Initial set-up script #12

New Issue

3wordchant · 2020-09-13T11:44:15Z

3wordchant commented

2020-09-13 11:44:15 +00:00

curl https://install.domain.tld | bash

Install Docker
Swarm init
Certificate set-up?
Install abra

Crib from autonomic.docker-tls and autonomic.swarm-single-node

`curl https://install.domain.tld | bash` 1. Install Docker 2. Swarm init 3. Certificate set-up? 4. Install abra Crib from [`autonomic.docker-tls`](https://git.autonomic.zone/autonomic-cooperative/infrastructure/src/branch/master/roles/autonomic.docker-tls) and [`autonomic.swarm-single-node`](https://git.autonomic.zone/autonomic-cooperative/infrastructure/src/branch/master/roles/autonomic.swarm-single-node)

3wordchant commented

2020-09-13 12:05:50 +00:00

https://github.com/aelsabbahy/miniswarm

3wordchant referenced this issue

2020-09-20 18:39:39 +00:00

Any benefit to switching to docker machine for swarm initialisation? #16

3wordchant added this to the Public mini-launch milestone 2020-09-20 18:40:01 +00:00

decentral1se commented

2020-09-22 12:50:31 +00:00

I think for our purposes, we can probably roll this ourselves again, super simply.

Just use the usual docker installation script via https://get.docker.com and then after that runs through, run docker swarm init and then the swarm is ready to rip.

Then for the certs, I have this script for our current swarm:

docker run --rm 
	-v /root/.docker:/certs paulczar/omgwtfssl

docker run --rm 
	-v /etc/docker/ssl:/server 
	-v /root/.docker:/certs 
	-e SSL_IP=127.0.0.1,666.666.666.666 
	-e SSL_DNS=swarm.autonomic.zone 
	-e SSL_KEY=/server/key.pem 
	-e SSL_CERT=/server/cert.pem 
	-e CA_EXPIRE=3600 
	-e SSL_EXPIRE=3600 
	paulczar/omgwtfssl

cp /root/.docker/ca.pem /etc/docker/ssl/
chmod -R 0600 /etc/docker/ssl

We'd also need to configure /etc/docker/daemon.json:

{
    "hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
    "tls": true,
    "tlscacert": "/etc/docker/ssl/ca.pem",
    "tlscert": "/etc/docker/ssl/cert.pem",
    "tlskey": "/etc/docker/ssl/key.pem",
    "tlsverify": true
}

And then /etc/systemd/system/docker.service.d/override.conf:

# See https://github.com/moby/moby/issues/25471

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd

Then restart the daemon.

Then installing abra is curl -fsSL https://install.abra.autonomic.zone | bash.

Soooo, maybe it could be a curl -fsSL https://install.swarm.autonomic.zone | bash and you run that on your Debian VPS as root? That is like the base installation done then. Anything like logging and other stuff, can be taken care of by sysadmins.

Seems doable in B.A.S.H

I think for our purposes, we can probably roll this ourselves again, super simply. Just use the usual docker installation script via https://get.docker.com and then after that runs through, run `docker swarm init` and then the swarm is ready to rip. Then for the certs, I have this script for our current swarm: ```sh docker run --rm -v /root/.docker:/certs paulczar/omgwtfssl docker run --rm -v /etc/docker/ssl:/server -v /root/.docker:/certs -e SSL_IP=127.0.0.1,666.666.666.666 -e SSL_DNS=swarm.autonomic.zone -e SSL_KEY=/server/key.pem -e SSL_CERT=/server/cert.pem -e CA_EXPIRE=3600 -e SSL_EXPIRE=3600 paulczar/omgwtfssl cp /root/.docker/ca.pem /etc/docker/ssl/ chmod -R 0600 /etc/docker/ssl ``` We'd also need to configure `/etc/docker/daemon.json`: ``` { "hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"], "tls": true, "tlscacert": "/etc/docker/ssl/ca.pem", "tlscert": "/etc/docker/ssl/cert.pem", "tlskey": "/etc/docker/ssl/key.pem", "tlsverify": true } ``` And then `/etc/systemd/system/docker.service.d/override.conf`: ``` # See https://github.com/moby/moby/issues/25471 [Service] ExecStart= ExecStart=/usr/bin/dockerd ``` Then restart the daemon. Then installing abra is `curl -fsSL https://install.abra.autonomic.zone | bash`. Soooo, maybe it could be a `curl -fsSL https://install.swarm.autonomic.zone | bash` and you run that on your Debian VPS as root? That is like the base installation done then. Anything like logging and other stuff, can be taken care of by sysadmins. Seems doable in B.A.S.H

3wordchant commented

2020-09-22 15:11:26 +00:00

Just use the usual docker installation script via https://get.docker.com and then after that runs through, run docker swarm init and then the swarm is ready to rip.

That was my instinct, but the get.docker.com script historically has a honking big warning not to use it in production.. if that's changed or we don't care then I'm fine.

I think we might not need to worry about the TLS stuff if we use SSH-based access? I was able to get a new server setup yesterday with:

$ apt install docker.io
$ adduser USERNAME -G sudo,docker

Then locally:

$ abra context init sub.domain.tld USERNAME
$ abra context use sub.domain.tld
$ docker swarm init
$ docker network create --driver=overlay proxy --scope swarm

> Just use the usual docker installation script via https://get.docker.com and then after that runs through, run docker swarm init and then the swarm is ready to rip. That was my instinct, but the get.docker.com script historically has a honking big warning not to use it in production.. if that's changed or we don't care then I'm fine. I think we might not need to worry about the TLS stuff if we use SSH-based access? I was able to get a new server setup yesterday with: ``` $ apt install docker.io $ adduser USERNAME -G sudo,docker ``` Then locally: ``` $ abra context init sub.domain.tld USERNAME $ abra context use sub.domain.tld $ docker swarm init $ docker network create --driver=overlay proxy --scope swarm ```

decentral1se commented

2020-09-22 19:28:00 +00:00

I was able to get a new server setup yesterday with ...

Wowza, super simple! Excellent. Let's use SSH, yes please.

> I was able to get a new server setup yesterday with ... Wowza, super simple! Excellent. Let's use SSH, yes please.

❤️ 1

3wordchant commented

2020-09-23 15:40:37 +00:00

This gave me Docker 18.09.1 which was kind of crashy, I upgraded to 19.03.13 using the Docker repositories which may be a better bet for the installer script.

This gave me Docker 18.09.1 which was kind of crashy, I upgraded to 19.03.13 using [the Docker repositories](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-debian-10) which may be a better bet for the installer script.

decentral1se commented

2020-09-24 07:21:16 +00:00

https://install.swarm.autonomic.zone

https://git.autonomic.zone/autonomic-cooperative/abra/src/branch/main/script.d/swarm-installer is currently being served (placeholder for now...), so we can work on just getting 1) docker installed in a stable way 2) swarm init'd and then leave the TLS stuff since we rely on SSH now and perhaps also drop the abra install since that is done on the local?

> https://install.swarm.autonomic.zone https://git.autonomic.zone/autonomic-cooperative/abra/src/branch/main/script.d/swarm-installer is currently being served (placeholder for now...), so we can work on just getting 1) docker installed in a stable way 2) swarm init'd and then leave the TLS stuff since we rely on SSH now and perhaps also drop the abra install since that is done on the local?

decentral1se commented

2020-09-24 07:28:15 +00:00

One nice thing is that I think we can pass that installation script into our autonomic.newhetzner role as a user-data addition. We could make that configurable and then drop our autonomic.swarm-single-node and dogfood our own installation method.

One nice thing is that I think we can pass that installation script into our `autonomic.newhetzner` role as a [user-data](https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/hcloud_server_module.html#parameter-user_data) addition. We could make that configurable and then drop our `autonomic.swarm-single-node` and dogfood our own installation method.

❤️ 1

3wordchant added the

enhancement

label 2020-09-24 23:15:15 +00:00

decentral1se removed the

enhancement

label 2020-10-27 08:09:41 +00:00

decentral1se added this to the (deleted) project 2020-12-27 11:49:24 +00:00

decentral1se commented

2021-02-24 10:36:55 +00:00

Don't think this is a big issue anymore since we have the abra install script and that does the bootstrap commands easily. And we've got a fairly decent "getting started" tutorial on the docs, so I guess people who want more automation can come and chase us up.

Don't think this is a big issue anymore since we have the `abra` install script and that does the bootstrap commands easily. And we've got a fairly decent "getting started" tutorial on the docs, so I guess people who want more automation can come and chase us up.

decentral1se closed this issue

2021-02-24 10:36:55 +00:00

knoflook referenced this issue

2021-11-27 13:32:19 +00:00

rename ~/.abra/apps to ~/.abra/recipes #268

Sign in to join this conversation.