This repository has been archived on 2020-08-11. You can view files and clone it, but cannot push or open issues or pull requests.
stack/README.md

5.4 KiB

stack

In a docker stack.

static ip

Build Status

drone.do.yml - docker-compose-do.yml

tunnelled with ngrok

(very slow if home internet)

Build Status

installation

Once installed and running the system can redeploy itself.

However initially you need to do this yourself.

docker

you need a docker swarm set up with nodes with the following labels

  • com.sigyl.git-stack=yes
  • com.sigyl.git-stack-data=yes

global environment

the following environment variables need to be defined (define your own values)

echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh

sh /etc/profile.d/sigyl-stack.sh

make a folder and give yourself access

sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT

clone the repository

cd /stack
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy

make certificates for the registry

these certificates will be in .ca and .certificates where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.

eg git.local-domain

cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry

make environment variables

export TITLE=SiGyl Ltd
export DESCRIPTION=Software Development
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???

build images

sh build.sh $SIGYL_STACK_ROOT

initial deploy of stack

cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME

initialise postgres database

find postgres id as $ID

docker ps | grep stack_guacamole-postgresql.1
sh init-postgresql.sh $ID

initialise mongo

get mongo id as $ID

docker ps | grep stack_chat-mongo.1
sh init-mongo-chat.sh $ID

scale chat and ngrok and nginx

sh init-scale.sh stack

create a gitea drone application

This might be on your local gitea or some other one.

set environment variables for it as follows (example values):

export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=

redeploy

docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
sh init-scale.sh stack

drone secrets

Where these end up in environment variables they will be capitalised and underscored.

Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)

certbot-email

Email for lets encrypt certbot

description

Description of the application.

drone-convert-secret

Random secret for starlark conversion container.

drone-domain

The domain the drone server is tunneled to.

drone-gitea-client-id

The id of the gitea drone application.

drone-gitea-client-secret

The secret of the gitea drone application.

drone-gitea-server

URL of the gitea server.

drone-rpc-secret

Random secret for drone server + runners.

drone-server-host

host name (and port) for drone server.

git-domain

This is the domain where the application will be served (via ngrok if applicable).

guacamole-postgres-db

Name of the db.

guacamole-postgres-password

Password for the db (no spaces).

guacamole-postgres-user

User for the db.

local-docker-registry

Registry where images will be pushed. (with trailing slash)

ngrok-auth-token

Authentication token for ngrok.

sigyl-stack-name

The name of the stack.

sigyl-stack-root

The file path where stack deployed to.

ssh-host

Host for the stack (must be a leader).

ssh-key

Not used atm.

ssh-passphrase

Not used atm.

ssh-password

Password for ssh.

ssh-port

Port for ssh.

ssh-root-password

Password for root user.

ssh-root-user

Ssh root user.

ssh-user

Ssh user.

title

Application title.