diff options
| author | Quentin <quentin@dufour.io> | 2021-01-19 15:49:11 +0100 |
|---|---|---|
| committer | Quentin <quentin@dufour.io> | 2021-01-19 15:49:11 +0100 |
| commit | af2b8b06babaa076798e8e2c2f4cf12b9d6e94fb (patch) | |
| tree | e19c7deb1d866987b1a50dc3889e73dddf26609e | |
| parent | eb925049ac4aab369763fbecb0caaec3579977a3 (diff) | |
| parent | 98280c8628bc1df6197a1a830808bcd8631101bf (diff) | |
| download | infrastructure-af2b8b06babaa076798e8e2c2f4cf12b9d6e94fb.tar.gz infrastructure-af2b8b06babaa076798e8e2c2f4cf12b9d6e94fb.zip | |
Merge pull request 'master' (#30) from adrien/infrastructure:master into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/30
| -rw-r--r-- | README.md | 31 | ||||
| -rw-r--r-- | app/.gitignore | 1 | ||||
| -rw-r--r-- | app/README.md | 38 | ||||
| -rw-r--r-- | app/im/secrets/chat/coturn/static-auth | 2 |
4 files changed, 54 insertions, 18 deletions
@@ -46,7 +46,7 @@ To ease the development, we make the choice of a fully integrated environment ### Deploying/Updating new services is done from your machine -*The following instructions are provided for ops that already have access to the servers.* +*The following instructions are provided for ops that already have access to the servers (meaning: their SSH public key is known by the cluster).* Deploy Nomad on your machine: @@ -74,16 +74,37 @@ Create an alias (and put it in your `.bashrc`) to bind APIs on your machine: alias bind_df="ssh \ -p110 \ -N \ + -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \ -L 4646:127.0.0.1:4646 \ - -L 8500:127.0.0.1:8500 \ - -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \ -L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \ - -L 1389:bottin2.service.2.cluster.deuxfleurs.fr:389 \ + -L 8082:traefik-admin.service.2.cluster.deuxfleurs.fr:8082 \ + -L 8500:127.0.0.1:8500 \ <a server from the cluster>" ``` and run: + bind_df + +Adrien uses `.ssh/config` configuration instead. I works basically the same. Here it goes: + ``` -bind_df +# in ~/.ssh/config + +Host deuxfleurs + User adrien + Hostname deuxfleurs.fr + # If you don't use the default ~/.ssh/id_rsa to connect to Deuxfleurs + IdentityFile <some_key_path> + PubKeyAuthentication yes + ForwardAgent No + LocalForward 1389 bottin2.service.2.cluster.deuxfleurs.fr:389 + LocalForward 4646 127.0.0.1:4646 + LocalForward 5432 psql-proxy.service.2.cluster.deuxfleurs.fr:5432 + LocalForward 8082 traefik-admin.service.2.cluster.deuxfleurs.fr:8082 + LocalForward 8500 127.0.0.1:8500 ``` + +Now, to connect, do the following: + + ssh deuxfleurs -N diff --git a/app/.gitignore b/app/.gitignore index bee8a64..1da68d7 100644 --- a/app/.gitignore +++ b/app/.gitignore @@ -1 +1,2 @@ +env/ __pycache__ diff --git a/app/README.md b/app/README.md index 3049cac..a0dcf43 100644 --- a/app/README.md +++ b/app/README.md @@ -1,6 +1,4 @@ -## Understand this folder hierarchy - -This folder contains the following hierarchy: +# Folder hierarchy - `<module>/build/<image_name>/`: folders with dockerfiles and other necessary resources for building container images - `<module>/config/`: folder containing configuration files, referenced by deployment file @@ -8,18 +6,34 @@ This folder contains the following hierarchy: - `<module>/deploy/`: folder containing the HCL file(s) necessary for deploying the module - `<module>/integration/`: folder containing files for integration testing using docker-compose -## How to install `secretmgr.py` dependencies +# Secret Manager `secretmgr.py` + +The Secret Manager ensures that all secrets are present where they should in the cluster. + +**You need access to the cluster** (SSH port forwarding) for it to find any secret on the cluster. Refer to the previous directory's [README](../README.md), at the bottom of the file. -How to install its dependencies: +## How to install `secretmgr.py` dependencies ```bash -# on fedora: -dnf install -y openldap-devel -# on ubuntu: -apt-get install -y libldap2-dev +### Install system dependencies first: +## On fedora + +dnf install -y openldap-devel cyrus-sasl-devel +## On ubuntu +apt-get install -y libldap2-dev libsasl2-dev + +### Now install the Python dependencies from requirements.txt: + +## Either using a virtual environment +# (requires virtualenv python module) +python3 -m virtualenv env +# Must be done everytime you create a new terminal window in this folder: +. env/bin/activate +# Install the deps +pip install -r requirements.txt -# for eveyrone: -pip3 install --user --requirement requirements.txt +## Either by installing the dependencies for your system user: +pip3 install --user -r requirements.txt ``` ## How to use `secretmgr.py` @@ -42,7 +56,7 @@ Rotate secrets for app `dummy`, overwriting existing ones (be careful, this is d ./secretmgr.py regen dummy ``` -## How to upgrade our packaged apps to a new version? +# Upgrading one of our packaged apps to a new version 1. Edit `docker-compose.yml` 2. Change the `VERSION` variable to the desired version diff --git a/app/im/secrets/chat/coturn/static-auth b/app/im/secrets/chat/coturn/static-auth index d23be29..43628ef 100644 --- a/app/im/secrets/chat/coturn/static-auth +++ b/app/im/secrets/chat/coturn/static-auth @@ -1 +1 @@ -USER cotorn static-auth (what is this?) +USER coturn static-auth (what is this?) |