Skip to content
/ TAC Public

The Trusted Analytics Container (TAC), an O'Reilly Media / RWJ collaboration to support sharing critical health data for research

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VitalLabs/TAC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

528 Commits

ansible

ansible

 
 

scratch

scratch

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

Trusted analytics container

Settings

All TAC settings are contained in the vars file group_vars/tag_TAC_all_:

You must export your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

export AWS_ACCESS_KEY_ID='<SNIP>'
export AWS_SECRET_ACCESS_KEY='<SNIP>'

You must create a seperate AWS keypair for TAC master access.

This is the setting tac_keypair.

Credentials Storage

A .gitignore file keeps the directory .ec2/ from being checked in. Use that directory to store keyfiles, and/or environment files.

I use a file like this one .ec2/tac-creds:

export AWS_ACCESS_KEY_ID='<SNIP>'
export AWS_SECRET_ACCESS_KEY='<SNIP>'

Networking

cidr_block: 10.86.0.0/16
subnets:
  - cidr: 10.86.0.0/24
    az: "{{ tac_zone }}"
route_tables:
  - subnets:
      - 10.86.0.0/24
    routes:
      - dest: 0.0.0.0/0
        gw: igw

VPC rules

# rules
tac_rules:
  - proto: tcp
    from_port: 22
    to_port: 22
    cidr_ip: 0.0.0.0/0

tac_rules_egress:
  - proto: all
    cidr_ip: 0.0.0.0/0

EC2 Instances

# instances
tac_instances:
  - instance_type: m1.medium
    image: "{{tac_imgid}}"
    keypair: "{{tac_keypair}}"
    instance_tags:
        Name: dev_tac
        dev_all: ""
        dev_tac: "master"
    exact_count: 1
    count_tag:
        Name: dev_tac_master

Initial infrastructure

To spin up a TAC EC2 instance use the following command:

ansible-playbook -v 1-dev-TAC-infrastructure.yml -i inv/hosts --private-key <KEYFILE>

Bootstrapping

The initial infrastructure playbook will call the bootstrapping playbook, but you can run it after the fact:

ansible-playbook -v bootstrap-tac.yml -i inv/ec2.py --private-key <KEYFILE>

User Accounts

Administrative users

The user account ubuntu is the AWS user account which is secured via the keypair defined in the AWS account.

Access to this account should be strictly controled by the TAC administrative org.

Ingress users

The user accounts in the ingress group are tasked with placing the working files into /opt/ingress.

These users either supply an ssh public key, or they can have a public and private key generated by the system.

These user accounts are for "uploading" the data to be worked on.

Working users

The user accounts in the working group are used to do the analitics.

These users either supply an ssh public key, or they can have a public and private key generated by the system.

These user accounts work on the analitics in /opt/workdir, then move the results to /opt/egress.

Egress users

The user accounts in the egress group are used to pull data out of the TAC.

These users either supply an ssh public key, or they can have a public and private key generated by the system.

These user accounts pull data from /opt/egress.

About

The Trusted Analytics Container (TAC), an O'Reilly Media / RWJ collaboration to support sharing critical health data for research

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

16 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages