/deploy

Ansible playbook to deploy Deconst onto a cluster

Primary LanguagePythonApache License 2.0Apache-2.0

Deconst Ansible Playbook

This is an Ansible playbook that deploys Deconst onto a cluster.

Clone this repository once for each deconst instance you wish to administer. The contents of credentials.yml customize and identify each deployment.

Prerequisites

You'll need a recent Python 2.7, at least Ansible 1.9.0.1, and pyrax. You can use a virtualenv if you wish.

# Check your Python version
python -V

# Install virtualenv and virtualenvwrapper, if desired.
sudo pip install virtualenv virtualenvwrapper
source /usr/local/bin/virtualenvwrapper.sh

mkvirtualenv deconst-ansible

# Install Ansible and pyrax.
pip install -r requirements.txt

Running

To deploy or update a cluster:

  1. Copy the example credentials file and fill in your credentials and customizations. Alternately, use a credentials file corresponding to an existing deployment you'd like to maintain.

    cp credentials.example.yml credentials.yml
    ${EDITOR} credentials.yml
    
    # Or:
    script/decrypt ~/cred-repo/credentials-staging.yml.enc
  2. Copy the SSH Private Key used for the deconst instante into /keys.

    • cp instance-private-key keys/{instance-name}.private.key
    • chmod 600 keys/{instance-name}.private.key

    The instance name is found in credentials.yml and is used to locate the SSH key used for communication automatically. We recommend storing the SSH private key in an encrypted document store.

  3. Run the playbook with the deploy script.

    script/deploy

Parameters

Deconst guards against inconsistent credentials.yml files being run by multiple maintainers. If you intentionally make changes to the credentials file, you'll need to provide extra variables to script/deploy.

If you change the deployment, run with:

script/deploy -e 'new_deployment=true'

If you make any other local changes to a credentials.yml file, run with:

script/deploy -e 'credentials_update=true'

To only update the control repository's content map, layout map or templates:

script/deploy --tags control

To force a restart of selected services:

# Restart only presenters
script/deploy --tags restart -e 'presenter_restart=true'

# Other restart control variables:
# -e 'service_pod_restart=true'         Service pods (content services and presenter)
# -e 'logstash_forwarder_restart=true'  Logstash-forwarder
# -e 'logstash_restart=true'            Logstash

To force the generation of new TLS certificates:

script/deploy --extra-vars="gencerts=yes"

Utilities

This repository contains a number of utilities to assist in basic ops work. Each script keys off of the credentials in credentials.yml, so it will use the correct Rackspace account and hosts.

  • script/status performs a docker status on each host. It's useful for quickly seeing if all expected services are up and running.
  • script/logs <component> tails the Docker container logs of each matching service across the cluster. The number of lines given can be controlled by setting LOG_LINES. For example: LOG_LINES=50 script/logs presenter.
  • script/genkey <name> reads the admin API key from your credentials file and issues a new API key with the provided name.
  • script/ssh <hostpattern> logs in to a uniquely identified host in the cluster.
  • script/ips lists the IP addresses of each host in the cluster.
  • script/lb audits and corrects load-balancer node membership on the cluster. Consult --help for details.
  • script/reindex asynchronously triggers a full content reindex in Elasticsearch.

Deconst Dev Env in Kubernetes with Minikube

These instructions will create the underlying resources necessary to run a deconst dev env in Kubernetes with Minikube.

  1. Install Minikube

  2. Open a new shell

  3. Create a minikube

    Deconst is known to work with Kubernetes 1.5.3

    minikube start --kubernetes-version 1.5.3
  4. Install kubectl

    Be sure to install the version that matches your Kubernetes version from the step above.

  5. Create resources

    kubectl apply -f kubernetes/namespace.yaml
    kubectl apply -f kubernetes
  6. Deploy a secure private Docker image registry

    For more information on this tool see Registry Tooling.

    cd ..
    git clone git@github.com:ContainerSolutions/registry-tooling.git
    cd registry-tooling
    ./reg-tool.sh install-k8s-reg -y

    If you do a minikube stop followed by a minikube start, you'll need to rerun ./reg-tool.sh because minikube start overwrites /etc/hosts and sets up new certs.

  7. (Optional) Connect to the image registry

    For more information on using this tool see Usage

    eval $(minikube docker-env)
    docker images
  8. (Optional) Set the context namespace

    If you set the context namespace, you can omit the --namespace deconst from all of the other commands.

    kubectl config set-context minikube --namespace=deconst

    To unset the context namespace

    kubectl config unset contexts.minikube.namespace
  9. Watch and wait for resources

    watch kubectl get all --all-namespaces
  10. View the logs

    minikube service kibana-logging --namespace kube-system

    Click the Create button to create a new index and then click the Discover menu item to view it.

  11. Deploy the content service

  12. Delete resources

    kubectl delete deploy/mongo svc/mongo --namespace deconst
    kubectl delete ds/fluentd-elasticsearch --namespace kube-system
    kubectl delete deploy/kibana-logging svc/kibana-logging --namespace kube-system
    kubectl delete rc/elasticsearch-logging-v1 svc/elasticsearch-logging --namespace kube-system
    kubectl delete namespace deconst