This repository has been archived on 2020-08-11. You can view files and clone it, but cannot push or open issues or pull requests.
stack/README.md

8.3 KiB

stack

In a docker stack.

docker stack configuration

docker-compose.yml

deployments

static ip

Build Status

starlark drone deployment file

.drone-do.star

tunnelled with ngrok

(very slow if home internet)

Build Status

starlark drone deployment file

.drone-home.star

installation

Once installed and running the system can redeploy itself.

However initially you need to do this yourself.

remove old versions of docker

(if it's a fresh install of linux there shouldn't be any)

sudo apt-get remove docker docker-engine docker.io

install docker

sudo apt install docker.io

add current user to docker group

logout and back in afterwards

sudo usermod -aG docker $USER

start and enable docker

sudo systemctl start docker
sudo systemctl enable docker

change ssh port to 2022

sudo vi /etc/ssh/sshd_config

change Port 2022

allow root to ssh

sudo vi /etc/ssh/sshd_config

set the root password

sudo passwd root

change PermitRootLogin yes

reboot

start a stack running gitea to host repository.

stack

labels

get nodes with

docker node ls

add label with

docker node update --label-add com.sigyl.git-stack=yes [node id]

global environment

the following environment variables need to be defined (define your own values)

echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh

sh /etc/profile.d/sigyl-stack.sh

make a folder and give yourself access

sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT

clone the repository

cd /stack
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy

make certificates for the registry

these certificates will be in .ca and .certificates where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.

eg git.local-domain

cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry

copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d

sudo mkdir -p /etc/docker/certs.d/
sudo cp -r .ca/$REGISTRY_DOMAIN:5003 /etc/docker/certs.d/

make environment variables

export TITLE="SiGyl Ltd!"
export DESCRIPTION="Software Development"
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???

build images

sh build.sh $SIGYL_STACK_ROOT

initial deploy of stack

cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME

initialise postgres database

find postgres id as $ID

docker ps | grep stack_guacamole-postgresql.1
sh init-postgresql.sh $ID

initialise mongo

get mongo id as $ID

docker ps | grep stack_chat-mongo.1
sh init-mongo-chat.sh $ID

scale chat and ngrok and nginx

if ngrok required $NGROK=1 else $NGROK=0

sh init-scale.sh stack $NGROK

create a gitea drone application

This might be on your local gitea or some other one.

set environment variables for it as follows (example values):

export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=

redeploy

if ngrok required $NGROK=1 else $NGROK=0

docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
sh init-scale.sh stack $NGROK

drone secrets

Where these end up in environment variables they will be capitalised and underscored.

Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)

certbot-email

Email for lets encrypt certbot

chat-admin-name

Name for chat admin user.

chat-admin-password

Password for chat admin user.

chat-admin-email

Email for chat admin user.

description

Description of the application.

drone-convert-secret

Random secret for starlark conversion container.

drone-domain

The domain the drone server is tunneled to.

drone-gitea-client-id

The id of the gitea drone application.

drone-gitea-client-secret

The secret of the gitea drone application.

drone-gitea-server

URL of the gitea server.

drone-rpc-secret

Random secret for drone server + runners.

drone-server-host

host name (and port) for drone server.

ghost-mail-password

SMTP Password for ghost mail service

ghost-mail-service

mail service for ghost eg Mailgun

ghost-mail-user

SMTP user for ghost mail service

git-domain

This is the domain where the application will be served (via ngrok if applicable).

guacamole-postgres-db

Name of the db.

guacamole-postgres-password

Password for the db (no spaces).

guacamole-postgres-user

User for the db.

local-docker-registry

Registry where images will be pushed. (with trailing slash)

ngrok-auth-token

Authentication token for ngrok.

sigyl-stack-name

The name of the stack.

sigyl-stack-root

The file path where stack deployed to.

ssh-host

Host for the stack (must be a leader).

ssh-key

Not used atm.

ssh-passphrase

Not used atm.

ssh-password

Password for ssh.

ssh-port

Port for ssh.

ssh-root-password

Password for root user.

ssh-root-user

Ssh root user.

ssh-user

Ssh user.

title

Application title.

initial set up of apps

You should do these asap and preferably before anyone else!!!

gitea

Register then set up initial user and email settings.

ghost blog

Vist domain/ghost and set up admin user.

chat

Admin user is automatically created according to configured secrets. Change the password!

guacamole

Use admin user name and password you supplied when you set up the database.

docker-exec-runner on windows

These instructions are not very good...

https://exec-runner.docs.drone.io/installation/windows/

download and unpack on linux with

curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx

rename drone-runner-exec to drone-runner-exec.exe

make directory c:\Drone\drone-runner-exec on windows

copy drone-runner-exec.exe to directory

make config file with


DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true

install and start service with

drone-runner-exec service install
drone-runner-exec service start