Skip to content

Latest commit

 

History

History
178 lines (114 loc) · 4.45 KB

Readme.md

File metadata and controls

178 lines (114 loc) · 4.45 KB

ACS vmchecker deployment

Deploy vmck and acs-interface using Terraform.

Setup

You need a Nomad, Consul and Vault cluster running to be able to deploy vmck and acs-interface. We recommend using liquidinvestigations/cluster. Please refer to them on how to install the cluster.

HowTo

First read through the Terraform Build Infrastructure tutorial if you're new to Terraform.

Install Terraform, then run terraform init to download plugins.

$ terraform init
[...]
Terraform has been successfully initialized!

Terraform state is persisted in the cluster's consul so it's synchronized for all users of this repo.

Make changes to the configuration files then run ./bin/deploy to deploy.

$ ./bin/deploy
nomad_job.vmck: Refreshing state... [id=vmck]
nomad_job.acs-interface: Refreshing state... [id=acs-interface]

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Available scripts

Backup - bin/backup

A script that does a backup on:

  • Consul
  • Acs-interface's Postgres database
  • Acs-interface's Minio archives storage
  • Vmck's Postgres database

It uses borg as the backup manager. It is recommended to set this script as a cron job.

Setup

Requirements
Steps
  1. Make sure you have the requirements installed

  2. Create a new gpg key using:

gpg --full-generate-key
  1. Initialize the borg location where the backup will be stored (you need to enter a passphrase):
mkdir -p <directory>
borg init <directory>
  1. Initialize a new pass repo using the previously generated gpg key
pass init <gpg-id>
  1. Generate a password for the borg-acs using the next command. You will also need to add a passphrase (needs to be the same passphrase used at step 3):
pass insert borg-acs
  1. In the bin/backup change BORG_REPO variable with the directory used with the borg init command.

  2. Run the backup script :)

./bin/backup

Consul state snapshot - bin/consul-snapshot

Takes a snapshot of the current state of consul.

Deploy - bin/deploy

Deploys the following jobs on the cluster:

  • nomad_jobs/acs-interface.hcl
  • nomad_jobs/drone.hcl
  • nomad_jobs/ingress.hcl
  • nomad_jobs/vmck.hcl

Nomad exec - bin/nomad_exec

Runs the given command in the allocation's container.

Additional optional nomad jobs

Drone - nomad_jobs/drone.hcl

A CI that we use as the standard way of building custom VM images.

Traefik - nomad_jobs/ingress.hcl

Router that we use to publish both vmck and acs-interface

Notes

  • Currently all scripts have hardcoded IP adresses such as 10.42.2.2. Please make sure to change them to your respective interface IP adresses to ensure that the deployment runs correctly.

  • If you want to add more client nodes (i.e. more servers to the cluster) you can use vmck/cluster-client.

Troubleshooting

All of the following solutions consider that you are running on liquidinvestigations/cluster.

1. Either acs-interface or drone does not have a ssl certificate

Usually traefik should take care of this and both acs-interface and drone should be available through https. If that is not the case then:

  • Go into Nomad UI and stop the job ingress
  • Go to Consul UI, in the KV tab delete the ingress folder
  • Restart traefik by going into the ingress job from the Nomad UI and click on start
  • In 15 minutes you should have new certificates