Warning: This document is for an old version of Rasa Platform. The latest version is 0.18.0.

Installation

Platform Installation Instructions

This document is for developers / sysadmins who want to install the Rasa platform on premise or on a private cloud.

At a high level, what you need to do is first install Rasa Platform on a server, and then put your own application in a docker container to run alongside it.

Note

Rasa uses docker compose to manage the lifecycle of the containers. The installation script should be used to provision a new server. If you want to run the application alongside other software on an existing server, you should consider installing docker compose manually.

Quickstart

  1. copy the license file to the server
scp rasa_platform.yml example.com:~/rasa_platform.yml
  1. Download and run the install script on the server:
curl -sSL -o install.sh https://storage.googleapis.com/rasa-releases/stable/install.sh
sudo bash ./install.sh

Replace stable with a specific version number if you want to install a specific version.

  1. Start the platform
cd /etc/rasaplatform
sudo docker-compose up -d
  1. Create a platform user you can use to login
cd /etc/rasaplatform
sudo python rasa_commands.py create admin USER PASSWORD

Detailed Setup

Rasa Platform is built as a collection of docker containers. Here we provide suggested hardware for running on a single server.

Hardware & OS Requirements

We recommend 8Gb RAM & 2-6 vCPUs for optimal performance. 4Gb RAM is the bare minimum. Your server should also have 100 Gb Disk space available. You will need a server running a modern Linux distribution that can run docker. The following OS’s work with the easy install script below:

  • Debian 7.7+
  • Ubuntu 14.04 / 15.10 / 16.04

For any other operating systems, please follow the manual installation instructions. As long as docker is available for your operating system, Rasa Platform should run fine.

Firewall

Make sure the following ports are open:

Port Service Description
443 HTTPS Web application over HTTPS access.
80 HTTP Web application access.
22 SSH SSH access.

If you install on Google Cloud this means:

  • make sure to check “Allow HTTP traffic” as well as “Allow HTTPS traffic” in the firewall settings of the VM instance.

Prepare the installation

Before you can install Rasa Platform, you need to have a license file. We will send you that file, it is named rasa_platform.yml. It contains licensing information as well as configuration parameters.

Make sure to upload the license file to the server, e.g. using

scp rasa_platform.yml HOSTNAME:~/rasa_platform.yml

where HOSTNAME is the hostname or ip of your server.

Install Docker Compose

Rasa uses docker compose to spin up a collection of docker containers that combined make up the platform. You can either install a specific release, or use latest which corresponds to the most recent release (we recommend pinning a specific version though).

Download the install script and run it. Make sure the current directory contains the license file:

curl -sSL -o install.sh https://storage.googleapis.com/rasa-releases/latest/install.sh
sudo bash ./install.sh

The installation script will install docker compose and ansible. ansible is a popular tool for automation - it will download the docker compose setup as well as prepare the environment for docker to run in.

The platform related files will be installed into /etc/rasaplatform. This includes credentials to login to the docker registry under /etc/rasaplatform/gcr_auth.json.

Note

Although, this is the easiest way to get your server ready to run the platform you can also follow the manual steps which will walk you through a couple more steps but will give you more control over the setup.

Accept the terms and conditions

To accept the terms and conditions, run echo "${USER} $(date)" > /etc/rasaplatform/terms/agree.txt. You can find the terms here.

Start the application

After you have successfully installed the platform you can now start it:

cd /etc/rasaplatform
sudo docker-compose up -d

This will run the platform in the background (due to -d) and the application will continue to run even if you log out of the server.

Create a User

To login into the platform, you need to create user accounts. At first, it is best to create at least one administrator account. To do so run:

cd /etc/rasaplatform
sudo python rasa_commands.py create admin USER PASSWORD

replacing the USER and PASSWORD fields, for example python rasa_commands.py create admin admin PasswOrd.

To create non-admin users, just replace admin with user:

sudo python rasa_commands.py create user USER PASSWORD

Test Your Login

Visit http://HOSTNAME in a web browser, and log in with the username & password entered in the previous command.

Installing Updates

How about:

curl -sSL -o install.sh https://storage.googleapis.com/rasa-releases/VERSION/install.sh
sudo bash ./install.sh

replacing VERSION with the version you want to install.

Warning

Be aware, that during the update the following files will be overwritten:

  • /etc/rasaplatform/docker-compose.yml
  • /etc/rasaplatform/.env

Make sure there are no changes in these files that you still need. E.g. instead of directly modifying docker-compose.yml you should rather create a new file called docker-compose.override.yml. Docker will automatically take that file into account and override any attributes in docker-compose.yml with changes from the override file.

Next Steps

Now that you have the main pieces of the platform installed, you can go ahead and run the Deploy an Example App.

Manual Installation

  1. Make sure python, docker, and docker compose are installed on your platform. Detailed instructions can be found in the docker documentation. You should be able to run

    docker-compose --version

  2. Create the project directory and switch to it:

    mkdir /etc/rasaplatform
cd /etc/rasaplatform

  3. Download the platform files (docker-compose.yml and rasa_commands.py) that contain the containers and their setup (replacing latest with the version to install):

    wget -qO docker-compose.yml https://storage.googleapis.com/rasa-releases/latest/docker-compose.yml
wget -qO rasa_commands.py https://storage.googleapis.com/rasa-releases/latest/rasa_commands.py

  4. Create the authentication file to download containers from the docker registry. To authenticated with the registry that contains the platform containers, you need to create a file in /etc/rasaplatform/gcr-auth.json that contains the JSON of the field docker_registry_license from your license.

    Make sure to copy everything between the outer " of the docker_registry_license key to that file. The contents of /etc/rasaplatform/gcr-auth.json should look like this:

    {
  "type": "service_account",
  "project_id": "rasa-platform",
  "private_key_id": "sdferw234qadst423qafdgxhw",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvfwrt423qwadsfghtzw0BAQEFAASCBKgwggSkAgEAAoIBAQCgt338FkWbW13dghtzew4easdf5wAi15jrA9t4uOk8dghrtze4weasfgdhtAFZNfrLgvr2\nPBTu1lAJDLo136ZGTdMKi+/TuRqrIMg/sr8q0Ungish8v6t5Jb4gsjBi9StytCT4\nhWXDL3qeadfsgeDOudl6c3iMzylBws+VffrFfaZWjDpGtxmlYwIUa2e\noNSe7BYLnY9tDrX3zrP/wu/6FPbbGkBjguDG1l3Kx7l1wmiPtK5lIhjt+k7Oyx/u\nd6+gvfs+7RX9wUxnZT/tLggybYdsr8BA1Pqr0hDmhdDl7tjXVTmGLG+1/+lXVGFc\nqKEg+uLXAgMBAAECggEAESzwRK0Cp62LgBjInk+jvTmMI4lYP/XTnfk0TNwyiLxd\nT7mkw/TzkSVRifZ37lBQ6BS6BiqBJherh1N4xI+DF9HUN/wHR93QTyu7p8umlcxC\nlPV0KE4b5ZMfWvRG4y236cRGly9urcBNGoFzFHl8pd2iS5DMqZOYpSXY+qvkXTKE\nUOm5mVSs4S4Qa9cHL+jWXCvY0789fG1GrT+L3Fn+StKacgQuBnN1krYFYBSjCAh8\nsnSdjkvGguw/6OApPHd8HqkHtjU0PD67uU5QIm5N1bmz9KT4s9Pm+WbCinEstIiN\nIfln5ikmHcMAiIS0gzSnZavsY21PsDHBkD8SUO7CTQKBgQDgMPhx0TsB/oVH/SnU\nt3oTME+tfAKI69tozX02jHj6DY/vDpI1hXNmb4oMOos5+3ulborHqnso9za1RgV7\nm2N04QQVfzYEuZzJzXL11SHvBYVjHkXYy6HR5GhnPmwA+CzrDNy2/oYxlaqH7TBA\nR+f7IHToIPKGCVrhCJztlAgzIwKBgQC3hQNclIQ5Iw0gm9Rr8zAP/YoRJdiUSYtv\nNBmav+dTTSkPh51Bomj/J4Rrg8OLvHG5U79pmzbQdIFGYGKlR0l4/QepKpbaGm7x\nM/gRp/GXu9sN8LgI+h+FskCYi4cuqDjQ9L2S0gwMre4witmeVSIiBxLWxS7mvkZX\nWRW58ml2vQKBgBozPuW2SQobn6HhIUFdy+NwMu+YXYd44ORnl2mHkx/N8/NBJa8h\nkHH5OQ3izaCSFkooGAnrj4cjFP6sVzmx2DaxkVOd0UdOFdezreqy5MtVPthtkkYa\nzieEZPsj3WVjm4RAtY6hQjeLQSmve4MXpDHCAkeaih1F/Jvt8MEHGso3AoGBAJez\nTioTYpFQliNkbN2nMw2kyaKPJE6/1JDiAmBXTcMgP1blBWsh86UnZ2DwlI5IAcHu\npoWHlnIOPGaOejyhhuyKTPDbkcNMonSkPuVpbF2/Hb6SQ664A6KizJ7Mh7xbtkuU\nY7igBPHePMzHmkg1m3eBXWNHsBNxKfg+XaVN6zwJAoGBAN6VhGMmyDcn0GqkkP6d\nrSsQ0Ig7L4PnU633oYWoGWa8q/XYiFbcACMFynMbrmHG+/0c3Iwt32bi3th60Cwb\nT66yqmv4MaT72+EfQHxiLxnUxhqSpBXM0eoXbyvDg97Zp/slsYvGGLjONmmretlE\nsjAsuAH4Iz1XdfdenzGnyBZH\n-----END PRIVATE KEY-----\n",
  "client_email": "company@rasa-platform.iam.gserviceaccount.com",
  "client_id": "114123456713428149",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/company%40rasa-platform.iam.gserviceaccount.com"
}

  5. Login to the docker registry

    sudo docker login  -u _json_key -p "$(cat /etc/rasaplatform/gcr-auth.json)" https://gcr.io

  6. Create the docker environment file in /etc/rasaplatform/.env with the following content:

    RASA_NLU_TOKEN=<random_string>
RASA_CORE_TOKEN=<random_string>
RASA_PLATFORM_TOKEN=<random_string>
PASSWORD_SALT=<random_string>
TOKEN_SALT=<random_string>
MONGO_PASSWORD=<random_string>

    Filling in the values of <pypi_repository_password> and <pypi_repository_user> from your license file. For <random_string> please use secure strings, e.g. randomly generated character sequences.

    For the token and password salt fields, enter any string of your choice. These will be used to hash passwords. Note that if you change these you will have to create new logins for everyone.

    You will also need to set a Rasa NLU and Rasa Core Token. These are needed to ensure only you have access.

    Note

    Make sure to generate a different unique <random_string> for each field! E.g. running this multiple times:

    openssl rand -base64 12

  7. Start up the platform (-d will run the platform in the background):

    sudo docker-compose up -d

SSL Certificates

Setting up a Let’s Encrypt SSL Certificate

Rasa Platform works very well together with a Let’s Encrypt SSL Certificate.

Requirements:

  • notification email address (used by Let’s Encrypt to notify about urgent renewal and security notices)
  • domain name for the installation (in this example we use rasa.example.com) - you will not be able to set up SSL with a bare IP address without DNS

Note

Changing the systems DNS entries will create downtime.

We will use certbot to generate the certificates. Run these instructions to install the tool on a Ubuntu machine (needs to be adapted for other linux distros):

  1. SSH into the machine
  2. run the following commands to install certbot:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

certbot offers multiple ways to obtain a certificate. Let’s pick the temporary webserver option since it doesn’t require any additional configuration. The only prerequisite though is that the Rasa Platform has to be stopped so that webserver can bind to port 443 properly. To stop the Platform, run:

$ sudo docker-compose down

Now, run the following to start the interactive process to obtain the SSL certificate:

$ sudo certbot certonly

It’ll first ask you to pick the authentication method:

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

Here, pick 1 and press return.

Then, fill in the aforementioned email address:

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): ops@example.com

Then, accept the Terms of Services and decide if you’d like to share your email address with the EFF:

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

In the last step you’re providing your domain name:

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): rasa.example.com

After that finished successfully, you’ll see a message similar to the one below:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/rasa.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/rasa.example.com/privkey.pem
   Your cert will expire on 2018-02-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"

Your certificate has been generated and is now saved on the machine at /etc/letsencrypt/live/rasa.example.com/. Please run the following to copy them over to the appropriate directory so that the docker container can access them:

$ sudo cp /etc/letsencrypt/live/rasa.example.com/privkey.pem /etc/rasaplatform/certs/
$ sudo cp /etc/letsencrypt/live/rasa.example.com/fullchain.pem /etc/rasaplatform/certs/

After you have copied these files you can restart the Rasa Platform:

$ sudo docker-compose up -d

Let’s Encrypt certificates are short-lived, this means they expire after 90 days. This means that you’ll have to renew them on a regular basis. Thankfully this can be done with certbot as well. Run the following commands in order to renew your certificate.

Note

Be aware that the update process will also introduce downtime.

$ sudo docker-compose down
$ sudo certbot renew
$ sudo docker-compose up -d

In general: These certificate renewals should be automated with a cron job.

Python package installation

The enterprise version of the python Rasa packages are hosted on a private pypi server (instead of the publicly available instance that pip install uses by default).

To access these dependencies when developing an application locally or when building containers in a CI environment you need to

  1. create an account to access the private packages
  2. add your credentials before trying to pull packages with pip install

Access to private Rasa pip repository

Your license file (rasa_platform.yml) contains authentication credentials for the private python package registry of Rasa.

Your default credentials are contained in the fields pypi_repository_password and pypi_repository_user in your license file.

Optionally, you can register additional accounts, if you need them, at https://pypi.rasa.ai/login . Choose a username and submit your account for approval by clicking Register.

After you completed your account registration, please use your support email address to inform us of your account creation so we can validate your additional accounts.

Setting up pip authentication

You can manually enter your credentials and pip will ask for the credentials, e.g.

> pip install -i https://pypi.rasa.ai/simple/ rasa-extensions
Collecting rasa-extensions
User for pypi.rasa.ai: test
Password:

To automate this, you can add your credentials to your ~/.pypirc:

# ~/.pypirc
[distutils]
index-servers =
    pypi
    rasa

[pypi] # https://www.python.org/pypi
username:
password:

[rasa]
repository: https://pypi.rasa.ai/simple/
username: USERNAME
password: PASSWORD

Replacing USERNAME and PASSWORD with your authentication credentials.