google.com/o/oauth2/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/company%40rasa-platform.iam.gserviceaccount.com" }
Login to the docker registry
sudo docker login -u _json_key -p "$(cat /etc/rasaplatform/gcr-auth.json)" https://gcr.io
Create the docker environment file in
/etc/rasaplatform/.env
with the following content:RASA_PYPI_PASSWORD=<pypi_repository_password> RASA_PYPI_USER=<pypi_repository_user> RASA_NLU_TOKEN=<random_string> RASA_CORE_TOKEN=<random_string> PASSWORD_SALT=<random_string> TOKEN_SALT=<random_string> MONGO_PASSWORD=<random_string>
Filling in the values of
<pypi_repository_password>
and<pypi_repository_user>
from your license file. For<random_string>
please use secure strings, e.g. randomly generated character sequences.For the token and password salt fields, enter any string of your choice. These will be used to hash passwords. Note that if you change these you will have to create new logins for everyone.
You will also need to set a Rasa NLU and Rasa Core Token. These are needed to ensure only you have access.
Note
Make sure to generate a different unique <random_string> for each field! E.g. running this multiple times:
openssl rand -base64 12
Start up the platform (
-d
will run the platform in the background):sudo docker-compose up -d
SSL Certificates¶
Setting up a Let’s Encrypt SSL Certificate¶
Rasa Platform works very well together with a Let’s Encrypt SSL Certificate.
Requirements:
- notification email address (used by Let’s Encrypt to notify about urgent renewal and security notices)
- domain name for the installation (in this example we use
rasa.example.com
) - you will not be able to set up SSL with a bare IP address without DNS
Note
Changing the systems DNS entries will create downtime.
We will use certbot to generate the certificates. Run these instructions to install the tool on a Ubuntu machine (needs to be adapted for other linux distros):
- SSH into the machine
- run the following commands to install certbot:
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot
certbot
offers multiple ways to obtain a certificate. Let’s pick the
temporary webserver
option since it doesn’t require any additional
configuration. The only prerequisite though is that the Rasa Platform
has to be stopped so that webserver can bind to port 443 properly. To stop
the Platform, run:
$ sudo docker-compose down
Now, run the following to start the interactive process to obtain the SSL certificate:
$ sudo certbot certonly
It’ll first ask you to pick the authentication method:
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Here, pick 1
and press return.
Then, fill in the aforementioned email address:
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): ops@example.com
Then, accept the Terms of Services and decide if you’d like to share your email address with the EFF:
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
In the last step you’re providing your domain name:
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): rasa.example.com
After that finished successfully, you’ll see a message similar to the one below:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/rasa.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/rasa.example.com/privkey.pem
Your cert will expire on 2018-02-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
Your certificate has been generated and is now saved on the machine at
/etc/letsencrypt/live/rasa.example.com/
. Please run the following to copy
them over to the appropriate directory so that the docker container can access
them:
$ sudo cp /etc/letsencrypt/live/rasa.example.com/privkey.pem /etc/rasaplatform/certs/
$ sudo cp /etc/letsencrypt/live/rasa.example.com/fullchain.pem /etc/rasaplatform/certs/
After you have copied these files you can restart the Rasa Platform:
$ sudo docker-compose up -d
Let’s Encrypt certificates are short-lived, this means
they expire after 90 days. This means that you’ll have to renew them
on a regular basis. Thankfully this can be done with certbot
as well.
Run the following commands in order to renew your certificate.
Note
Be aware that the update process will also introduce downtime.
$ sudo docker-compose down
$ sudo certbot renew
$ sudo docker-compose up -d
In general: These certificate renewals should be automated with a cron job.
Python package installation¶
The enterprise version of the python Rasa packages are hosted on a private
pypi server (instead of the publicly available instance that pip install
uses by default).
To access these dependencies when developing an application locally or when building containers in a CI environment you need to
- create an account to access the private packages
- add your credentials before trying to pull packages with
pip install
Access to private Rasa pip repository¶
Your license file (rasa_platform.yml
) contains authentication
credentials for the private python package registry of Rasa.
Your default credentials are contained in the fields
pypi_repository_password
and pypi_repository_user
in your license file.
Optionally, you can register additional accounts,
if you need them, at https://pypi.rasa.ai/login .
Choose a username and submit your account for approval by clicking Register
.
After you completed your account registration, please use your support email address to inform us of your account creation so we can validate your additional accounts.
Setting up pip authentication¶
You can manually enter your credentials and pip
will ask for the
credentials, e.g.
> pip install -i https://pypi.rasa.ai/simple/ rasa-extensions
Collecting rasa-extensions
User for pypi.rasa.ai: test
Password:
To automate this, you can add your credentials to your ~/.pypirc
:
# ~/.pypirc
[distutils]
index-servers =
pypi
rasa
[pypi] # https://www.python.org/pypi
username:
password:
[rasa]
repository: https://pypi.rasa.ai/simple/
username: USERNAME
password: PASSWORD
Replacing USERNAME
and PASSWORD
with your authentication credentials.