This repository has been archived on 2020-08-11. You can view files and clone it, but cannot push or open issues or pull requests.
stack/README.md

466 lines
8.1 KiB
Markdown
Raw Normal View History

2020-04-20 07:43:13 +00:00
# stack
2020-04-02 13:20:50 +00:00
2020-04-20 07:43:13 +00:00
* [Gitea](https://gitea.io/en-us/)
* [Drone](https://drone.io/)
* [Guacamole](https://guacamole.apache.org/)
2020-04-20 08:04:34 +00:00
* [Ghost](https://ghost.org/)
2020-04-20 07:43:13 +00:00
* [Rocket Chat](https://rocket.chat/)
2020-04-02 13:20:50 +00:00
2020-04-20 07:43:13 +00:00
In a [docker](https://www.docker.com/) stack.
2020-04-02 13:20:50 +00:00
2020-04-30 11:52:56 +00:00
### docker stack configuration
2020-05-01 12:47:43 +00:00
[docker-compose.yml](docker-compose.yml)
2020-04-30 11:52:56 +00:00
## deployments
### static ip
2020-04-18 07:42:32 +00:00
[![Build Status](https://sigyl.com:5000/api/badges/giles/stack/status.svg)](https://sigyl.com:5000/giles/stack)
2020-04-20 07:43:13 +00:00
* home - https://sigyl.com/
* git - https://sigyl.com/git/
* drone - https://sigyl.com:5000/
2020-04-20 08:04:34 +00:00
* ghost - https://sigyl.com/blog/
2020-04-20 07:43:13 +00:00
* guacamole - https://sigyl.com/remote/
* chat - https://sigyl.com/chat/
2020-04-02 13:20:50 +00:00
2020-04-30 11:52:56 +00:00
#### starlark drone deployment file
2020-04-02 13:20:50 +00:00
2020-04-30 11:52:56 +00:00
[.drone-do.star](drone-do.star)
### tunnelled with ngrok
2020-04-02 13:20:50 +00:00
2020-04-20 07:43:13 +00:00
(very slow if home internet)
2020-04-02 13:20:50 +00:00
2020-04-29 15:36:43 +00:00
[![Build Status](https://drone.git.sigyl.com/api/badges/giles/stack/status.svg)](https://drone.git.sigyl.com/giles/stack)
* home - https://git.sigyl.com
* git - https://git.sigyl.com/git
* blog - https://git.sigyl.com/blog
* chat - https://git.sigyl.com/chat
* drone - https://drone.git.sigyl.com/
* guacamole - https://git.sigyl.com/remote
2020-04-29 06:07:43 +00:00
2020-04-30 11:52:56 +00:00
#### starlark drone deployment file
[.drone-home.star](.drone-home.star)
2020-04-29 06:07:43 +00:00
## installation
Once installed and running the system can redeploy itself.
2020-04-29 06:29:28 +00:00
However initially you need to do this yourself.
2020-04-29 10:05:39 +00:00
2020-04-30 12:12:12 +00:00
### remove old versions of docker
(if it's a fresh install of linux there shouldn't be any)
```
sudo apt-get remove docker docker-engine docker.io
```
### install docker
```
sudo apt install docker.io
```
### add current user to docker group
logout and back in afterwards
```
sudo usermod -aG docker $USER
```
### start and enable docker
```
sudo systemctl start docker
sudo systemctl enable docker
```
### change ssh port to 2022
```
sudo vi /etc/ssh/sshd_config
```
change Port 2022
### allow root to ssh
```
sudo vi /etc/ssh/sshd_config
```
## set the root password
```
sudo passwd root
```
change PermitRootLogin yes
reboot
start a stack running gitea to host repository.
## stack
### labels
get nodes with
```
docker node ls
```
add label with
```
docker node update --label-add com.sigyl.git-stack=yes [node id]
```
2020-04-29 06:29:28 +00:00
2020-04-29 10:05:39 +00:00
### global environment
the following environment variables need to be defined (define your own values)
```
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh
sh /etc/profile.d/sigyl-stack.sh
```
2020-04-29 06:29:28 +00:00
### make a folder and give yourself access
```
2020-04-29 10:05:39 +00:00
sudo mkdir -p $SIGYL_STACK_ROOT
2020-04-29 06:29:28 +00:00
cd /stack
2020-04-29 10:05:39 +00:00
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT
2020-04-29 06:29:28 +00:00
```
### clone the repository
```
cd /stack
2020-04-29 10:05:39 +00:00
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
2020-04-29 06:29:28 +00:00
git checkout home-deploy
```
2020-04-29 08:19:45 +00:00
### make certificates for the registry
these certificates will be in .ca and .certificates
2020-04-29 10:05:39 +00:00
where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.
eg git.local-domain
2020-04-29 08:19:45 +00:00
```
2020-04-29 10:05:39 +00:00
cd $SIGYL_STACK_ROOT/certificates
2020-04-29 08:19:45 +00:00
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry
```
2020-04-30 23:00:23 +00:00
copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d
2020-04-30 23:55:19 +00:00
```
sudo mkdir -p /etc/docker/certs.d/
sudo cp -r .ca/$REGISTRY_DOMAIN:5003 /etc/docker/certs.d/
```
2020-04-29 08:19:45 +00:00
### make environment variables
```
2020-04-30 21:11:46 +00:00
export TITLE="SiGyl Ltd!"
export DESCRIPTION="Software Development"
2020-04-29 08:19:45 +00:00
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
2020-04-29 14:52:52 +00:00
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
2020-04-29 08:19:45 +00:00
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
2020-04-29 14:52:52 +00:00
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???
2020-04-29 08:19:45 +00:00
```
### build images
```
2020-04-29 10:05:39 +00:00
sh build.sh $SIGYL_STACK_ROOT
2020-04-29 08:19:45 +00:00
```
### initial deploy of stack
```
2020-04-29 10:05:39 +00:00
cd $SIGYL_STACK_ROOT
2020-05-01 12:47:43 +00:00
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
2020-04-29 08:19:45 +00:00
```
### initialise postgres database
find postgres id as $ID
```
docker ps | grep stack_guacamole-postgresql.1
```
```
sh init-postgresql.sh $ID
```
## initialise mongo
get mongo id as $ID
```
docker ps | grep stack_chat-mongo.1
```
```
sh init-mongo-chat.sh $ID
```
### scale chat and ngrok and nginx
2020-05-01 15:14:21 +00:00
if ngrok required $NGROK=1 else $NGROK=0
2020-04-29 08:19:45 +00:00
```
2020-05-01 15:14:21 +00:00
sh init-scale.sh stack $NGROK
2020-04-29 08:19:45 +00:00
```
### create a gitea drone application
2020-04-29 10:05:39 +00:00
This might be on your local gitea or some other one.
set environment variables for it as follows (example values):
2020-04-29 08:19:45 +00:00
```
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
```
2020-04-29 10:05:39 +00:00
### redeploy
2020-05-01 15:14:21 +00:00
if ngrok required $NGROK=1 else $NGROK=0
2020-04-29 10:05:39 +00:00
```
2020-05-01 12:47:43 +00:00
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
2020-05-01 15:14:21 +00:00
sh init-scale.sh stack $NGROK
2020-04-29 14:52:52 +00:00
```
### drone secrets
Where these end up in environment variables they will be capitalised and underscored.
Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)
#### certbot-email
Email for lets encrypt certbot
2020-04-30 11:28:08 +00:00
#### chat-admin-name
Name for chat admin user.
#### chat-admin-password
Password for chat admin user.
#### chat-admin-email
Email for chat admin user.
2020-04-29 14:52:52 +00:00
#### description
Description of the application.
#### drone-convert-secret
Random secret for starlark conversion container.
#### drone-domain
The domain the drone server is tunneled to.
#### drone-gitea-client-id
The id of the gitea drone application.
#### drone-gitea-client-secret
The secret of the gitea drone application.
#### drone-gitea-server
URL of the gitea server.
#### drone-rpc-secret
Random secret for drone server + runners.
#### drone-server-host
host name (and port) for drone server.
2020-04-30 11:19:20 +00:00
#### ghost-mail-password
SMTP Password for ghost mail service
#### ghost-mail-service
mail service for ghost eg Mailgun
#### ghost-mail-user
SMTP user for ghost mail service
2020-04-29 14:52:52 +00:00
#### git-domain
This is the domain where the application will be served (via ngrok if applicable).
#### guacamole-postgres-db
Name of the db.
#### guacamole-postgres-password
2020-04-29 15:30:50 +00:00
Password for the db (no spaces).
2020-04-29 14:52:52 +00:00
#### guacamole-postgres-user
User for the db.
#### local-docker-registry
Registry where images will be pushed. (with trailing slash)
#### ngrok-auth-token
Authentication token for ngrok.
#### sigyl-stack-name
The name of the stack.
#### sigyl-stack-root
The file path where stack deployed to.
#### ssh-host
Host for the stack (must be a leader).
#### ssh-key
Not used atm.
#### ssh-passphrase
Not used atm.
#### ssh-password
Password for ssh.
#### ssh-port
Port for ssh.
#### ssh-root-password
Password for root user.
#### ssh-root-user
Ssh root user.
#### ssh-user
Ssh user.
#### title
Application title.
2020-04-30 11:19:20 +00:00
## initial set up of apps
You should do these asap and preferably before anyone else!!!
### gitea
Register then set up initial user and email settings.
### ghost blog
Vist domain/ghost and set up admin user.
### chat
2020-04-30 12:46:09 +00:00
Admin user is automatically created according to configured secrets. Change the password!
2020-04-30 11:52:56 +00:00
### guacamole
2020-04-30 12:46:09 +00:00
Use admin user name and password you supplied when you set up the database.
2020-04-30 12:12:12 +00:00
## docker-exec-runner on windows
These instructions are not very good...
2020-04-30 11:52:56 +00:00
2020-04-30 12:12:12 +00:00
https://exec-runner.docs.drone.io/installation/windows/
download and unpack on linux with
```
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
```
rename drone-runner-exec to drone-runner-exec.exe
make directory c:\Drone\drone-runner-exec on windows
copy drone-runner-exec.exe to directory
make config file with
```
DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true
```
install and start service with
```
drone-runner-exec service install
drone-runner-exec service start
```