This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/app
2021-01-28 23:02:37 +01:00
..
backup Add a few missing secrets 2021-01-19 18:02:00 +01:00
core/deploy Proposal: reorganize app/ folder by modules 2021-01-16 17:07:01 +01:00
directory Proposal: reorganize app/ folder by modules 2021-01-16 17:07:01 +01:00
dummy/secrets/dummy secretmgr.py does quite a few things! 2021-01-16 20:03:00 +01:00
email Document secrets and add stub utility to manage them 2021-01-16 17:37:34 +01:00
garage Add a few missing secrets 2021-01-19 18:02:00 +01:00
im Add CMD_ONCE secret type and fill in/change secret definitions 2021-01-19 17:53:53 +01:00
jitsi Still so broken... 2021-01-28 23:02:37 +01:00
nextcloud Proposal: reorganize app/ folder by modules 2021-01-16 17:07:01 +01:00
platoo Document secrets and add stub utility to manage them 2021-01-16 17:37:34 +01:00
plume Add CMD_ONCE secret type and fill in/change secret definitions 2021-01-19 17:53:53 +01:00
postgres secretmgr.py does quite a few things! 2021-01-16 20:03:00 +01:00
science/deploy Proposal: reorganize app/ folder by modules 2021-01-16 17:07:01 +01:00
seafile Document secrets and add stub utility to manage them 2021-01-16 17:37:34 +01:00
traefik Proposal: reorganize app/ folder by modules 2021-01-16 17:07:01 +01:00
.gitignore updated READMEs 2021-01-19 15:21:23 +01:00
docker-compose.yml Still so broken... 2021-01-28 23:02:37 +01:00
README.md updated READMEs 2021-01-19 15:21:23 +01:00
requirements.txt Add some documentation + add a requirements file 2021-01-18 08:06:19 +01:00
secretmgr.py Merge pull request 'secretmgr retourne une erreur bien formatée face à un fichier vide' (#32) from adrien/infrastructure:master into master 2021-01-19 18:48:31 +01:00

Folder hierarchy

  • <module>/build/<image_name>/: folders with dockerfiles and other necessary resources for building container images
  • <module>/config/: folder containing configuration files, referenced by deployment file
  • <module>/secrets/: folder containing secrets, which can be synchronized with Consul using secretmgr.py
  • <module>/deploy/: folder containing the HCL file(s) necessary for deploying the module
  • <module>/integration/: folder containing files for integration testing using docker-compose

Secret Manager secretmgr.py

The Secret Manager ensures that all secrets are present where they should in the cluster.

You need access to the cluster (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's README, at the bottom of the file.

How to install secretmgr.py dependencies

### Install system dependencies first:
## On fedora

dnf install -y openldap-devel cyrus-sasl-devel
## On ubuntu
apt-get install -y libldap2-dev libsasl2-dev

### Now install the Python dependencies from requirements.txt:

## Either using a virtual environment
# (requires virtualenv python module)
python3 -m virtualenv env 
# Must be done everytime you create a new terminal window in this folder:
. env/bin/activate 
# Install the deps
pip install -r requirements.txt

## Either by installing the dependencies for your system user:
pip3 install --user -r requirements.txt

How to use secretmgr.py

Check that all secrets are correctly deployed for app dummy:

./secretmgr.py check dummy

Generate secrets for app dummy if they don't already exist:

./secretmgr.py gen dummy

Rotate secrets for app dummy, overwriting existing ones (be careful, this is dangerous!):

./secretmgr.py regen dummy

Upgrading one of our packaged apps to a new version

  1. Edit docker-compose.yml
  2. Change the VERSION variable to the desired version
  3. Increment the docker image tag by 1 (eg: superboum/riot:v13 -> superboum/riot:v14)
  4. Run docker-compose build
  5. Run docker-compose push
  6. Done