.. This Software (Dioptra) is being made available as a public service by the .. National Institute of Standards and Technology (NIST), an Agency of the United .. States Department of Commerce. This software was developed in part by employees of .. NIST and in part by NIST contractors. Copyright in portions of this software that .. were developed by NIST contractors has been licensed or assigned to NIST. Pursuant .. to Title 17 United States Code Section 105, works of NIST employees are not .. subject to copyright protection in the United States. However, NIST may hold .. international copyright in software created by its employees and domestic .. copyright (or licensing rights) in portions of software that were assigned or .. licensed to NIST. To the extent that NIST holds copyright in this software, it is .. being made available under the Creative Commons Attribution 4.0 International .. license (CC BY 4.0). The disclaimers of the CC BY 4.0 license apply to all parts .. of the software developed or licensed by NIST. .. .. ACCESS THE FULL CC BY 4.0 LICENSE HERE: .. https://creativecommons.org/licenses/by/4.0/legalcode .. _reference-init-deployment-script: init-deployment.sh Script Reference =================================== This reference describes the ``init-deployment.sh`` script that initializes a Dioptra deployment. The script is located in the root of the deployment folder generated by the cookiecutter template. .. seealso:: :ref:`how-to-prepare-deployment` - Step-by-step guide for creating and customizing your deployment. Overview -------- The ``init-deployment.sh`` script automates the following initialization steps: - Generates random passwords used to secure Dioptra's services - Copies and bundles extra CA certificates for the containers - Copies configuration files and certificates into named volumes - Sets appropriate file and folder access permissions - Creates Minio S3 accounts and configures their access permissions - Syncs built-in task plugins from the Dioptra GitHub repository - Enables SSL/TLS in PostgreSQL (if applicable) Command-Line Options -------------------- .. code:: text Usage: init-deployment.sh [--enable-nginx-ssl] [--enable-postgres-ssl] [--skip-minio-setup] [--branch ] [--worker-ssl-service [tfcpu|pytorchcpu]] [--python ] [-h|--help] **--enable-nginx-ssl** Enable the SSL-enabled configuration settings for the NGINX container. Use this if you copied a server certificate and private key into the ``ssl/nginx/`` folder. **--enable-postgres-ssl** Enable the SSL-enabled configuration settings for the PostgreSQL container. Use this if you copied a server certificate and private key into the ``ssl/db/`` folder. **--skip-minio-setup** Skip Minio service setup. Useful when making configuration changes after the initial deployment, as the script may freeze when trying to reconfigure an already-running Minio container. **--branch ** The Dioptra GitHub branch to use when syncing built-in task plugins and frontend files. Replace ```` with the branch you want to use (e.g., ``main``, ``dev``). (default: ``main``) **--python ** Command for invoking the Python interpreter. Must be Python 3.11 or greater with the ``jinja2`` package installed. (default: ``python``) **--worker-ssl-service [tfcpu|pytorchcpu]** Container image to use when bootstrapping the SSL named volumes for worker containers. (default: ``tfcpu``) **-h, --help** Print the help message and exit. Examples -------- .. note:: Replace ```` with the Dioptra branch that matches your container images (e.g., ``main`` for releases, ``dev`` for development builds). **Basic initialization:** .. code:: sh ./init-deployment.sh --branch **With NGINX SSL enabled:** .. code:: sh ./init-deployment.sh --branch --enable-nginx-ssl **With both NGINX and PostgreSQL SSL enabled:** .. code:: sh ./init-deployment.sh --branch --enable-nginx-ssl --enable-postgres-ssl **Rerunning after configuration changes:** .. code:: sh ./init-deployment.sh --branch --skip-minio-setup .. important:: You must specify the ``--enable-nginx-ssl`` and ``--enable-postgres-ssl`` options **each time** you run the ``init-deployment.sh`` script. If you omit them on a subsequent run, SSL/TLS will be disabled for those services. .. seealso:: * :ref:`reference-deployment-folder` - Deployment folder structure and file descriptions * :ref:`how-to-enabling-ssl-tls` - Enable SSL/TLS for NGINX and PostgreSQL * :ref:`how-to-adding-certificates` - Add custom CA certificates