From 231e5aa0542c62afee7b416b496eba09801edb84 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 13:12:12 +0100 Subject: [PATCH] . --- README.md | 114 +++++++++++- docker-compose-home.yml | 2 +- drone-starlark/repos/stack/drone.star | 10 +- install.md | 243 -------------------------- 4 files changed, 116 insertions(+), 253 deletions(-) delete mode 100644 install.md diff --git a/README.md b/README.md index efc06e7..c6dafc2 100644 --- a/README.md +++ b/README.md @@ -40,12 +40,80 @@ Once installed and running the system can redeploy itself. However initially you need to do this yourself. -### docker -you need a docker swarm set up with nodes with the following labels +### remove old versions of docker + +(if it's a fresh install of linux there shouldn't be any) + +``` +sudo apt-get remove docker docker-engine docker.io +``` + +### install docker + +``` +sudo apt install docker.io +``` + +### add current user to docker group + +logout and back in afterwards + +``` +sudo usermod -aG docker $USER +``` + +### start and enable docker + +``` +sudo systemctl start docker +sudo systemctl enable docker +``` + +### change ssh port to 2022 + +``` +sudo vi /etc/ssh/sshd_config + +``` + +change Port 2022 + +### allow root to ssh + +``` +sudo vi /etc/ssh/sshd_config + +``` + +## set the root password + +``` +sudo passwd root +``` + +change PermitRootLogin yes + +reboot + +start a stack running gitea to host repository. + +## stack + +### labels + +get nodes with + +``` +docker node ls +``` + +add label with + +``` +docker node update --label-add com.sigyl.git-stack=yes [node id] +``` -* com.sigyl.git-stack=yes -* com.sigyl.git-stack-data=yes ### global environment @@ -330,3 +398,41 @@ Vist domain/ghost and set up admin user. ### chat Admin user is automatically created according to configured secrets + + +## docker-exec-runner on windows + +These instructions are not very good... + +https://exec-runner.docs.drone.io/installation/windows/ + +download and unpack on linux with + +``` +curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx +``` + + +rename drone-runner-exec to drone-runner-exec.exe + +make directory c:\Drone\drone-runner-exec on windows + +copy drone-runner-exec.exe to directory + +make config file with + +``` + +DRONE_RPC_PROTO=https +DRONE_RPC_HOST=drone.sigyl.com:443 +DRONE_RPC_SECRET=[rpc secret] +DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt +DRONE_RUNNER_LABELS=web:true +``` + +install and start service with + +``` +drone-runner-exec service install +drone-runner-exec service start +``` diff --git a/docker-compose-home.yml b/docker-compose-home.yml index e6834b1..857ec7a 100644 --- a/docker-compose-home.yml +++ b/docker-compose-home.yml @@ -300,7 +300,7 @@ services: - ROOT_URL=https://${GIT_DOMAIN}/chat - PORT=3000 - MONGO_URL=mongodb://chat-mongo:27017/rocketchat - - ADMIN_USERNAME=${CHAT_ADMIN_USER} + - ADMIN_USERNAME=${CHAT_ADMIN_NAME} - ADMIN_PASS=${CHAT_ADMIN_PASSWORD} - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL} volumes: diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 84ddcc4..857ca54 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -30,17 +30,17 @@ def drone( pipeline( branch, [ - printSecrets( - "env-stack", - publicSecrets, - secretSecrets, - ), wait(15, "wait"), build("drone-starlark"), rescale( "{name}_drone-starlark".format(name=name), 1, ), + printSecrets( + "env-stack", + publicSecrets, + secretSecrets, + ), build("ngrok-gitea"), build("guacamole-postgresql"), build("letsencrypt-nginx"), diff --git a/install.md b/install.md deleted file mode 100644 index e9a0edb..0000000 --- a/install.md +++ /dev/null @@ -1,243 +0,0 @@ -# gitea in a stack with drone and guacamole - -Remote system support. - -Consisting of - -* gitea repository - github like self hosted git and web application -* drone ci system -* guacamole - rdp, vnc and ssh over the internet in the browser - - -## home - - -(nb when self deploying with drone it will will stick on started and have to be cancelled. This is because the deployment tears down the previous running drone). - -NB each time you deploy this using drone it will leave an orphaned network for example: - -eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network” - -You need to keep clearing out orphaned networks. - -## installing docker - -Start with a fresh install of Ubuntu server 19.04 connected to the internet - -### update packages - -``` -sudo apt-get update -sudo apt-get upgrade -``` - -### remove old versions of docker - -(if it's a fresh install of linux there shouldn't be any) - -``` -sudo apt-get remove docker docker-engine docker.io -``` - -### install docker - -``` -sudo apt install docker.io -``` - -### add current user to docker group - -logout and back in afterwards - -``` -sudo usermod -aG docker $USER -``` - -### start and enable docker - -``` -sudo systemctl start docker -sudo systemctl enable docker -``` - -### change ssh port to 2022 - -``` -sudo vi /etc/ssh/sshd_config - -``` - -change Port 2022 - -### allow root to ssh - -``` -sudo vi /etc/ssh/sshd_config - -``` - -## set the root password - -``` -sudo passwd root -``` - -change PermitRootLogin yes - -reboot - -start a stack running gitea to host repository. - -## stack - -### labels - -get nodes with - -``` -docker node ls -``` - -add label with - -``` -docker node update --label-add com.sigyl.git-stack=yes [node id] -``` - -### generate certificates - -(rnd file) dd if=/dev/urandom of=~/.rnd bs=256 count=1 -where [registry-domain] is the domain on which the registry will be served - - sh ca.sh [registry-domain]:5000 - - - sh make-cert.sh [registry-domain] registry - -### ngrok auth - -obtain ngrok auth token and place in .secrets in form - - authtoken: [token] - -### initial deploy - -```shell -export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000 -export CERTBOT_EMAIL=giles.bradshaw@sigyl.com -export GIT_DOMAIN=git.sigyl.com -export REMOTE_DOMAIN=remote.sigyl.com -export DRONE_DOMAIN=drone.sigyl.com -export BLOG_DOMAIN=blog.sigyl.com - -export DRONE_RPC_SECRET=$(openssl rand -base64 48) -docker stack deploy -c docker-compose.yml gitea -``` - -### create gitea drone app with client id and secret - -### add secrets to repository in drone - - -![add secret](./add-secret.png) - -* blog-domain -* certbot-email -* drone-domain -* drone-gitea-client-id -* drone-gitea-client-secret -* drone-rpc-secret -* git-domain -* local-docker-registry -* remote-domain -* ssh-password -* ssh-port -* ssh-root-password -* ssh-root-user -* ssh-user -* ssh-host - -### kill orphan docker:dind containers - -Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed.. - - -## guacamole - -np no spaces in postgres password - -docker stack for guacamole - -adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html - -### initialising - -find id - -``` -docker ps - -``` - -execute initdb.sql - -``` -docker exec -it $ID psql -U postgres -d guacamole_db -f /initdb.sql -docker exec -it $ID psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword' -v user='guacamole_user' -``` - -initial admin is guacadmin:guacadmin - -create a new admin and delete guacadmin - -## docker-exec-runner on windows - -These instructions are not very good... - -https://exec-runner.docs.drone.io/installation/windows/ - -download and unpack on linux with - -``` -curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx -``` - - -rename drone-runner-exec to drone-runner-exec.exe - -make directory c:\Drone\drone-runner-exec on windows - -copy drone-runner-exec.exe to directory - -make config file with - -``` - -DRONE_RPC_PROTO=https -DRONE_RPC_HOST=drone.sigyl.com:443 -DRONE_RPC_SECRET=[rpc secret] -DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt -DRONE_RUNNER_LABELS=web:true -``` - - -install and start service with - -``` -drone-runner-exec service install -drone-runner-exec service start -``` - -## chat - -Once the chat-mongo container is up you need to get its id and do - -``` -docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))" -``` - -then scale up chat - -``` -docker service scale gitea_chat=1 -``` \ No newline at end of file