LogoLogo
1.1
1.1
  • 🏠Overview
  • 🏢Architecture
  • 📋Registration
    • Registration Interfaces
      • ODK Collect App
      • Self Service Portal
      • API Interface
      • Manual Entry
      • Bulk Export From CSV
    • ID Verification
    • Registry
  • 🅿️Program Management
    • Eligibility Assessment
    • Proxy Means Test
    • Enrolment
    • Deduplication
    • Program Cycles
    • Entitlement
    • Notifications
  • 💵Payments
    • Payment Modes
    • Payment Manager
    • Payment Batches
    • ID Account Mapper
    • Payment Rails
    • Reimbursements
      • Service Provider Portal
  • 🔐Privacy & Security
  • 📊Monitoring and Reporting
  • 🔧System Administration
    • Developer Mode
    • Role-Based Access Control
    • Internationalization (i18n)
    • Document Store
    • Apps
  • ⛓️Workflows
    • Cash grant scenario
    • Immediate Individual Assistance On-Demand
    • Service Provider Reimbursement
  • 🔗Integrations
    • M-PESA Integration
    • Mojaloop Integration
    • MOSIP Integration
      • ODK MTS Connector
      • Registry MTS Connector
      • Integration with e-Signet
  • 📦Releases
    • 1.1.0
      • Release Notes
  • ↔️REST API
  • ⚒️Testing
  • 👥Community
    • Contributing
    • Code of Conduct
  • 📗License
  • Guides
    • 📔How-To Guides
      • Install WireGuard Client on Desktop/Laptop
      • Install WireGuard Client on Android Device
      • Create User and Assign Role
      • Create a Custom Group
      • Create Program
      • Create Self-Service Portal Form
      • Map Self-Service Portal Form
      • Self Register Online
      • Integrate with MOSIP e-Signet
      • Create ODK Form
      • Provide Form Access to Field Agent
      • Download Form on ODK Collect
      • Register Offline
      • Create MTS Connector
        • Create ODK MTS Connector
        • Create OpenG2P Registry MTS Connector
      • Create Eligibility Manager Types
        • Create Default Eligibility Manager
        • Create ID Document Eligibility Manager
        • Create Phone Number Eligibility Manager
      • Create Eligibility Manager under Program
      • Configure Proxy Means Test
      • Enrol Registrants into Program
      • Configure ID Types
      • Create Deduplication Manager under Program
      • Create Deduplication Manager Types
        • Create ID Deduplication Manager
        • Create Phone Number Deduplication
      • Deduplicate Registrants
      • Create Notification Manager Types
        • Create SMS Notification Manager
        • Create Email Notification Manager
        • Create Fast2SMS Notification Manager
      • Create Notification Manager under Program
      • Send Notifications to Individual Registrants
      • Configure Program Manager under Program
      • Create and Approve Program Cycle
      • Multi-Stage Approval
      • Create Entitlement Voucher Template
      • Create Entitlement Manager Type
        • Create Default Entitlement Manager
        • Create Voucher Entitlement Manager
      • Configure Entitlement Manager under Program
      • Create Payment Manager Types
        • Create Payment Hub EE Payment Manager
        • Create Payment Interoperability Layer Payment Manager
        • Create Default Payment Manager
        • Create Cash Payment Manager
        • Create File Payment Manager
      • Configure Payment Manager in Program
      • Prepare and Send Payment
      • Install SmartScanner App
      • Submit Reimbursement Using the Service Provider Portal
      • Reimburse the service provider
    • 📙Documentation Guides
      • Creating Diagrams
      • OpenG2P Module Doc Template
      • Writing Guidelines For How-To Guides
    • 👩‍💻Developer Zone
      • Getting Started
      • Installing OpenG2P On Linux
      • Technology Stack
      • Modules
        • G2P Entitlement In-kind
        • G2P SelfServicePortal
        • OpenG2P Program Payment: G2P Connect Payment Manager
        • G2P Notifications: Wiserv SMS Service Provider
        • G2P Registry: Rest API
        • G2P Formio
        • G2P Registry: Base
        • G2P Registry: Individual
        • G2P: Proxy Means Test
    • 📘Deployment Guide
      • Deployment on Kubernetes
        • K8s Cluster Requirements
        • K8s Cluster Setup
        • Rancher Server Setup
        • NFS Server Setup
        • SSL Certificates using Letsencrypt
      • Post Install Configuration
      • Access to Deployed Setup
      • Packaging OpenG2P Docker
Powered by GitBook
LogoLogo

Copyright © OpenG2P. This work is licensed under Creative Common Attribution (CC-BY-4.0) International license unless otherwise noted.

On this page
  • Introduction
  • Access matrix
  • Wireguard access to users
  • Steps
  • Wireguard client installation
  1. Guides
  2. Deployment Guide

Access to Deployed Setup

Introduction

The table below enumerates various admin/user access to the entire deployment. This includes access to machines, Rancher, Kubernetes cluster as well as OpenG2P application.

Access matrix

Resource
Role
Password/key
Access method
Providing further access

Compute nodes

DevOps Super Admin

SSH Key

SSH into the node via private IP (via Wireguard) with the root user using SSH key

Users generate their own SSH Keys whose public keys are added to the nodes.

Wireguard node

DevOps Super Admin

SSH Key

SSH into the node via public IP with the root user using SSH key

Rancher (global)

Rancher Super Admin

Password

Open Rancher URL on browser and login via password

Individual cluster administrators can be created from Rancher UI.

Rancher (cluster)

Cluster Admin

Password

Open Rancher URL on browser and login via password

Users can be added and provided RBAC by Cluster Administrator using Rancher UI.

OpenG2P Application

Odoo Super Admin

Password

Open OpenG2P URL on browser and login via password

Users can be created and assigned fine-grained roles.

Wireguard access to users

The guide below provides steps to provide Wireguard access to users' devices (called peers). Note that the access must be provided to each unique device (like a desktop, laptop, mobile phone etc). Multiple logins with same conf file is not possible.

The Wireguard conf file MUST NOT be shared with any other users for security reasons.

Steps

  1. Login to the Wireguard node via SSH.

    > ssh -i <SSH key pem file> <user>@<ip>
  2. Navigate to Wireguard conf folder

    > cd /etc/wireguard_general
  3. You will see several pre-created peer config files. You may assign any one of the file (not assigned before) to a new peer/user.

  4. Editassigned.txt file to assign a new the peer (client/user). Make sure a conf file is assigned to a unique user, already assigned file is never re-assigned to another user.

    > vim assigned.txt
  5. Add the peers with name as mentioned below. Example:

    > peer1 : <peer name>
  6. Share the conf file with the peer/user securely. Example: peer1/peer1.conf

Wireguard client installation

PreviousPost Install ConfigurationNextPackaging OpenG2P Docker

Last updated 1 year ago

To provide Wireguard access to users/clients refer to the below.

Follow the guide .

📘
here
guide