This repository contains all deployment and server configuration details for Lavinia.
- A linux machine/VM (This document will use Ubuntu as reference)
- Terraform ( >= 0.13.0, download page)
- Ansible ( >= 3.8.2,
apt-get install ansible
) - Openstack client (should be installed automatically by terraform, >= 5.3.1,
pip3 install python-openstackclient
) - An NREC API password
- A Lavinia SSH key (If contributing to the current setup)
- A GPG public encryption key (If contributing to the current setup)
- A registered domain name (If setting up new instance)
- An account for Nginx Amplify (If setting up new instance)
git pull https://github.com/Project-Lavinia/Deployment.git
- Create the file
Deployment/keystone_rc.sh
as explained in this guide. - Create the file:
Deployment/ansible/private.yaml
with the content:(Public key fingerprint will be generated later, if setting up a new instance)letsencrypt_email: <email of project admin> amplify_key: <API key from Amplify> key_fingerprint: <Public key fingerprint>
- In
Deployment/terraform
, setup the ansible inventory as per this guide (The inventory directory should have the pathDeployment/terraform/inventory
) - In
Deployment/terraform/terraform.tfvars
modify which IPs should have http/ssh access to the servers. - In
Deployment/terraform/variables.tf
modify the flavour and number of each server type, as well as the domain that should be used. - Go through the rest of the terraform files and ensure that you are happy with the settings.
- In
Deployment
dosource keystone_rc.sh
- In the
Deployment/terraform
directory, use the commandterraform init
- Complete the First time set-up.
- Generate an SSH key pair by following the first code-block of this guide.
- Generate a second key in the directory
~/.ssh/jenkins/
- Generate a GPG key with
gpg --full-generate-key
, use the same email as used inDeployment/ansible/private.yaml
- Export the public key to
Deployment/ansible/gpg/lavinia.key
withgpg --output <path to key file> --armor --export <email>
- Use
gpg --list-key
to get the fingerprint of your key, and add it to theDeployment/ansible/private.yaml
file. - Log into your domain registrar and change the name servers of your domain as according to this guide. (If you encounter problems, try using ns1.uh-iaas.no and ns2.uh-iaas.no, instead of the nrec domain)
- In
Deployment/terraform
doterraform apply
- Then do
.\update_all.sh
- Open
https://jenkins.<your domain>
in your browser - In Jenkins, log in with username: admin, password: admin, and immediately change the password
- In Jenkins, install the following jenkins plugins:
- Blue Ocean
- Ansible plugin
- SSH Credentials Plugin
- Basic Branch Build Strategies Plugin
- MSTest plugin
- In Github -> Personal access tokens: Create a new access token called Jenkins_Hooks with the permission:
admin:org_hook
- In Jenkins -> Manage Jenkins -> Configure System -> GitHub:
- Name:
GitHub
- API URL: leave the default value
- Credentials -> Add -> Jenkins:
- Domain: Global credentials
- Kind: Secret text
- Scope: System
- Secret: the Jenkins_Hooks access token
- ID:
github_hooks
- Description:
Github Hooks
- Manage hooks: checked
- Name:
- In Github -> Personal access tokens: Create a new access token called Jenkins_Release with the permission:
repo
- In Jenkins -> Manage Jenkins -> Manage Credentials -> Stores: Jenkins -> System: Global credentials -> Add Credentials:
- Kind: Secret text
- Scope: Global
- Secret: the Jenkins_Release access token
- ID:
jenkins_release_token
- Description:
Github token for uploading releases
- In Jenkins -> Manage Jenkins -> Manage Credentials -> Stores scoped to Jenkins: Jenkins -> System: Global credentials -> Add Credentials:
- Scope: Global
- ID:
ansible_key
- Description:
SSH key for Ansible
- Username:
centos
- Private Key: Enter directly -> Paste the contents of the file
~/.ssh/jenkins/id_rsa
- Passphrase: Leave empty
- In Jenkins -> Blue Ocean: create two new pipelines (for Lavinia-API and Lavinia-Client), it should assist you with GitHub configuration
- For each pipeline, In Jenkins -> Pipeline -> Configure -> Behaviors: Edit the Behaviors so they contain exactly:
- Discover branches (Exclude branches that are also filed as PRs)
- Discover pull requests from origin (Merging the pull request with the current target branch revision)
- Discover tags
- Clean before checkout (Delete untracked nested repositories: checked)
- Clean after checkout (Delete untracked nested repositories: checked)
- For each pipeline, In Jenkins -> Pipeline -> Configure -> Build strategied -> Add:
- Tags (Ignore tags newer than: (leave empty), Ignore tags older than: 7)
It is safe to modify both the number of web and api instanced at the same time, just perform the actions for both web and api at the points where you should do one or the other.
- Modify the number of instances in
Deployment/terraform/variables.tf
- In the
Deployment/terraform
directory, use the commandterraform apply
- Then do:
ansible-playbook -i inventory ../ansible/api.yaml
oransible-playbook -i inventory ../ansible/web.yaml
ansible-playbook -i inventory ../ansible/load_balancer.yaml
ansible-playbook -i inventory ../ansible/jenkins.yaml
- Restart the playbook, it should work the second time around
- SSH into the server
- Run
sudo netstat -tulpn
, making a note of the PID of the service using the 80/TCP and 443/TCP ports (probably the nginx service) - Run
sudo kill -2 <PID>
- Rerun the playbook
If you get an error while running the playbooks stating that Snap "core" has "install-snap" change in progress.
- SSH into the related server
- Run
snap changes
to identify the task that has statusDoing
, making a note of the related task ID. - Run
sudo snap abort <task ID>
- Rerun the playbook