This is an Ansible playbook that deploys Deconst onto a cluster.
Clone this repository once for each deconst instance you wish to administer. The contents of credentials.yml
customize and identify each deployment.
You'll need a recent Python 2.7, at least Ansible 1.9.0.1, and pyrax. You can use a virtualenv if you wish.
# Check your Python version
python -V
# Install virtualenv and virtualenvwrapper, if desired.
sudo pip install virtualenv virtualenvwrapper
source /usr/local/bin/virtualenvwrapper.sh
mkvirtualenv deconst-ansible
# Install Ansible and pyrax.
pip install -r requirements.txt
To deploy or update a cluster:
-
Copy the example credentials file and fill in your credentials and customizations. Alternately, use a credentials file corresponding to an existing deployment you'd like to maintain.
cp credentials.example.yml credentials.yml ${EDITOR} credentials.yml # Or: script/decrypt ~/cred-repo/credentials-staging.yml.enc
-
Copy the SSH Private Key used for the deconst instante into
/keys
.cp instance-private-key keys/{instance-name}.private.key
chmod 600 keys/{instance-name}.private.key
The instance name is found in credentials.yml and is used to locate the SSH key used for communication automatically. We recommend storing the SSH private key in an encrypted document store.
-
Run the playbook with the
deploy
script.script/deploy
Deconst guards against inconsistent credentials.yml
files being run by multiple maintainers. If you intentionally make changes to the credentials file, you'll need to provide extra variables to script/deploy
.
If you change the deployment
, run with:
script/deploy -e 'new_deployment=true'
If you make any other local changes to a credentials.yml
file, run with:
script/deploy -e 'credentials_update=true'
To only update the control repository's content map, layout map or templates:
script/deploy --tags control
To force a restart of selected services:
# Restart only presenters
script/deploy --tags restart -e 'presenter_restart=true'
# Other restart control variables:
# -e 'service_pod_restart=true' Service pods (content services and presenter)
# -e 'logstash_forwarder_restart=true' Logstash-forwarder
# -e 'logstash_restart=true' Logstash
To force the generation of new TLS certificates:
script/deploy --extra-vars="gencerts=yes"
This repository contains a number of utilities to assist in basic ops work. Each script keys off of the credentials in credentials.yml
, so it will use the correct Rackspace account and hosts.
script/status
performs adocker status
on each host. It's useful for quickly seeing if all expected services are up and running.script/logs <component>
tails the Docker container logs of each matching service across the cluster. The number of lines given can be controlled by settingLOG_LINES
. For example:LOG_LINES=50 script/logs presenter
.script/genkey <name>
reads the admin API key from your credentials file and issues a new API key with the provided name.script/ssh <hostpattern>
logs in to a uniquely identified host in the cluster.script/ips
lists the IP addresses of each host in the cluster.script/lb
audits and corrects load-balancer node membership on the cluster. Consult--help
for details.script/reindex
asynchronously triggers a full content reindex in Elasticsearch.
These instructions will create the underlying resources necessary to run a deconst dev env in Kubernetes with Minikube.
-
Install Minikube
-
Open a new shell
-
Create a minikube
Deconst is known to work with Kubernetes 1.5.3
minikube start --kubernetes-version 1.5.3
-
Install kubectl
Be sure to install the version that matches your Kubernetes version from the step above.
-
Create resources
kubectl apply -f kubernetes/namespace.yaml kubectl apply -f kubernetes
-
Deploy a secure private Docker image registry
For more information on this tool see Registry Tooling.
cd .. git clone [email protected]:ContainerSolutions/registry-tooling.git cd registry-tooling ./reg-tool.sh install-k8s-reg -y
If you do a
minikube stop
followed by aminikube start
, you'll need to rerun./reg-tool.sh
becauseminikube start
overwrites/etc/hosts
and sets up new certs. -
(Optional) Connect to the image registry
For more information on using this tool see Usage
eval $(minikube docker-env) docker images
-
(Optional) Set the context namespace
If you set the context namespace, you can omit the
--namespace deconst
from all of the other commands.kubectl config set-context minikube --namespace=deconst
To unset the context namespace
kubectl config unset contexts.minikube.namespace
-
Watch and wait for resources
watch kubectl get all --all-namespaces
-
View the logs
minikube service kibana-logging --namespace kube-system
Click the Create button to create a new index and then click the Discover menu item to view it.
-
Deploy the content service
-
Delete resources
kubectl delete deploy/mongo svc/mongo --namespace deconst kubectl delete ds/fluentd-elasticsearch --namespace kube-system kubectl delete deploy/kibana-logging svc/kibana-logging --namespace kube-system kubectl delete rc/elasticsearch-logging-v1 svc/elasticsearch-logging --namespace kube-system kubectl delete namespace deconst