Skip to content

fabiog1901/playbooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

177 Commits
deployments
deployments
 
 
inventories
inventories
 
 
playbooks
playbooks
 
 
README.md
README.md
 
 

Repository files navigation

CockroachDB playbooks

A collection of Ansible Playbooks for deploying a CockroachDB Self Hosted cluster.

Generate a self-signed CA key and cert pair

CockroachDB cluster are created with TLS encryption for node to node communication, therefore, certificates are required for a secure deployment.

The certificate we use are created using a self-signed CA.

If you don't have a self-signed CA already, you can use playbook generate_ca_certs.yaml to create the required custom CA crt and key.

The playbooks expect the CA files to be located at /var/lib/ca. As writing at path /var/lib/ca requires privilege permission, enter your MacOS password when prompted.

$ ansible-playbook playbooks/generate_ca_certs.yaml --ask-become-pass
BECOME password: <enter your MacOS login password>

PLAY [GENERATE CA CERTS] ********************

TASK [clean up directory] ********************
changed: [localhost]

TASK [create ca.key] ********************
changed: [localhost]

TASK [Create ca.cnf] ********************
changed: [localhost]

TASK [create the ca.crt] ********************
changed: [localhost]

TASK [Recreate index and serial files] ********************
changed: [localhost]

PLAY RECAP ********************
localhost                  : ok=5    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Verify the CA crt and key have been created.

$ ls -l /var/lib/ca/
total 40
-rw-r--r--  1 root  wheel   976B Jul 10 10:34 ca.cnf
-rw-r--r--  1 root  wheel   1.1K Jul 10 10:34 ca.crt
-r--------  1 root  wheel   1.7K Jul 10 10:34 ca.key
-rw-r--r--  1 root  wheel     1B Jul 10 10:34 index.txt
-rw-r--r--  1 root  wheel     3B Jul 10 10:34 serial.txt

Setting up AWS, GCP, Azure credentials

The create_cluster.yaml playbook uses cloud_instance to provision VMs on the public cloud providers.

Install it

pip3 install cloud_instance

cloud_instance uses the public clouds native SDK methods for Authentication.

For example, for AWS you will have to issue command aws sso login to get updated credential files in ~/.aws/sso.

GCP and AZURE will look for env variables, such as

GCP_SERVICE_ACCOUNT_FILE=/Users/fabio/cea-team.json
GCP_AUTH_KIND=serviceaccount
GCP_PROJECT=cea-team

Validate that authentication is working by issuing a command to fetch instances for a fake deployment_id

$ cloud_instance gather fake_deployment_id
[]

# cloud_instance logs to /tmp/cloud_instance.log.

As it returns an empty list [] without throwing any error, we know Authentication is correctly setup.

Create a cluster

The playbook assumes you have CA certificate files in /var/lib/ca/, as discussed in a previous section.

File deployments/sample.yaml contains the details of the deployment

ansible-playbook playbooks/create_cluster.yaml  -e @deployments/sample.yaml

About

Ansible Collection to deploy CockroachDB

Resources

Readme
Activity

Stars

10 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors