The FDA MyStudies Response datastore provides APIs to store and manage pseudonymized study response and activity data. The Response datastore receives de-identified study responses from the Android and iOS mobile applications, which are then written to a document-oriented database. Researchers and data scientists access this database to perform analysis of the study data, or for export to downstream systems. The Response datastore also receives de-identified activity data, which is written to a relational database. The application is built as a Spring Boot application. The backend database is Cloud Firestore for the response data, and MySQL for the activity data. The Response datastore uses basic authentication client_id and client_secret.
The Response datastore client applications are:
NOTE: Holistic deployment of the FDA MyStudies platform with Terraform and infrastructure-as-code is the recommended approach to deploying this component. A step-by-step guide to semi-automated deployment can be found in the
deployment/directory. The following instructions are provided in case manual deployment in a VM is required. Google Cloud infrastructure is indicated, but equivalent alternative infrastructure can be used as well. It is important for the deploying organization to consider the identity and access control choices made when configuring the selected services. If pursuing a manual deployment, a convenient sequence ishydra/→auth-server/→participant-datastore/→participant-manager-datastore/→participant-manager/→study-datastore/→response-datastore/→study-builder/→Android/→iOS/.
To deploy the Response datastore manually:
- Create a Compute Engine VM instance with a static IP and read/write access scopes for Cloud Datastore
- Verify that your VM instance has the
Stackdriver Logging APIwrite access scope (on by default) and that your VM’s service account has theLogs Writerrole (off by default) - Check out the latest code from the FDA MyStudies repository
- Create a Cloud SQL instance with MySQL v5.7 (instructions)
- Configure the
Response datastoredatabase on the Cloud SQL instance- Create a user account that the
Response datastoreapplication will use to access this instance (instructions) - Run the
mystudies_response_server_db_script.sqlscript to create a database namedmystudies_response_server(instructions) - Enable the database’s private IP connectivity in the same network as your VM (instructions)
- Create a user account that the
- Create a Cloud Firestore database operating in Native mode, then grant the IAM role
roles/datastore.userto the service account that yourResponse datastorewill use to read/write data (this could be your VM’s default service account) - Deploy the
Response datastorecontainer to the VM- Create the Docker image using
sudo mvn -B package -Pprod com.google.cloud.tools:jib-maven-plugin:2.5.2:dockerBuild -Dimage=response-datastore-imagefrom theresponse-datastore/directory (you may need to install Docker and Maven, for examplesudo apt install maven) - Update the Docker environment file
variables.envwith values that configure theapplication.propertiesfile for your deployment - Run the container on the VM using
sudo docker run --detach --env-file variables.env -p 80:8080 --name response-datastore response-datastore-image - If your
Hydrainstance is a using self-signed certificate, add that certificate to your container’s keystore, for example withsudo docker exec -it response-datastore bash -c "openssl s_client -connect <your_hydra_instance> | sed -ne '/-BEGIN CERTIFICATE/,/END CERTIFICATE/p' > hydra.crt; keytool -import -trustcacerts -alias hydra -file hydra.crt -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit", then restart the container withsudo docker restart response-datastore
- Create the Docker image using
- Test if the application is running with
curl http://0.0.0.0/response-datastore/healthCheck - You can review application logs in the logging directories you specified, or with
sudo docker logs response-datastore; audit logs are available in Cloud Logging
Copyright 2020 Google LLC