master #30

Merged
quentin merged 4 commits from adrien/infrastructure:master into master 2021-01-19 14:49:15 +00:00
4 changed files with 55 additions and 19 deletions

View file

@ -46,7 +46,7 @@ To ease the development, we make the choice of a fully integrated environment
### Deploying/Updating new services is done from your machine ### Deploying/Updating new services is done from your machine
*The following instructions are provided for ops that already have access to the servers.* *The following instructions are provided for ops that already have access to the servers (meaning: their SSH public key is known by the cluster).*
Deploy Nomad on your machine: Deploy Nomad on your machine:
@ -74,16 +74,37 @@ Create an alias (and put it in your `.bashrc`) to bind APIs on your machine:
alias bind_df="ssh \ alias bind_df="ssh \
-p110 \ -p110 \
-N \ -N \
-L 4646:127.0.0.1:4646 \
-L 8500:127.0.0.1:8500 \
-L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \
-L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
-L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \ -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \
-L 4646:127.0.0.1:4646 \
-L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
-L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \
-L 8500:127.0.0.1:8500 \
<a server from the cluster>" <a server from the cluster>"
``` ```
and run: and run:
bind_df
Adrien uses `.ssh/config` configuration instead. I works basically the same. Here it goes:
``` ```
bind_df # in ~/.ssh/config
Host deuxfleurs
User adrien
Hostname deuxfleurs.fr
# If you don't use the default ~/.ssh/id_rsa to connect to Deuxfleurs
IdentityFile <some_key_path>
PubKeyAuthentication yes
ForwardAgent No
LocalForward 1389 bottin2.service.2.cluster.deuxfleurs.fr:389
LocalForward 4646 127.0.0.1:4646
LocalForward 5432 psql-proxy.service.2.cluster.deuxfleurs.fr:5432
LocalForward 8082 traefik-admin.service.2.cluster.deuxfleurs.fr:8082
LocalForward 8500 127.0.0.1:8500
``` ```
Now, to connect, do the following:
ssh deuxfleurs -N

1
app/.gitignore vendored
View file

@ -1 +1,2 @@
env/
__pycache__ __pycache__

View file

@ -1,6 +1,4 @@
## Understand this folder hierarchy # Folder hierarchy
This folder contains the following hierarchy:
- `<module>/build/<image_name>/`: folders with dockerfiles and other necessary resources for building container images - `<module>/build/<image_name>/`: folders with dockerfiles and other necessary resources for building container images
- `<module>/config/`: folder containing configuration files, referenced by deployment file - `<module>/config/`: folder containing configuration files, referenced by deployment file
@ -8,18 +6,34 @@ This folder contains the following hierarchy:
- `<module>/deploy/`: folder containing the HCL file(s) necessary for deploying the module - `<module>/deploy/`: folder containing the HCL file(s) necessary for deploying the module
- `<module>/integration/`: folder containing files for integration testing using docker-compose - `<module>/integration/`: folder containing files for integration testing using docker-compose
# Secret Manager `secretmgr.py`
The Secret Manager ensures that all secrets are present where they should in the cluster.
**You need access to the cluster** (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's [README](../README.md), at the bottom of the file.
## How to install `secretmgr.py` dependencies ## How to install `secretmgr.py` dependencies
How to install its dependencies:
```bash ```bash
# on fedora: ### Install system dependencies first:
dnf install -y openldap-devel ## On fedora
# on ubuntu:
apt-get install -y libldap2-dev
# for eveyrone: dnf install -y openldap-devel cyrus-sasl-devel
pip3 install --user --requirement requirements.txt ## On ubuntu
apt-get install -y libldap2-dev libsasl2-dev
### Now install the Python dependencies from requirements.txt:
## Either using a virtual environment
# (requires virtualenv python module)
python3 -m virtualenv env
# Must be done everytime you create a new terminal window in this folder:
. env/bin/activate
# Install the deps
pip install -r requirements.txt
## Either by installing the dependencies for your system user:
pip3 install --user -r requirements.txt
``` ```
## How to use `secretmgr.py` ## How to use `secretmgr.py`
@ -42,7 +56,7 @@ Rotate secrets for app `dummy`, overwriting existing ones (be careful, this is d
./secretmgr.py regen dummy ./secretmgr.py regen dummy
``` ```
## How to upgrade our packaged apps to a new version? # Upgrading one of our packaged apps to a new version
1. Edit `docker-compose.yml` 1. Edit `docker-compose.yml`
2. Change the `VERSION` variable to the desired version 2. Change the `VERSION` variable to the desired version

View file

@ -1 +1 @@
USER cotorn static-auth (what is this?) USER coturn static-auth (what is this?)