This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/app
2021-09-14 14:02:50 +02:00
..
backup Try to migrate to pg_basebackup 2021-04-17 12:21:13 +02:00
bagage/deploy Upgrade bagage and fix mem leak 2021-09-10 18:32:50 +02:00
core/deploy bump diplonat version 2->3 2021-08-19 11:33:36 +02:00
directory Finally fix dovecot 2021-09-14 14:02:50 +02:00
drone-ci update drone server to 2.0.4 2021-07-08 11:12:05 +02:00
dummy/secrets/dummy secretmgr.py does quite a few things! 2021-01-16 20:03:00 +01:00
email Finally fix dovecot 2021-09-14 14:02:50 +02:00
garage Update garage to handle ed25519 keys for TLS 2021-07-08 11:07:45 +02:00
im Add 500Mo x3 more RAM to postgres and 2Go less RAM to Matrix 2021-07-01 23:48:11 +02:00
jitsi Fix Jitsi's IP address 2021-04-04 19:15:29 +02:00
metrics/deploy Set prometheus node_exporter version to v1.1.2 2021-03-09 00:15:55 +01:00
platoo Document secrets and add stub utility to manage them 2021-01-16 17:37:34 +01:00
plume Upgrade Plume 2021-09-02 15:35:59 +02:00
postgres Upgrade guichet & postgres 2021-07-22 11:03:36 +02:00
traefik Allow only cipher suites recommended by Mozilla 2021-05-07 20:01:31 +02:00
.gitignore updated READMEs 2021-01-19 15:21:23 +01:00
docker-compose.yml Finally fix dovecot 2021-09-14 14:02:50 +02:00
README.md updated READMEs 2021-01-19 15:21:23 +01:00
requirements.txt Add some documentation + add a requirements file 2021-01-18 08:06:19 +01:00
secretmgr.py Add Drone CI 2021-02-08 14:52:13 +01:00

Folder hierarchy

  • <module>/build/<image_name>/: folders with dockerfiles and other necessary resources for building container images
  • <module>/config/: folder containing configuration files, referenced by deployment file
  • <module>/secrets/: folder containing secrets, which can be synchronized with Consul using secretmgr.py
  • <module>/deploy/: folder containing the HCL file(s) necessary for deploying the module
  • <module>/integration/: folder containing files for integration testing using docker-compose

Secret Manager secretmgr.py

The Secret Manager ensures that all secrets are present where they should in the cluster.

You need access to the cluster (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's README, at the bottom of the file.

How to install secretmgr.py dependencies

### Install system dependencies first:
## On fedora

dnf install -y openldap-devel cyrus-sasl-devel
## On ubuntu
apt-get install -y libldap2-dev libsasl2-dev

### Now install the Python dependencies from requirements.txt:

## Either using a virtual environment
# (requires virtualenv python module)
python3 -m virtualenv env 
# Must be done everytime you create a new terminal window in this folder:
. env/bin/activate 
# Install the deps
pip install -r requirements.txt

## Either by installing the dependencies for your system user:
pip3 install --user -r requirements.txt

How to use secretmgr.py

Check that all secrets are correctly deployed for app dummy:

./secretmgr.py check dummy

Generate secrets for app dummy if they don't already exist:

./secretmgr.py gen dummy

Rotate secrets for app dummy, overwriting existing ones (be careful, this is dangerous!):

./secretmgr.py regen dummy

Upgrading one of our packaged apps to a new version

  1. Edit docker-compose.yml
  2. Change the VERSION variable to the desired version
  3. Increment the docker image tag by 1 (eg: superboum/riot:v13 -> superboum/riot:v14)
  4. Run docker-compose build
  5. Run docker-compose push
  6. Done