Deploy a Healthcare Action Engine Container Stack
An InterSystems® Healthcare Action Engine (HAE) container must be deployed as part of a container stack which includes two containers:
-
An instance container, which is running the configured Healthcare Action Engine namespace.
-
A Web Gateway container, which allows HAE to send and receive HTTP/HTTPS connections through a web server.
Follow the procedure on this page to deploy an HAE container stack. For general guidance with container deployment, refer to Running InterSystems Products in Containers. Once you have completed the procedures described on this page, perform the steps described in Post-Deployment Tasks to finish configuring the Healthcare Action Engine.
The minimum supported version of Docker is 1.13. The minimum supported version of Docker Compose is v2.
Step 1: Download and Extract the HealthShare Sample Container Deployment
You must make several files available in order for an operational Healthcare Action Engine container stack to deploy successfully. To help you get started, InterSystems® provides a GitHub repository which contains examples of these files, including a sample working directory which you can use as a template for your deployment.
Subsequent instructions on this page reference the contents of this repository. Before proceeding, download the HealthShare Sample Container Deployment repository here: https://github.com/intersystems/healthshare-sample-container-deployOpens in a new tab. Then, extract the contents of the repository on your host system or in external cloud storage.
Step 2: Set Up the Working Directory Structure on the Host
However you organize the files which support your container deployment on the host, you must specify those file locations in the environment file and the docker-compose up command. For simplicity, the sample repository provides a compact template of a working directory; the relevant variables in this template working directory’s environment file are already configured so that they match the template working directory’s structure.
The working directory is named sample_deploy in both the sample repository and the directory tree image which follows. Elsewhere, the documentation refers to this directory as <working-dir>.
For convenience, you may wish to use the same string as the name of your working directory and the value of your container stack’s COMPOSE_PROJECT_NAME environment variable.
In this template, the working directory contains two files and three subdirectories which contain additional files:
This is the environment file. The sample environment file provided in the sample repositoryOpens in a new tab is named container.env. Because you specify the name of this file in docker-compose commands with the --env-file flag, the file may have any name (for example, hae.container.env).
The Docker Compose file uses the values that you specify for variables in the environment file in order to create your container stack.
See Modify the Environment File for instructions on editing the contents of the environment file.
This is a standard, parameterized Docker Compose file. It takes environment variable values from the environment file and deploys two “services”: the Web Gateway container and the instance container. The docker compose file also includes default values, so that if the environment file does not specify a value for a variable, the default is used.
In most cases, it is not necessary to edit the docker compose file to deploy the HAE container stack. See Modify the Docker Compose File if Needed.
By default, the config/ directory contains two subdirectories:
This directory must be a bind mountOpens in a new tab that gets mapped into the container. This directory is the default location for the base configuration JSON file, typically named hs-base-config.json. The base configuration file describes the configuration and security details for your Healthcare Action Engine instance and namespace.
You can modify the following environment variables to specify an alternate location for this directory or to use a different base configuration JSON filename:
| Item | Environment Variable | Default Value |
|---|---|---|
| Source Directory | EXTERNAL_HS_CONFIG_DIRECTORY | <working-dir>/config/hs/ |
| Target Directory | ISC_HS_CONFIG_DIRECTORY | /config/hs/ |
| Base Config File | ISC_HS_CONFIG_BASE_FILENAME | hs-base-config.json |
Elsewhere, the documentation refers to this location as <durable-hs-config>.
See Create the Base Configuration JSON File for instructions on editing the contents of this file.
This directory must be a bind mountOpens in a new tab that gets mapped into the container. This directory contains InterSystems IRIS® configuration information which will be passed to the HealthShare instance when the container is deployed. Two files that are typically found in this directory are:
-
iris.key — the license key
-
merge.cpf — the configuration merge file (optional)
You can modify the following environment variables to specify an alternate location for this directory:
| Item | Environment Variable | Default Value |
|---|---|---|
| Source Directory | EXTERNAL_IRIS_CONFIG_DIRECTORY | <working-dir>/config/iris/ |
| Target Directory | ISC_CONFIG_DIRECTORY | /config/iris/ |
Elsewhere, the documentation refers to this location as <durable-iris-config>.
See Create Custom Instance Configuration Files as Needed for guidance populating this directory.
By default, the data-ingestion/ directory contains a single subdirectory:
This directory must be a bind mountOpens in a new tab that gets mapped into the container. The installer for the HAE demo makes some of its demo data available by creating files in this directory.
You can use environment variables to specify an alternate location for this directory:
| Item | Environment Variable | Default Value |
|---|---|---|
| Source Dir | EXTERNAL_DATA_INGESTION_DIRECTORY | <working-dir>/data-ingestion/data/ |
| Target Dir | ISC_HS_DATA_INGESTION_DIRECTORY | /data-ingestion/Data/ |
Elsewhere, the documentation refers to this location as <durable-hs-data-ingestion>.
A subdirectory that contains configuration items for the Web Gateway container. See Required Configuration Files for details.
Step 3: Create the Base Configuration JSON File
When an InterSystems product is deployed from a kit, many details about how the instance operates (such as the namespace or network configuration) are specified after the kit has been installed. However, this is impractical for a container deployment.
The base configuration file uses JSON notation to describe how the instance container should be configured at deployment time. The file consists of three parts:
-
A feature configuration for the namespace, which initializes a namespace on the instance.
-
A network configuration for the instance, which specifies network and secure communication details for the instance.
-
An OAuth configuration for the instance, which configures the instance to authorize itself as part of a HealthShare federation using the federation’s OAuth 2.0 server. Because HAE is a stand-alone solution, you should leave this part of the base configuration empty.
The sample repository contains several files to help you create a base configuration file for your Healthcare Action Engine container stack:
-
A skeleton hs-base-config.json fileOpens in a new tab, which models the structure of a complete base configuration file. It includes empty feature, network and OAuth sections.
-
A sample feature configurationOpens in a new tab for the Healthcare Action Engine namespace.
Using the sample files and the instructions which follow, construct a complete base configuration file for your instance container. Then, place your base configuration file (named hs-base-config.json by default) in your <durable-hs-config> directory.
You can modify the environment file to override the default name and location of the base configuration file.
At minimum, a feature configuration for the Healthcare Action Engine must include the information provided in the following example:
"feature-config": {
"name": "<MYNAME>",
"type": "HealthcareActionEngine",
"template": "HSEDS.Sample.Production",
"disabled": false,
},
Where <MYNAME> is the name you choose for your Healthcare Action Engine namespace—for example, HAE. Note that the value of <MYNAME> must be uppercase.
Specify details about your instance’s network communication within the network configuration, as in the following example:
"network-config": {
"networkHostName": "myhost.ixrinternal.com",
"securePort": 8443,
"secureIsActive": true,
"secureWebServerPrefix": "",
"tlsConfig": "HS.Secure.Demo"
}
The tlsConfig parameter creates an empty SSL/TLS configuration. To populate the SSL/TLS configuration with certificate information and other configuration details, use a configuration merge file or edit it manually after the container has been deployed.
Leave this part of the base configuration file empty. HAE is a stand-alone solution, so there is no need to configure the instance to authenticate as part of a HealthShare federation.
The following example hs-base-config.json deploys an instance of HAE with a TLS configuration called HS.Secure.Demo.
{
"network-config": {
"networkHostName": "myhost.ixrinternal.com",
"securePort": 8443,
"secureIsActive": true,
"tlsConfig": "HS.Secure.Demo"
},
"feature-config": {
"name": "HAE",
"type": "HealthcareActionEngine",
"template": "HSEDS.Sample.Production",
"disabled": false,
},
"oauth-config": {
}
}
Step 4: Modify the Environment File
The environment file allows you to set environment variables. The Docker Compose file refers to these variables to define parameters which govern how the HAE instance container and Web Gateway container will be deployed.
The environment variables in the list which follows must have values; other environment variables mentioned in the sample repository’s environment file are optional.
-
When you are using the sample repository’s Docker Compose file, any variable that is left blank in the sample environment file may be left blank in your environment file. The default value from the Docker Compose file will be used instead.
-
Any variable that has a value specified in the distributed sample environment file must have a value in your environment file.
The unique name for the container stack that you are deploying. For convenience, you may wish to use the same name as the working directory for the stack.
If your COMPOSE_PROJECT_NAME is my_hae, your HealthShare instance and Web Gateway containers will be named:
-
my_hae-instance
-
my_hae-webgateway
The host name of the server that the container stack will be deployed on.
The code for the product image type that you are deploying. For Healthcare Action Engine, you must specify the value HSEDS.
A unique identifier for this instance—for example, a concatenation of the hostname and project name.
The path to your Healthcare Action Engine image. You can obtain this from the Name property of your instance image. The value should resemble the following:
containers.intersystems.com/intersystems/healthshare_healthcareactionengine
The version number of your Healthcare Action Engine image. You can obtain this from the Tag property of your instance image. The value should resemble the following:
2023.2
The path to your Web Gateway image. For example:
containers.intersystems.com/intersystems/webgateway
or
containers.intersystems.com/intersystems/webgateway-arm64
The version of your Web Gateway image. Always use the latest Web Gateway image:
latest-cd
The public-facing IP address of your host server. You can obtain this value by calling ipconfig on the host server.
If you choose to deploy a Healthcare Action Engine stack alongside other container stacks on a single host server, the following values must be updated in the environment file for each stack so that they are unique for each stack on the host server:
-
NETWORK_SUBNET— default is 192.168.10.0/24.
-
INSTANCE_NETWORK_IP_ADDRESS — default is 192.168.10.11. You must also edit the Ip_Address field in the CSP.ini file in the ./web-gateway/ subdirectory of your working directory to match this value.
-
WEBGATEWAY_NETWORK_IP_ADDRESS— default is 192.168.10.10.
-
WEBGATEWAY_SECURE_PORT— default is 8443.
-
INSTANCE_SUPERSERVER_PORT— default is 1972.
Step 5: Modify the Docker Compose File if Needed
In most cases, you can deploy a Healthcare Action Engine container stack using the sample repository’s standard, parameterized Docker Compose file. This default Docker Compose file uses environment variable values from your environment file to deploy the Web Gateway and Healthcare Action Engine instance containers as “services.” This file also specifies default values for some parameters, in case optional environment variables are left undefined.
In a typical deployment, you do not need to edit the docker compose file directly. Instead, configure the deployment by setting environment variables in the environment file.
You can add entries to the to suit your needs—for example, to specify additional volumes. You would also have to modify the default docker compose in order to change the default paths or filenames for the Web Gateway certificates and configuration files.
Step 6: Create Custom Instance Configuration Files as Needed
The <durable-iris-config> directory on your host should contain the following files:
-
iris.key — The license file for your Healthcare Action Engine instance. Note that license keys for containers are different than those used for kits; consult with an InterSystems representative to acquire the license appropriate for your deployment.
-
merge.cpf — The configuration merge file, where you can specify additional configuration parameters for your Healthcare Action Engine instance. Example uses of a configuration merge file in container deployment include:
-
specifying alternate values for the HS_Services username and password (which is used by the asynchronous Events Feeder).
-
configuring instance memory settings.
-
including the certificate details for the SSL/TLS configuration that you specified using the tlsConfig property in your base configuration file’s network configuration section.
The example merge.cpf which follows configures the “MyTestConfig” SSL/TLS configuration to use a certificate and private key that are located in <durable-iris-config>, which (in this example) mounts to/config/iris/ within the container.
[Actions] ModifySSLConfigs:Name=MyTestConfig,CertificateFile=/config/iris/ssl-cert.pem,PrivateKeyFile=/config/iris/ssl-cert.keyNote:Alternatively, you can manually edit the SSL/TLS configuration to add your certificate information once your instance container has been deployed.
-
The Web Gateway configuration directory (<working-dir>/web-gateway/ by default) should contain:
-
./certificate/ — A subdirectory where you should place your ssl-crt.key and ssl-cert.pem files in order to configure the Web Gateway to support SSL/TLS. If you are using the sample repository’s template working directory and you want to specify different names or paths for your certificate files, you must edit the provided Docker Compose file to use different names or paths for your certificate files, as there is no environment variable available.
-
csp.ini — A configuration file for the Web Gateway container. A sample fileOpens in a new tab is available from the sample repository. If you are using the sample repository’s template working directory and you want to specify a different path for the csp.ini file, you must edit the provided Docker Compose file, as there is no environment variable available.
Important:The Ip-Address value specified in the [REMOTE] section of the csp.ini file must match the INSTANCE_NETWORK_IP value in the environment file (or the default in the provided Docker Compose file). The default value in the provided Docker Compose file is 192.168.10.11. Unless you deploy more than one container stack on a particular host, this default value can typically be used.
-
csp.conf — A configuration file for the Apache httpd web server which runs within the Web Gateway container. A sample fileOpens in a new tab is available from the sample repository. If you are using the sample repository’s template working directory and you want to use a different file path for the csp.conf file, you must edit the provided Docker Compose file, as there is no environment variable available. do not edit the supplied csp.conf file unless you have expertise with Apache httpd.
Note:In the current version of the Healthcare Action Engine, the only supported web server for container deployments is Apache httpd.
Step 7: Run the Docker Compose up Command
In the working directory where your Healthcare Action Engine container stack’s docker-compose.yml file resides, run the command:
docker compose --env-file <envFile> up
Where <envFile> is the relative path to your environment file. If your Docker Compose file is not named docker-compose.yml or is in another location, use the -f flag to identify the docker compose file.
In a production environment, add the --detach (-d) flag at the end of the command in order to start the containers in the background and leave them running after your session ends. Complete details for the command are available in the Docker documentation: https://docs.docker.com/engine/reference/commandline/compose_up/Opens in a new tab.
For example:
docker compose --env-file ./hae.container.env up -d
Because two services are defined in the docker-compose.yml, the docker compose command will deploy both the Web Gateway container and the HAE instance container.
