Skip to content

papAI (Standalone)


This tutorial provides a comprehensive guide on using a series of scripts and configuration files specifically designed to automate the installation and update process for the papAI platform over a Microk8s environment. Ansible, an open-source software provisioning, configuration management, and application-deployment tool, forms the backbone of this automation process.

Directory Structure

The directories in this project contain the following:

  • Components/: Necessary components, including certificates and Microk8sCharts,
  • Components/Microk8sCharts: Contains Helm Charts. For detailed information on specific charts such as Vault, GitLab, and NFS, please refer to their respective documentation.
  • envs/: Environment-specific configuration files such as env_conf.yml, env_microk8s.yml, env_versions.yml, and service_versions_map.yml.
  • inventory/: Contains inventory files for Ansible playbooks.
  • playbooks/: Ansible playbooks such as install.yml and update.yml for installing and updating the papAI system.
  • roles/: Contains Ansible roles which are independent, reusable collections of tasks, templates, and variables. The roles in the project include install-microk8s and papai-over-microk8s.


Before running the playbooks, certain steps must be completed to set up your environment correctly.

  1. Modifyenv_microk8s.yml:

The env_microk8s.yml configuration file contains several URLs that you must modify according to your specific server setup. Replace the following URLs with your respective URLs:

frontend_url: ""
grafana_url: ""
keycloak_url: ""
core_url: ""

Don't forget to setup DNS for these changes.

You will need to set up your own smtp server Configuration:

SMTP_PORT: "465" 
SMTP_PASSWORD: "ex@mple" 
SMTP_START_TLS: "false" 
SMTP_USE_SSL: "true"
  1. Create a TLS file:

The ./Components/Certificats/tls.yaml file must be created using your certificate and key files. For example, if you have papai.crt and papai.key files, you can create the tls.yaml file using kubectl:

`kubectl create secret tls papai-certs --cert=papai.crt --key=papai.key --dry-run=client -o yaml > o2_devops/Components/Certificats/tls.yaml`

This command will create a Kubernetes secret named tls-secret in a dry-run mode and outputs it to the tls.yaml file.

  1. Server Configuration: The recommended server configuration for running the papAI system is as follows:
    • 120 GB of Memory
    • 32 Virtual Cores
    • 400 GB of Disk Space

Ensure your server meets these specifications for optimal performance.

  1. OS Compatibility:
    • Ubuntu (23.04 and above)
    • Debian (11 and above)

Please complete these prerequisites before proceeding with the installation or update process.



This playbook is designed to install the papAI system from scratch on a server specified as papai_server. It first gathers facts about the target and escalates privileges to root via sudo. It then includes variables from the envs directory and utilizes the install-microk8s and papai-over-microk8s roles.


This playbook updates a specific service in the papAI system on a server specified as papai_server. It also gathers facts, escalates privileges, and includes variables from the envs directory, with an additional service_versions_map.yml file. It utilizes the papai-over-microk8s role.



This role is designed to automate the process of installing Microk8s.


This role includes tasks from either fromscratch.yml or update.yml depending on the type specified. These tasks are responsible for setting up and updating various components of the Papai system.

Running the Playbooks

Install from Scratch

ansible-playbook playbooks/install.yml -i inventory -e type=fromscratch

Update a papAI Service

ansible-playbook playbooks/update-papai.yml -i inventory -e SERVICE_VERSION=dev-0.20.1 -e SERVICE_NAME=core

Please replace inventory, dev-0.20.1, and core with your actual inventory file, service version, and service name respectively.


The purpose of this tutorial is to simplify and automate the setup and update process of papAI, thereby reducing manual errors and saving time. Through the use of roles, tasks, and variable files, it allows for easy customization and reuse, providing comprehensive automation for both fresh installations and service updates.