From a5a56b6f70bd5b445c3d10d0c5a99011a8bcdd1d Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Mon, 28 Dec 2020 12:04:08 +0100 Subject: [PATCH 1/3] wrote a redirection to deuxfleurs.fr in Treafik config's comments --- app/deployment/web_static.hcl | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/deployment/web_static.hcl b/app/deployment/web_static.hcl index a02d48b..01de23e 100644 --- a/app/deployment/web_static.hcl +++ b/app/deployment/web_static.hcl @@ -38,8 +38,13 @@ EOH "traefik.enable=true", "traefik.frontend.entryPoints=https,http", "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/", - # ideally we would have a rewrite regex: ^https?://(www\.deuxfleurs\.fr|deuxfleurs\.org|www\.deuxfleurs\.fr)(.*)$ "traefik.frontend.priority=10" + # Ideally we would have a rewrite regex like this https://regex101.com/r/WHrABU/1 + # See how it does not handle "http://deuxfleurs.fr/"? Not a big deal since HTTPS is redirected somewhere else + #"traefik.frontend.redirect.regex=^https?://(www\.deuxfleurs\.fr|deuxfleurs\.org|www\.deuxfleurs\.org)(.*)$", + #"traefik.frontend.redirect.replacement=https://deuxfleurs.fr/$${2}", + # Only set permanent redirect when it is guaranteed to work + #"traefik.frontend.redirect.permanent=true", ] port = "deuxfleurs_port" address_mode = "host" From 2a346f54301503077def38edc1039230a699958e Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Tue, 19 Jan 2021 14:40:14 +0100 Subject: [PATCH 2/3] coquille --- app/im/secrets/chat/coturn/static-auth | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/im/secrets/chat/coturn/static-auth b/app/im/secrets/chat/coturn/static-auth index d23be29..43628ef 100644 --- a/app/im/secrets/chat/coturn/static-auth +++ b/app/im/secrets/chat/coturn/static-auth @@ -1 +1 @@ -USER cotorn static-auth (what is this?) +USER coturn static-auth (what is this?) From 98280c8628bc1df6197a1a830808bcd8631101bf Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Tue, 19 Jan 2021 15:21:23 +0100 Subject: [PATCH 3/3] updated READMEs --- README.md | 33 +++++++++++++++++++++++++++------ app/.gitignore | 1 + app/README.md | 38 ++++++++++++++++++++++++++------------ 3 files changed, 54 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 5bf9f58..83aad91 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ To ease the development, we make the choice of a fully integrated environment ### Deploying/Updating new services is done from your machine -*The following instructions are provided for ops that already have access to the servers.* +*The following instructions are provided for ops that already have access to the servers (meaning: their SSH public key is known by the cluster).* Deploy Nomad on your machine: @@ -74,16 +74,37 @@ Create an alias (and put it in your `.bashrc`) to bind APIs on your machine: alias bind_df="ssh \ -p110 \ -N \ - -L 4646:127.0.0.1:4646 \ - -L 8500:127.0.0.1:8500 \ - -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \ - -L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \ -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \ + -L 4646:127.0.0.1:4646 \ + -L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \ + -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \ + -L 8500:127.0.0.1:8500 \ " ``` and run: + bind_df + +Adrien uses `.ssh/config` configuration instead. I works basically the same. Here it goes: + ``` -bind_df +# in ~/.ssh/config + +Host deuxfleurs + User adrien + Hostname deuxfleurs.fr + # If you don't use the default ~/.ssh/id_rsa to connect to Deuxfleurs + IdentityFile + PubKeyAuthentication yes + ForwardAgent No + LocalForward 1389 bottin2.service.2.cluster.deuxfleurs.fr:389 + LocalForward 4646 127.0.0.1:4646 + LocalForward 5432 psql-proxy.service.2.cluster.deuxfleurs.fr:5432 + LocalForward 8082 traefik-admin.service.2.cluster.deuxfleurs.fr:8082 + LocalForward 8500 127.0.0.1:8500 ``` + +Now, to connect, do the following: + + ssh deuxfleurs -N diff --git a/app/.gitignore b/app/.gitignore index bee8a64..1da68d7 100644 --- a/app/.gitignore +++ b/app/.gitignore @@ -1 +1,2 @@ +env/ __pycache__ diff --git a/app/README.md b/app/README.md index 3049cac..a0dcf43 100644 --- a/app/README.md +++ b/app/README.md @@ -1,6 +1,4 @@ -## Understand this folder hierarchy - -This folder contains the following hierarchy: +# Folder hierarchy - `/build//`: folders with dockerfiles and other necessary resources for building container images - `/config/`: folder containing configuration files, referenced by deployment file @@ -8,18 +6,34 @@ This folder contains the following hierarchy: - `/deploy/`: folder containing the HCL file(s) necessary for deploying the module - `/integration/`: folder containing files for integration testing using docker-compose +# Secret Manager `secretmgr.py` + +The Secret Manager ensures that all secrets are present where they should in the cluster. + +**You need access to the cluster** (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's [README](../README.md), at the bottom of the file. + ## How to install `secretmgr.py` dependencies -How to install its dependencies: - ```bash -# on fedora: -dnf install -y openldap-devel -# on ubuntu: -apt-get install -y libldap2-dev +### Install system dependencies first: +## On fedora -# for eveyrone: -pip3 install --user --requirement requirements.txt +dnf install -y openldap-devel cyrus-sasl-devel +## On ubuntu +apt-get install -y libldap2-dev libsasl2-dev + +### Now install the Python dependencies from requirements.txt: + +## Either using a virtual environment +# (requires virtualenv python module) +python3 -m virtualenv env +# Must be done everytime you create a new terminal window in this folder: +. env/bin/activate +# Install the deps +pip install -r requirements.txt + +## Either by installing the dependencies for your system user: +pip3 install --user -r requirements.txt ``` ## How to use `secretmgr.py` @@ -42,7 +56,7 @@ Rotate secrets for app `dummy`, overwriting existing ones (be careful, this is d ./secretmgr.py regen dummy ``` -## How to upgrade our packaged apps to a new version? +# Upgrading one of our packaged apps to a new version 1. Edit `docker-compose.yml` 2. Change the `VERSION` variable to the desired version