Skip to content

vmck/acs-deploy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
bin
bin
 
 
grafana_dasboards
grafana_dasboards
 
 
nomad_jobs
nomad_jobs
 
 
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 
main.tf
main.tf
 
 

Repository files navigation

ACS vmchecker deployment

Deploy vmck and acs-interface using Terraform.

Setup

You need a Nomad, Consul and Vault cluster running to be able to deploy vmck and acs-interface. We recommend using liquidinvestigations/cluster. Please refer to them on how to install the cluster.

HowTo

First read through the Terraform Build Infrastructure tutorial if you're new to Terraform.

Install Terraform, then run terraform init to download plugins.

$ terraform init
[...]
Terraform has been successfully initialized!

Terraform state is persisted in the cluster's consul so it's synchronized for all users of this repo.

Make changes to the configuration files then run ./bin/deploy to deploy.

$ ./bin/deploy
nomad_job.vmck: Refreshing state... [id=vmck]
nomad_job.acs-interface: Refreshing state... [id=acs-interface]

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Available scripts

Backup - bin/backup

A script that does a backup on:

  • Consul
  • Acs-interface's Postgres database
  • Acs-interface's Minio archives storage
  • Vmck's Postgres database

It uses borg as the backup manager. It is recommended to set this script as a cron job.

Setup

Requirements
Steps

  1. Make sure you have the requirements installed

  2. Create a new gpg key using:

gpg --full-generate-key
  1. Initialize the borg location where the backup will be stored (you need to enter a passphrase):
mkdir -p <directory>
borg init <directory>
  1. Initialize a new pass repo using the previously generated gpg key
pass init <gpg-id>
  1. Generate a password for the borg-acs using the next command. You will also need to add a passphrase (needs to be the same passphrase used at step 3):
pass insert borg-acs

  1. In the bin/backup change BORG_REPO variable with the directory used with the borg init command.

  2. Run the backup script :)

./bin/backup

Consul state snapshot - bin/consul-snapshot

Takes a snapshot of the current state of consul.

Deploy - bin/deploy

Deploys the following jobs on the cluster:

  • nomad_jobs/acs-interface.hcl
  • nomad_jobs/drone.hcl
  • nomad_jobs/ingress.hcl
  • nomad_jobs/vmck.hcl

Nomad exec - bin/nomad_exec

Runs the given command in the allocation's container.

Additional optional nomad jobs

Drone - nomad_jobs/drone.hcl

A CI that we use as the standard way of building custom VM images.

Traefik - nomad_jobs/ingress.hcl

Router that we use to publish both vmck and acs-interface

Notes

  • Currently all scripts have hardcoded IP adresses such as 10.42.2.2. Please make sure to change them to your respective interface IP adresses to ensure that the deployment runs correctly.

  • If you want to add more client nodes (i.e. more servers to the cluster) you can use vmck/cluster-client.

Troubleshooting

All of the following solutions consider that you are running on liquidinvestigations/cluster.

1. Either acs-interface or drone does not have a ssl certificate

Usually traefik should take care of this and both acs-interface and drone should be available through https. If that is not the case then:

  • Go into Nomad UI and stop the job ingress
  • Go to Consul UI, in the KV tab delete the ingress folder
  • Restart traefik by going into the ingress job from the Nomad UI and click on start
  • In 15 minutes you should have new certificates

About

No description or website provided.

Topics

hacktoberfest

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages