This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/app
2021-11-23 13:48:12 +01:00
..
backup Try to migrate to pg_basebackup 2021-04-17 12:21:13 +02:00
bagage Add secrets 2021-11-20 14:58:09 +01:00
core/deploy bump diplonat version 2->3 2021-08-19 11:33:36 +02:00
directory Update bottin 2021-09-17 17:41:57 +02:00
drone-ci Add a docker compose for runners 2021-10-19 12:55:51 +02:00
dummy/secrets/dummy secretmgr.py does quite a few things! 2021-01-16 20:03:00 +01:00
email Alps build: add missing plugin directory for html and js files 2021-09-28 17:53:49 +02:00
garage Upgrade garage to 0.5 2021-11-17 16:42:13 +01:00
garage-staging Add config files for garage staging cluster 2021-11-18 17:14:30 +01:00
im Bump synapse to 1.47.1 to fix CVE 2021-11-23 13:48:12 +01:00
jitsi Fix Jitsi's IP address 2021-04-04 19:15:29 +02:00
matterbridge Add missing options for discord bridge 2021-11-16 12:57:15 +01:00
metrics/deploy Set prometheus node_exporter version to v1.1.2 2021-03-09 00:15:55 +01:00
platoo Document secrets and add stub utility to manage them 2021-01-16 17:37:34 +01:00
plume Increase RAM for Plume 2021-09-30 22:23:17 +02:00
postgres Upgrade guichet & postgres 2021-07-22 11:03:36 +02:00
traefik Drone 2.0.4 -> 2.4.0 2021-10-12 10:21:18 +02:00
.gitignore updated READMEs 2021-01-19 15:21:23 +01:00
docker-compose.yml Migrate to riot web 1.9.0 2021-09-28 22:17:24 +02:00
README.md updated READMEs 2021-01-19 15:21:23 +01:00
requirements.txt Add some documentation + add a requirements file 2021-01-18 08:06:19 +01:00
secretmgr.py Add Drone CI 2021-02-08 14:52:13 +01:00

Folder hierarchy

  • <module>/build/<image_name>/: folders with dockerfiles and other necessary resources for building container images
  • <module>/config/: folder containing configuration files, referenced by deployment file
  • <module>/secrets/: folder containing secrets, which can be synchronized with Consul using secretmgr.py
  • <module>/deploy/: folder containing the HCL file(s) necessary for deploying the module
  • <module>/integration/: folder containing files for integration testing using docker-compose

Secret Manager secretmgr.py

The Secret Manager ensures that all secrets are present where they should in the cluster.

You need access to the cluster (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's README, at the bottom of the file.

How to install secretmgr.py dependencies

### Install system dependencies first:
## On fedora

dnf install -y openldap-devel cyrus-sasl-devel
## On ubuntu
apt-get install -y libldap2-dev libsasl2-dev

### Now install the Python dependencies from requirements.txt:

## Either using a virtual environment
# (requires virtualenv python module)
python3 -m virtualenv env 
# Must be done everytime you create a new terminal window in this folder:
. env/bin/activate 
# Install the deps
pip install -r requirements.txt

## Either by installing the dependencies for your system user:
pip3 install --user -r requirements.txt

How to use secretmgr.py

Check that all secrets are correctly deployed for app dummy:

./secretmgr.py check dummy

Generate secrets for app dummy if they don't already exist:

./secretmgr.py gen dummy

Rotate secrets for app dummy, overwriting existing ones (be careful, this is dangerous!):

./secretmgr.py regen dummy

Upgrading one of our packaged apps to a new version

  1. Edit docker-compose.yml
  2. Change the VERSION variable to the desired version
  3. Increment the docker image tag by 1 (eg: superboum/riot:v13 -> superboum/riot:v14)
  4. Run docker-compose build
  5. Run docker-compose push
  6. Done