nabarun
65be098ce9
Part of [Service Provider Setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) - Move user setup playbook to separate directory - Remove unneeded variables Co-authored-by: Adw8 <adwaitgharpure@gmail.com> Reviewed-on: #14
200 lines
6.8 KiB
Markdown
200 lines
6.8 KiB
Markdown
# service-provider-setup
|
|
|
|
## Prerequisites
|
|
|
|
- Setup Ansible: follow the [installation](../README.md#installation) guide to setup ansible on your machine
|
|
|
|
- Set up a DigitalOcean Droplet with passwordless SSH access
|
|
|
|
- Buy a domain and configure [nameservers pointing to DigitalOcean](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/)
|
|
|
|
- Generate a DigitalOcean access token, used for API authentication and managing cloud resources
|
|
|
|
- Setup a user: Follow steps from [Setup a user](../user-setup/README.md#setup-a-user) to setup a new user with passwordless sudo
|
|
|
|
## Become a Service Provider
|
|
|
|
### Setup
|
|
|
|
- Copy the vars files:
|
|
|
|
```bash
|
|
cd vars
|
|
cp dns-vars.example.yml dns-vars.yml
|
|
cp gpg-vars.example.yml gpg-vars.yml
|
|
cp k8s-vars.example.yml k8s-vars.yml
|
|
cp container-vars.example.yml container-vars.yml
|
|
cp laconicd-vars.example.yml laconicd-vars.yml
|
|
cp webapp-vars.example.yml webapp-vars.yml
|
|
cd -
|
|
```
|
|
|
|
- Update the following values in the respective variable files:
|
|
|
|
```bash
|
|
# vars/dns-vars.yml
|
|
full_domain: "" # eg: laconic.com
|
|
service_provider_ip: "" # eg: 23.111.78.179
|
|
do_api_token: "" # DigitalOcean access token that you generated, eg: dop_v1...
|
|
|
|
# vars/gpg-vars.yml
|
|
gpg_user_name: "" # full name of the user for the GPG key
|
|
gpg_user_email: "" # email address associated with the GPG key
|
|
gpg_passphrase: "" # passphrase for securing the GPG key
|
|
|
|
# vars/k8s-vars.yml
|
|
org_id: "" # eg: lcn
|
|
location_id: "" # eg: cad
|
|
support_email: "" # eg: support@laconic.com
|
|
|
|
# vars/container-vars.yml
|
|
container_registry_username: "" # username to login to the container registry
|
|
container_registry_password: "" # password to login to the container registry
|
|
|
|
# vars/laconicd-vars.yml
|
|
chain_id: "" # chain id to use for the Laconic chain
|
|
|
|
# vars/webapp-vars.yml
|
|
authority_name: "" # eg: laconic-authority
|
|
cpu_reservation: "1" # minimum number of cpu cores to be used, eg: 2
|
|
memory_reservation: "2G" # minimum amount of memory in GB to be used, eg: 4G
|
|
cpu_limit: "6" # maximum number of cpu cores to be used, eg: 6
|
|
memory_limit: "8G" # maximum amount of memory in GB to be used, eg: 8G
|
|
deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET
|
|
handle_auction_requests: "true" # whether the webapp deployer should handle deployment auction requests, eg: true
|
|
auction_bid_amount: "500000" # bid amount for deployment auctions in alnt, eg: 500000
|
|
```
|
|
|
|
- Create a new `hosts.ini` file:
|
|
|
|
```bash
|
|
cp ../hosts.example.ini hosts.ini
|
|
```
|
|
|
|
- Edit the [`hosts.ini`](./hosts.ini) file:
|
|
|
|
```ini
|
|
[deployment_host]
|
|
<host_name> ansible_host=<target_ip> ansible_user=<new_username> ansible_ssh_common_args='-o ForwardAgent=yes'
|
|
```
|
|
|
|
- Replace `<host_name>` with the desired `hostname` of the remote machine
|
|
- Replace `<target_ip>` with the IP address or hostname of the target machine
|
|
- Under `deployment_host`, Replace `<ansible_user>` with the name of the user you have created
|
|
|
|
- Verify that you are able to connect to the host using the following command:
|
|
|
|
```bash
|
|
ansible all -m ping -i hosts.ini
|
|
|
|
# Expected output:
|
|
|
|
# <host_name> | SUCCESS => {
|
|
# "ansible_facts": {
|
|
# "discovered_interpreter_python": "/usr/bin/python3.10"
|
|
# },
|
|
# "changed": false,
|
|
# "ping": "pong"
|
|
# }
|
|
```
|
|
|
|
- Run the `service-provider-setup.yml` ansible-playbook to:
|
|
- Create DNS records
|
|
- Deploy k8s
|
|
- Setup laconicd and laconic console
|
|
- Setup container registry
|
|
- Deploy the webapp-deployer API and webapp-deployer UI
|
|
|
|
```bash
|
|
LANG=en_US.utf8 ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER
|
|
```
|
|
|
|
### Result
|
|
|
|
After the playbook finishes executing, the following services will be deployed (your setup should look similar to the example below):
|
|
|
|
- laconicd chain RPC endpoint: <http://lcn-daemon.laconic.com:26657>
|
|
- laconicd GQL endpoint: <http://lcn-daemon.laconic.com:9473/api>
|
|
- laconic console: <http://lcn-console.laconic.com:8080/registry>
|
|
- webapp deployer API: <https://webapp-deployer-api.pwa.laconic.com>
|
|
- webapp deployer UI: <https://webapp-deployer-ui.pwa.laconic.com>
|
|
|
|
## Cleanup
|
|
|
|
Run the following steps on the target machine to stop the webapp-deployer, container-registry, fixturenet-laconicd and laconic-console-deployment, undeploy k8s, remove GPG keys and DNS records
|
|
- Stop deployments
|
|
|
|
```
|
|
$ laconic-so deployment --dir webapp-ui stop
|
|
$ laconic-so deployment --dir webapp-deployer
|
|
$ laconic-so deployment --dir container-registry stop
|
|
$ laconic-so deployment --dir laconic-console-deployment stop --delete-volumes
|
|
$ laconic-so deployment --dir fixturenet-laconicd-deployment stop --delete-volumes
|
|
```
|
|
|
|
- Remove deployment directories
|
|
```
|
|
sudo rm -rf webapp-ui
|
|
sudo rm -rf webapp-deployer
|
|
sudo rm -rf container-registry
|
|
sudo rm -rf laconic-console-deployment
|
|
sudo rm -rf fixturenet-laconicd-deployment
|
|
```
|
|
|
|
- Remove spec files
|
|
|
|
```
|
|
rm webapp-deployer.spec
|
|
rm container-registry.spec
|
|
rm laconic-console-spec.yml
|
|
rm fixturenet-laconicd-spec.yml
|
|
```
|
|
|
|
- Undeploy the k8s
|
|
|
|
```
|
|
$ cd service-provider-template
|
|
$ export VAULT_KEY=<gpg_passphrase>
|
|
$ bash .vault/vault-rekey.sh
|
|
$ ansible-playbook -i hosts site.yml --tags=k8s --limit=<org_id>_<location_id> --user <user> --extra-vars 'k8s_action=destroy'
|
|
```
|
|
|
|
- Remove service-provider-template repo
|
|
```
|
|
$ rm -rf service-provider-template
|
|
```
|
|
|
|
- Remove any existing GPG keys
|
|
```
|
|
$ rm -rf gpg-keys/
|
|
$ gpg --list-secret-keys --keyid-format=long
|
|
/home/dev/.gnupg/pubring.kbx
|
|
----------------------------
|
|
sec rsa4096/DA9E3D638930A699 2024-10-15 [SCEA]
|
|
69A3200727091E72B773BBEBDA9E3D638930A699
|
|
uid [ultimate] deepstack <support@deepstacksoft.com>
|
|
ssb rsa3072/2B5D80CF44753EFD 2024-10-15 [SEA]
|
|
|
|
sec rsa3072/2449A62C838440AB 2024-10-15 [SC]
|
|
646A42164F978DC1415C11F12449A62C838440AB
|
|
uid [ultimate] webapp-deployer-api.deepstack.com
|
|
ssb rsa3072/67576558A2F2FE91 2024-10-15 [E]
|
|
|
|
$ gpg --delete-secret-key 69A3200727091E72B773BBEBDA9E3D638930A699
|
|
$ gpg --delete-key 69A3200727091E72B773BBEBDA9E3D638930A699
|
|
$ gpg --delete-secret-key 646A42164F978DC1415C11F12449A62C838440AB
|
|
$ gpg --delete-key 646A42164F978DC1415C11F12449A62C838440AB
|
|
```
|
|
- Remove the user if required
|
|
|
|
```bash
|
|
$ userdel <user>
|
|
|
|
# If required, kill process that is using the user
|
|
# userdel: user <user> is currently used by process 1639
|
|
# $ kill -9 1639
|
|
```
|
|
|
|
- Remove DNS records using DigitalOcean's API:
|
|
- <https://docs.digitalocean.com/reference/api/api-try-it-now/#/Domain%20Records/domains_delete_record>
|