Merge pull request 'master' (#30) from adrien/infrastructure:master into master

Reviewed-on: Deuxfleurs/infrastructure#30
2021-01-19 15:49:11 +01:00 · 2021-01-19 15:49:11 +01:00 · af2b8b06ba
commit af2b8b06ba
parent eb925049ac 98280c8628
4 changed files with 55 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -46,7 +46,7 @@ To ease the development, we make the choice of a fully integrated environment

 ### Deploying/Updating new services is done from your machine

-*The following instructions are provided for ops that already have access to the servers.*
+*The following instructions are provided for ops that already have access to the servers (meaning: their SSH public key is known by the cluster).*

 Deploy Nomad on your machine:

@ -74,16 +74,37 @@ Create an alias (and put it in your `.bashrc`) to bind APIs on your machine:
 alias bind_df="ssh \
  -p110 \
  -N \
-  -L 4646:127.0.0.1:4646 \
-  -L 8500:127.0.0.1:8500 \
-  -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \
-  -L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
  -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \
+  -L 4646:127.0.0.1:4646 \
+  -L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
+  -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \
+  -L 8500:127.0.0.1:8500 \
  <a server from the cluster>"
 ```

 and run: 

+    bind_df
+
+Adrien uses `.ssh/config` configuration instead. I works basically the same. Here it goes:
+
 ```
-bind_df
+# in ~/.ssh/config 
+
+Host deuxfleurs
+    User adrien
+    Hostname deuxfleurs.fr
+    # If you don't use the default ~/.ssh/id_rsa to connect to Deuxfleurs
+    IdentityFile <some_key_path>
+    PubKeyAuthentication yes
+    ForwardAgent No
+    LocalForward 1389 bottin2.service.2.cluster.deuxfleurs.fr:389
+    LocalForward 4646 127.0.0.1:4646
+    LocalForward 5432 psql-proxy.service.2.cluster.deuxfleurs.fr:5432
+    LocalForward 8082 traefik-admin.service.2.cluster.deuxfleurs.fr:8082
+    LocalForward 8500 127.0.0.1:8500
 ```
+
+Now, to connect, do the following:
+
+    ssh deuxfleurs -N 
--- a/app/.gitignore
+++ b/app/.gitignore
@ -1 +1,2 @@
+env/
 __pycache__
--- a/app/README.md
+++ b/app/README.md
@ -1,6 +1,4 @@
-## Understand this folder hierarchy
-
-This folder contains the following hierarchy:
+# Folder hierarchy

 - `<module>/build/<image_name>/`: folders with dockerfiles and other necessary resources for building container images
 - `<module>/config/`: folder containing configuration files, referenced by deployment file
@ -8,18 +6,34 @@ This folder contains the following hierarchy:
 - `<module>/deploy/`: folder containing the HCL file(s) necessary for deploying the module
 - `<module>/integration/`: folder containing files for integration testing using docker-compose

+# Secret Manager `secretmgr.py`
+
+The Secret Manager ensures that all secrets are present where they should in the cluster.
+
+**You need access to the cluster** (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's [README](../README.md), at the bottom of the file.
+
 ## How to install `secretmgr.py` dependencies

-How to install its dependencies:
-
 ```bash
-# on fedora:
-dnf install -y openldap-devel
-# on ubuntu:
-apt-get install -y libldap2-dev
+### Install system dependencies first:
+## On fedora

-# for eveyrone:
-pip3 install --user --requirement requirements.txt
+dnf install -y openldap-devel cyrus-sasl-devel
+## On ubuntu
+apt-get install -y libldap2-dev libsasl2-dev
+
+### Now install the Python dependencies from requirements.txt:
+
+## Either using a virtual environment
+# (requires virtualenv python module)
+python3 -m virtualenv env 
+# Must be done everytime you create a new terminal window in this folder:
+. env/bin/activate 
+# Install the deps
+pip install -r requirements.txt
+
+## Either by installing the dependencies for your system user:
+pip3 install --user -r requirements.txt
 ```

 ## How to use `secretmgr.py`
@ -42,7 +56,7 @@ Rotate secrets for app `dummy`, overwriting existing ones (be careful, this is d
 ./secretmgr.py regen dummy
 ```

-## How to upgrade our packaged apps to a new version?
+# Upgrading one of our packaged apps to a new version

 1. Edit `docker-compose.yml`
 2. Change the `VERSION` variable to the desired version
--- a/app/im/secrets/chat/coturn/static-auth
+++ b/app/im/secrets/chat/coturn/static-auth
@ -1 +1 @@
-USER cotorn static-auth (what is this?)
+USER coturn static-auth (what is this?)