• Applets
  • Getting started
  • Team
  • Donate

Google Server Setup Guide

By default, MindLogger response data are end-to-end encrypted and stored on the non-profit Child Mind Institute’s AWS account. We provide instructions below for owners of MindLogger applets who need to have all response data from their applets stored on their own GCP account’s server. If this situation applies to you, please contact [email protected] before continuing with the instructions below.

Contents

  • Information MindLogger developers will need to set up your GCP server connection
  • Set up GCP server
    • Create GCP project
    • Create GCP user role
    • Create GCP storage bucket
    • Create GCP storage access keys
    • Create GCP instance
    • Allow MongoDB external port
    • Set up MongoDB with apt (recommended way)
    • Set up MongoDB with Docker (not recommended)
      • Create MindLogger database in instance
      • Reset database username and password



Information MindLogger developers will need to set up your server connection

Routing encrypted data collected from the MindLogger app to your GCP server requires initial setup assistance from MindLogger developers. If you follow the instructions in this guide, you will be able to provide them with the following required information to connect your server:

  • GCP variables to access your MindLogger Docker container:
    • MindLogger account owner email address
    • Mongodb database name (if changed from “mindlogger” in step 35)
    • Database username (if changed from “mindlogger” in step 36)
    • Database password (step 36)
    • Database port (if different than the default 27017)
    • Public IP address for your MindLogger instance (step 22)
  • GCP variables to access your MindLogger Google storage bucket (for media files):
    • Storage bucket name (if changed from “my-mindlogger-bucket” in step 11)
    • Service account (step 23)
    • Access key (step 15)
    • Secret access key (step 15)


arrow



Set up GCP server

Create GCP project

Everything related to your MindLogger server should be housed within a single project. The following instructions will guide you to set up a new GCP project.

  • Sign in to Google Cloud Platform:

    step1-gcp-sign-in


  • Enter “project” in the search box at top and select “Create a Project”:

    step2-search-project


  • Name the project and tap the blue “CREATE” button:

    step3-new-project-name


  • Tap “SELECT PROJECT” or select the new project from the dropdown menu at top:

    step4-select-new-project


arrow



Create GCP user role

You do not want to share information about a user with root access to your GCP account to MindLogger developers or anyone else! The following instructions will guide you to assign a role with restricted access to a new storage bucket for (optional) media files collected by your MindLogger applets.

  • Tap the “ADD PEOPLE TO THIS PROJECT” link in the new project’s dashboard:

    step5-new-project


  • Add a principal (user, in this case the owner of the account):

    step6-add-principal


  • In the “Select a role” search box, enter “storage”:

    step7-filter-role


  • Select “Storage Object Admin”, then tap the blue “SAVE” button:

    step8-select-role


arrow



Create GCP storage bucket

This section will guide you to create a new GCP bucket for (optional) media files collected by your MindLogger applets.

  • Enter “storage” in the search box at top and select “Cloud Storage”:

    step9-search-storage


  • On the Cloud Storage page, tap the blue “CREATE BUCKET” button:

    step10-cloud-storage


  • Enter “my-mindlogger-bucket” into the Bucket name field and make it unique: append your company name or the project name. Tap the blue “CREATE” button:

    step11-name-bucket


  • You will then be taken to the new bucket’s page:

    step12-bucket


arrow



Create GCP storage access keys

This section will guide you to generate access keys that you will need to share with MindLogger developers [see top].

  • On the Cloud Storage page, select the “INTEROPERABILITY” tab in “Settings”:

    step13-storage-settings


  • Scroll down to “Access keys for your user account” under “User Account HMAC”:

    step14-storage-access-keys


  • Tap the “CREATE A KEY” button to generate an Access key and Secret access key:

    *** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***

    [see top]

    step15-create-access-key


arrow



Create GCP instance

Your MindLogger database needs to be set up somewhere to store the response data collected by your MindLogger applets. This section will guide you to create a new GCP Debian Linux instance.

  • Enter “vm” in the search box at top and select “Add VM Instance”:

    step16-search-vm


  • Tap the blue “ENABLE” button on the Compute Engine API page:

    step17-enable-compute-engine-api


  • Tap the blue “CREATE INSTANCE” button on the Compute Engine page:

    step18-compute-engine


  • Name the instance:

    step19-name-instance


  • Set the “Machine type” to “e2-micro”:

    step20-instance-machine-type


  • Create the instance by tapping the blue “CREATE” button:

    step21-create-instance


  • Select the newly-created instance under “INSTANCES”:

    Note: Share the External IP address with MindLogger administrators [see top]

    step22-select-instance


    Note: Share Service account information with MindLogger administrators [see top]

    step23-instance-details


arrow



Allow MongoDB external port

In order to get access to MongoDB instance from the internet you will need to open external port.

  • In the search input type Firewall and click on the found item.
    open firewall


  • Click Create Firewall Rule.
    create rule


  • Enter “allow-mongodb” to the rule name.
    rule name


  • Enter “allow-mongodb” to the rule tags and hit enter.
    rule tags


  • Enter “0.0.0.0/0” to the rule ip range.
    rule ip


  • Enter “27017-27020” to the TCP ports input.
    rule port


  • Click save button.

  • Go to instances, and click to the instance name.
    show instance


  • Click edit instance.
    edit instance


  • Enter “allow-mongodb” to the network tags, hit enter and click Save.
    add network tags



Set up MongoDB with apt (recommended way)

This section will guide you to create an empty MindLogger mongodb database.

Install MongoDB

  • Run the following commands in terminal. It will install the necessary dependencies:

    sudo apt update
    sudo apt install -y wget
    
  • Add MongoDB repository by running these commands:

    wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -
    echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list
    
  • Now update packages by running

    sudo apt update
    
  • Install MongoDB package

    sudo apt install -y mongodb-org
    
  • Start MongoDB

    sudo systemctl start mongod
    
  • Check its status

    sudo systemctl status mongod
    
    check mongodb status


  • Enable service autostart

    sudo systemctl enable mongod
    

Create user and database

  • Get into MongoDB console by running mongo in terminal

  • Create a root user with the following commands:
    use admin
    db.createUser({  user: "root",  pwd: "root_password",  roles: [ "root" ]  })
    
    created mongodb root user


    Note: replace root_password with a new safe and complex password

  • Create database “mindlogger” with the following commands:
    use mindlogger
    db.test.save( {name:"test"} )
    db.test.find()
    show dbs
    
    created mongodb database


    Note: Share the database name with MindLogger administrators [see top]

  • Create a mindlogger user with the following commands:
    use mindlogger <- this important
    db.createUser({user: "mindlogger", pwd: "new_password", roles: ["readWrite"]})
    
    created mongodb mindlogger user


    Note: replace new_password with a new safe and complex password.

    Note: Share the database username and password with MindLogger administrators [see top]

  • Exit from MongoDB console by typing exit

  • Edit the mongo settings file

    sudo nano /etc/mongod.conf
    
  • Find the #security line and replace it with this line:

    security.authorization: enabled
    
  • Find the net: line and replace bindIp: with bindIpAll: true so it looks like this:

    net:
      port: 27017
      bindIpAll: true
    
  • Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X
  • Restart the service

    sudo service mongod restart
    
  • Verify credentials

    mongo -u "mindlogger" -p "new_password" --authenticationDatabase  "mindlogger"
    show dbs
    
    check mongo auth


    Note: replace new_password with the password you specified at step 36.

Set up MongoDB with Docker (not recommended)

Create MindLogger database in instance

This section will guide you to create an empty MindLogger mongodb database. You will copy a Docker container with a mongodb database from a public Amazon Web Services Elastic Container Registry repository to your new GCP instance.

  • In the new instance page, connect to the instance by tapping “SSH”…

    step24-instance


  • …and select “Open in browser window”:

    step25-connect-to-instance


  • You will then enter the instance console:

    step26-console


  • In the console, type the command sudo apt-get update:

    step27-update-instance


  • To install Docker prerequisites, type the commands (see details):

    sudo apt-get update

    sudo apt-get install ca-certificates curl gnupg lsb-release

    sudo mkdir -p /etc/apt/keyrings

    curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

    step28-install-docker-prerequisites


  • To install Docker, type the commands:

    sudo apt-get update

    sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

    step29-install-docker


  • Enable the docker service at AMI boot time by typing the command:

    sudo systemctl enable docker.service

    step30-enable-docker


  • Pull the public MindLogger container image from Amazon’s Elastic Container Registry:

    sudo docker pull public.ecr.aws/c4l1a6f8/mindlogger:latest

    step31-pull-mindlogger-container


    • (See Appendix for how the public MindLogger container was built)


  • Run the image as a mindlogger container by typing the command:

    sudo docker run -it -d --name mindlogger public.ecr.aws/c4l1a6f8/mindlogger

    step32-run-mindlogger-container


arrow



Reset database username and password

For security, you must change at least the password that accesses your database. This section will guide you to create a new user with access to your mongodb database and change relevant environment variables. You will need to share this information with MindLogger administrators.

  • Set environment variables (do not change once connected):

    *** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***

    [see top]

    NOTE: replace new_username and new_password with new login credentials

    echo "export MONGO_INITDB_DATABASE=mindlogger" >> .bashrc

    echo "export MONGO_INITDB_ROOT_USERNAME=new_username" >> .bashrc

    echo "export MONGO_INITDB_ROOT_PASSWORD=new_password" >> .bashrc

    source .bashrc

    step33-reset-env-vars


  • Reset the database username and password inside the mongodb Docker container:

    NOTE: replace new_username and new_password with the new login credentials

    sudo docker exec -it mindlogger bash -c mongo \
    --username new_username --password new_password

    step34-reset-mongodb-login


  • At the command line prompt (>), create a new user with the new login credentials:

    NOTE: replace new_username and new_password with the new login credentials

    db.createUser({user: 'new_username', pwd: 'new_password', \
    roles: [{ role: 'readWrite', db:'[database]'}]})

    step35-create-mongodb-user


  • Type Ctrl-C to escape this prompt and exit to exit the console

arrow




Updated by Arno 2022-07-02
nimh-logo
mit-logo
lpi-logo
hearst-logo
hirani-logo
Contact: [email protected]
© Child Mind Institute 2023
  • Terms
  • Conduct
  • Principles