aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin <quentin@dufour.io>2021-01-19 15:49:11 +0100
committerQuentin <quentin@dufour.io>2021-01-19 15:49:11 +0100
commitaf2b8b06babaa076798e8e2c2f4cf12b9d6e94fb (patch)
treee19c7deb1d866987b1a50dc3889e73dddf26609e
parenteb925049ac4aab369763fbecb0caaec3579977a3 (diff)
parent98280c8628bc1df6197a1a830808bcd8631101bf (diff)
downloadinfrastructure-af2b8b06babaa076798e8e2c2f4cf12b9d6e94fb.tar.gz
infrastructure-af2b8b06babaa076798e8e2c2f4cf12b9d6e94fb.zip
Merge pull request 'master' (#30) from adrien/infrastructure:master into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/30
-rw-r--r--README.md31
-rw-r--r--app/.gitignore1
-rw-r--r--app/README.md38
-rw-r--r--app/im/secrets/chat/coturn/static-auth2
4 files changed, 54 insertions, 18 deletions
diff --git a/README.md b/README.md
index 5bf9f58..83aad91 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ To ease the development, we make the choice of a fully integrated environment
### Deploying/Updating new services is done from your machine
-*The following instructions are provided for ops that already have access to the servers.*
+*The following instructions are provided for ops that already have access to the servers (meaning: their SSH public key is known by the cluster).*
Deploy Nomad on your machine:
@@ -74,16 +74,37 @@ Create an alias (and put it in your `.bashrc`) to bind APIs on your machine:
alias bind_df="ssh \
-p110 \
-N \
+ -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \
-L 4646:127.0.0.1:4646 \
- -L 8500:127.0.0.1:8500 \
- -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \
-L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
- -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \
+ -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \
+ -L 8500:127.0.0.1:8500 \
<a server from the cluster>"
```
and run:
+ bind_df
+
+Adrien uses `.ssh/config` configuration instead. I works basically the same. Here it goes:
+
```
-bind_df
+# in ~/.ssh/config
+
+Host deuxfleurs
+ User adrien
+ Hostname deuxfleurs.fr
+ # If you don't use the default ~/.ssh/id_rsa to connect to Deuxfleurs
+ IdentityFile <some_key_path>
+ PubKeyAuthentication yes
+ ForwardAgent No
+ LocalForward 1389 bottin2.service.2.cluster.deuxfleurs.fr:389
+ LocalForward 4646 127.0.0.1:4646
+ LocalForward 5432 psql-proxy.service.2.cluster.deuxfleurs.fr:5432
+ LocalForward 8082 traefik-admin.service.2.cluster.deuxfleurs.fr:8082
+ LocalForward 8500 127.0.0.1:8500
```
+
+Now, to connect, do the following:
+
+ ssh deuxfleurs -N
diff --git a/app/.gitignore b/app/.gitignore
index bee8a64..1da68d7 100644
--- a/app/.gitignore
+++ b/app/.gitignore
@@ -1 +1,2 @@
+env/
__pycache__
diff --git a/app/README.md b/app/README.md
index 3049cac..a0dcf43 100644
--- a/app/README.md
+++ b/app/README.md
@@ -1,6 +1,4 @@
-## Understand this folder hierarchy
-
-This folder contains the following hierarchy:
+# Folder hierarchy
- `<module>/build/<image_name>/`: folders with dockerfiles and other necessary resources for building container images
- `<module>/config/`: folder containing configuration files, referenced by deployment file
@@ -8,18 +6,34 @@ This folder contains the following hierarchy:
- `<module>/deploy/`: folder containing the HCL file(s) necessary for deploying the module
- `<module>/integration/`: folder containing files for integration testing using docker-compose
-## How to install `secretmgr.py` dependencies
+# Secret Manager `secretmgr.py`
+
+The Secret Manager ensures that all secrets are present where they should in the cluster.
+
+**You need access to the cluster** (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's [README](../README.md), at the bottom of the file.
-How to install its dependencies:
+## How to install `secretmgr.py` dependencies
```bash
-# on fedora:
-dnf install -y openldap-devel
-# on ubuntu:
-apt-get install -y libldap2-dev
+### Install system dependencies first:
+## On fedora
+
+dnf install -y openldap-devel cyrus-sasl-devel
+## On ubuntu
+apt-get install -y libldap2-dev libsasl2-dev
+
+### Now install the Python dependencies from requirements.txt:
+
+## Either using a virtual environment
+# (requires virtualenv python module)
+python3 -m virtualenv env
+# Must be done everytime you create a new terminal window in this folder:
+. env/bin/activate
+# Install the deps
+pip install -r requirements.txt
-# for eveyrone:
-pip3 install --user --requirement requirements.txt
+## Either by installing the dependencies for your system user:
+pip3 install --user -r requirements.txt
```
## How to use `secretmgr.py`
@@ -42,7 +56,7 @@ Rotate secrets for app `dummy`, overwriting existing ones (be careful, this is d
./secretmgr.py regen dummy
```
-## How to upgrade our packaged apps to a new version?
+# Upgrading one of our packaged apps to a new version
1. Edit `docker-compose.yml`
2. Change the `VERSION` variable to the desired version
diff --git a/app/im/secrets/chat/coturn/static-auth b/app/im/secrets/chat/coturn/static-auth
index d23be29..43628ef 100644
--- a/app/im/secrets/chat/coturn/static-auth
+++ b/app/im/secrets/chat/coturn/static-auth
@@ -1 +1 @@
-USER cotorn static-auth (what is this?)
+USER coturn static-auth (what is this?)