Temporary Docker Servers - noi-techpark/odh-docs GitHub Wiki

We want to externalize integration tasks, and therefore we need a clone of our default docker installations. These servers should contain a single integration.

Internal Preparations

Create a new server

For example, with the server name temp-mqtt-broker...

  • Go to AWS Instances on EC2
  • Launch a new instance from the template temp-server
  • Set parameters:
    • Project: The project it belongs to, mostly OpenDataHub (for cost accounting)
    • Name: The name of this server, must always start with temp- as prefix, plus the name of the service we are integrating with this server
    • Backup: Always false, we do not need backups for temporary servers
    • DelegatedTo: The external contributor or company which is responsible for this server
    • Manager: The internal manager (pmoser or rthoeni mostly)
  • Launch the instance
  • Assign a Elastic IP with name temp-mqtt-broker-eip
  • Go to Route53 create a DNS entry with the name mqtt-broker.temp.testingmachine.eu pointing to the server's IP
  • Create and assign a new security group with the name temp-mqtt-broker-sg (optional, ssh is already enabled world-wide)
  • Assign the IAM role docker to this EC2 instance (if not already)

Ansible Installation

  • Clone our infrastructure repo locally
  • Go to ansible
  • Add the DNS to hosts under [temp] and to the initial main list inside hosts
  • Add public-keys to the corresponding folder
  • Create a host_vars yml file with the name of the server, see example below:
      ansible_python_interpreter: /usr/bin/python3
    
      users2:
        pinco:
          user_password: "$6$JFhrCJrT8v9CvaD$7ArleySaZwcMwm1yDiY1WTbdqU3PQmUKKgDpgTygNAcDKacECAUz/X032XszCNEbSz2ilxf2uaueynVxEIqqn0"
          user_authorized_keys:
            - "{{ lookup('file', '../public-keys/pinco') }}"
        pallino:
          user_password: "$6$JFhrCJrT8v9CvaD$7ArleySaZwcMwm1yDiY1WTbdqU3PQmUKKgDpgTygNAcDKacECAUz/X032XszCNEbSz2ilxf2uaueynVxEIqqn0"
          user_authorized_keys:
            - "{{ lookup('file', '../public-keys/pallino') }}"
    
      organizations2:
        temporg:
          - "pinco"
          - "pallino"
    
  • Run ssh -i ~/.ssh/temp-servers.pem [email protected] to add the IP to the known hosts file, and test connectivity
  • Run ansible-galaxy install --force -r requirements.yml
  • Run ansible-playbook --user=admin --private-key=~/.ssh/temp-servers.pem --limit=temp playbooks/temp.yml
  • Try to login to the server with your username + credentials
  • Test sudo su

Proxy Installation

  • Open our infrastructure repo
  • Open the file ansible/playbooks/proxy-02.yml
  • Add the new DNS entries (always use port 1333 for the main app, and 1334 etc. for others)
  • Commit + push + wait 5-10 minutes

Initial Test Deployment

  • Ansible installs this automatically into /var/docker/test
  • The port is always 1333
  • Test if everything works with the given main DNS entry (Hello World should be shown)

Checklist for external contributors

This is a list of what we need to create an autonomous instance:

  • for each user, that should be able to login
    • public key
    • name + surname, login will be first letter of name + surname (ex., pmoser)
  • a set of static IPs (optional, at the moment the default is to have SSH open for to the world)
  • a set of URLs that should point to the server (port + URL needed)

Getting started information for contributors

Copy/paste this into your email body:

Hi all,
the server has been prepared and is accessible with the following URL:

   ssh [your-user]@[servername].temp.testingmachine.eu

We have the following users with root privileges:
  - [user1]
  - [user2]

The default password for all users is this one: 
  
    avp6EQQ.

Please change it after your first login.

The following URLs point to our proxy which does https redirects for you:
  - [url1] -> [servername].temp.testingmachine.eu:1333
  - [url2] -> [servername].temp.testingmachine.eu:1334
  - etc.

An example installation can already be found under:

    /var/docker/test

    Have a look into .env and docker-compose.yml

It was started with 

    docker-compose up -d

Happy hacking!