This configuration is to be done once.
-
Generate an SSH keys pair
ssh-keygen -t rsa -f .ssh/<you>-cleanapp-io -C <you> -
Upload a public key to Google cloud
gcloud compute os-login ssh-keys add --key-file=.ssh/<you>-cleanapp-io.pub -
Set up the dev machine
- Login to the dev VM with SSH
ssh -i ~/.ssh/<you>-cleanapp-io <you>_cleanapp_io@34.132.121.53 - Grant ssh permission to the deployer account
Add the previously generated public key to the end of the file.
sudo nano /home/deployer/.ssh/authorized_keys - Login as deployer to check that it works
ssh -i ~/.ssh/<you>-cleanapp-io deployer@34.132.121.53
- Login to the dev VM with SSH
-
Set up prod machine
- Same as dev machine, just use the IP address 34.122.15.16
Here is a deployment documentation. Using the frontend deployment as an example.
-
Clone the frontend repository.
git clone https://github.com/cleanappio/cleanapp-frontend.git -
Make your changes.
Run the build & deploy script.
./build_image.sh -e dev --ssh-keyfile ~/.ssh/<you>-cleanapp-io
Run the build & deploy script.
./build_image.sh -e prod --ssh-keyfile ~/.ssh/<you>-cleanapp-io
-
Enable OS login on VMs
-
Configure the deployer user
-
Login to the VM as yourself, either via Cloud SSH or using its external IP address with your key.
ssh -i .ssh/<you>-cleanapp-io <you>_cleanapp_io@<VM IP address> -
Create the deployer user.
groupadd deployer -g 1003 useradd deployer -u 1003 -g 1003 -m -s /bin/bashNo need for the password as we will use SSH keys for login.
-
Configure passwordless sudo for deployer.
- Run the
sudo visudo - Add the following line after the
%sudo ALL=(ALL:ALL) ALLdeployer ALL=(ALL) NOPASSWD:ALL - Save changes
- Run the
-
Enable users for logging in as deployer.
- Add public SSH keys of all users you want to grant permission to into the file
/home/deployer/.ssh/authorized_keyssudo mkdir /home/deployer/.ssh sudo touch /home/deployer/.ssh/authorized_keys sudo mcedit /home/deployer/.ssh/authorized_keys - Set proper permissions
sudo chown -R deployer:deployer /home/deployer/.ssh sudo chmod 700 /home/deployer/.ssh sudo chmod 600 /home/deployer/.ssh/authorized_keys
- Add public SSH keys of all users you want to grant permission to into the file
-
Login to the VM as deployer
ssh -i .ssh/<you>-stxn-cloud deployer@<VM IP address> -
Configure the deployer for docker communications
gcloud auth configure-docker us-central1-docker.pkg.devThat will create a configuration file .docker/config.json.
-
Configure the service account
gcloud config set account cleanapp@cleanup-mysql-v2.iam.gserviceaccount.com -
Activate the service account
- Generate a new keypair for the account (from your personal authenticated account with iam permissions)
$ gcloud iam service-accounts keys create ~/cleanapp-mysql-v2-key.json \ --iam-account=cleanapp@cleanup-mysql-v2.iam.gserviceaccount.com $ scp ./cleanapp-mysql-v2-key.json deployer@<host>:/home/deployer/cleanapp-mysql-v2-key.json - Copy the keypair file to the VM
- Activate the account
gcloud auth activate-service-account cleanapp@cleanup-mysql-v2.iam.gserviceaccount.com --key-file=cleanapp-mysql-v2-key.json - Delete the keypair file after activation
- Generate a new keypair for the account (from your personal authenticated account with iam permissions)
-
- Copy the installing script to the VM
scp -i ~/.ssh/eko-cleanapp-io setup/install_docker.sh deployer@34.132.121.53:install_docker.sh - Login to the VM and run the install script
ssh -i ~/.ssh/<you>-cleanapp-io deployer@34.132.121.53chmod a+x ./install_docker.sh ./install_docker.sh - Add the
deployerto thedockergroupsudo usermod -aG docker $USER - Logout from the VM and login again