Compare commits
No commits in common. "main" and "main" have entirely different histories.
@ -9,5 +9,4 @@ CLEAN_CONTAINERS=false
|
|||||||
SYSTEM_PRUNE=false
|
SYSTEM_PRUNE=false
|
||||||
WEBAPP_IMAGE_PRUNE=true
|
WEBAPP_IMAGE_PRUNE=true
|
||||||
CHECK_INTERVAL=5
|
CHECK_INTERVAL=5
|
||||||
FQDN_POLICY="allow"
|
FQDN_POLICY="allow"
|
||||||
DEPLOYMENT_IP="k8s.cluster.ip.address"
|
|
@ -44,5 +44,5 @@ COPY . /app/
|
|||||||
WORKDIR /app/
|
WORKDIR /app/
|
||||||
RUN rm -rf node_modules && yarn && yarn clean && yarn build:release
|
RUN rm -rf node_modules && yarn && yarn clean && yarn build:release
|
||||||
|
|
||||||
COPY scripts .
|
COPY run.sh .
|
||||||
CMD ["./scripts/run.sh"]
|
CMD ["./run.sh"]
|
||||||
|
82
README.md
82
README.md
@ -5,10 +5,10 @@ files used by those requests.
|
|||||||
|
|
||||||
## Build and Run
|
## Build and Run
|
||||||
|
|
||||||
```bash
|
```
|
||||||
yarn
|
$ yarn
|
||||||
yarn build
|
$ yarn build
|
||||||
yarn start
|
$ yarn start
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
@ -20,22 +20,22 @@ On upload, the configuration is temporarily decrypted for validation, but stored
|
|||||||
|
|
||||||
To create and export a key in the necessary format use:
|
To create and export a key in the necessary format use:
|
||||||
|
|
||||||
```bash
|
```
|
||||||
# Create a key
|
# Create a key
|
||||||
gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.my.domain.com default default never
|
$ gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.my.domain.com default default never
|
||||||
|
|
||||||
# Export the public key
|
# Export the public key
|
||||||
gpg --export webapp-deployer-api.my.domain.com > webapp-deployer-api.my.domain.com.pgp.pub
|
$ gpg --export webapp-deployer-api.my.domain.com > webapp-deployer-api.my.domain.com.pgp.pub
|
||||||
|
|
||||||
# Export the private key
|
# Export the private key
|
||||||
gpg --export-secret-keys webapp-deployer-api.my.domain.com > webapp-deployer-api.my.domain.com.pgp.key
|
$ gpg --export-secret-keys webapp-deployer-api.my.domain.com > webapp-deployer-api.my.domain.com.pgp.key
|
||||||
```
|
```
|
||||||
|
|
||||||
### Create the Deployer Record
|
### Create the Deployer Record
|
||||||
|
|
||||||
Every webapp deployer should have `WebappDeployer` record in the registry which looks something like:
|
Every webapp deployer should have `WebappDeployer` record in the registry which looks something like:
|
||||||
|
|
||||||
```yml
|
```
|
||||||
record:
|
record:
|
||||||
type: WebappDeployer
|
type: WebappDeployer
|
||||||
version: 1.0.0
|
version: 1.0.0
|
||||||
@ -48,34 +48,16 @@ record:
|
|||||||
|
|
||||||
This record can most easily be created using `laconic-so publish-deployer-to-registry`.
|
This record can most easily be created using `laconic-so publish-deployer-to-registry`.
|
||||||
|
|
||||||
```bash
|
```
|
||||||
laconic-so publish-deployer-to-registry \
|
$ laconic-so publish-deployer-to-registry \
|
||||||
--laconic-config ~/.laconic/registry.yml \
|
--laconic-config ~/.laconic/registry.yml \
|
||||||
--api-url https://webapp-deployer-api.my.domain.com
|
--api-url https://webapp-deployer-api.my.domain.com
|
||||||
--public-key-file webapp-deployer-api.my.domain.com.pgp.pub \
|
--public-key-file webapp-deployer-api.my.domain.com.pgp.pub \
|
||||||
--lrn lrn://laconic/deployers/webapp-deployer-api.my.domain.com \
|
--lrn lrn://laconic/deployers/webapp-deployer-api.my.domain.com \
|
||||||
--min-required-payment 100
|
--min-required-payment 100
|
||||||
```
|
```
|
||||||
|
|
||||||
This will create the record in the proper format and assign its LRN.
|
This will create the record in the proper format and assign its LRN.
|
||||||
|
|
||||||
### Publish Deployment Auction
|
|
||||||
|
|
||||||
Users can optionally create an auction for app deployment with desired number of providers and max price they are willing to pay for a deployment:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
laconic-so publish-deployment-auction \
|
|
||||||
--laconic-config ./config.yml \
|
|
||||||
--app lrn://cerc-io/applications/webapp-hello-world@0.1.3 \
|
|
||||||
--commits-duration 3600 \
|
|
||||||
--reveals-duration 3600 \
|
|
||||||
--commit-fee 10000 \
|
|
||||||
--reveal-fee 10000 \
|
|
||||||
--max-price 5000000 \
|
|
||||||
--num-providers 3
|
|
||||||
```
|
|
||||||
|
|
||||||
This will create a `provider` auction with given params and publish a deployment auction record.
|
|
||||||
|
|
||||||
### Request Deployment
|
### Request Deployment
|
||||||
|
|
||||||
@ -85,11 +67,11 @@ Users can now request deployment using the LRN of the deployer. This will allow
|
|||||||
1. Obtain the public key for encrypting config.
|
1. Obtain the public key for encrypting config.
|
||||||
1. See the minimum required payment.
|
1. See the minimum required payment.
|
||||||
|
|
||||||
The request can be made using `laconic-so request-webapp-deployment`. This will handle encrypting and uploading the
|
The request can be made using `laconic-so request-webapp-deployment`. This will handle encrypting and uploading the
|
||||||
config automatically, as well as making a payment (if necessary).
|
config automatically, as well as making a payment (if necessary).
|
||||||
|
|
||||||
```bash
|
```
|
||||||
laconic-so request-webapp-deployment \
|
$ laconic-so request-webapp-deployment \
|
||||||
--laconic-config ~/.laconic/registry.yml \
|
--laconic-config ~/.laconic/registry.yml \
|
||||||
--deployer lrn://laconic/deployers/webapp-deployer-api.my.domain.com \
|
--deployer lrn://laconic/deployers/webapp-deployer-api.my.domain.com \
|
||||||
--app lrn://cerc-io/applications/webapp-hello-world@0.1.3 \
|
--app lrn://cerc-io/applications/webapp-hello-world@0.1.3 \
|
||||||
@ -97,33 +79,9 @@ laconic-so request-webapp-deployment \
|
|||||||
--make-payment auto
|
--make-payment auto
|
||||||
```
|
```
|
||||||
|
|
||||||
Alternatively, users can also use a deployment auction they created instead of making the payment to any specific deployer directly:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
laconic-so request-webapp-deployment \
|
|
||||||
--laconic-config ~/.laconic/registry.yml \
|
|
||||||
--app lrn://cerc-io/applications/webapp-hello-world@0.1.3 \
|
|
||||||
--env-file hello.env \
|
|
||||||
--auction-id 4c9701c22651e143202e991056b6e7649853acc5bc0e97e3a98e09c9f3355909
|
|
||||||
```
|
|
||||||
|
|
||||||
This creates deployment requests targeted towards all the deployers who have won the auction. Similar to requests with payments, the config is automatically encrypted and uploaded to all the deployers.
|
|
||||||
|
|
||||||
### Request Undeployment
|
|
||||||
|
|
||||||
Users can also request removal of an existing deployment using the deployment record id:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
laconic-so request-webapp-undeployment \
|
|
||||||
--laconic-config ~/.laconic/registry.yml \
|
|
||||||
--deployer lrn://laconic/deployers/webapp-deployer-api.my.domain.com \
|
|
||||||
--deployment bafyreigeopr72dmp6rhvnomgdz3cljbqzhh75epcrigit7ue6i6vjullme \
|
|
||||||
--make-payment auto
|
|
||||||
```
|
|
||||||
|
|
||||||
### Example Config
|
### Example Config
|
||||||
|
|
||||||
```bash
|
```
|
||||||
UPLOAD_DIRECTORY="/srv/uploads/config"
|
UPLOAD_DIRECTORY="/srv/uploads/config"
|
||||||
UPLOAD_MAX_SIZE="1MB"
|
UPLOAD_MAX_SIZE="1MB"
|
||||||
DEPLOYER_STATE="/srv/deployments/autodeploy.state"
|
DEPLOYER_STATE="/srv/deployments/autodeploy.state"
|
||||||
@ -132,10 +90,4 @@ BUILD_LOGS="/srv/logs"
|
|||||||
OPENPGP_PASSPHRASE="SECRET"
|
OPENPGP_PASSPHRASE="SECRET"
|
||||||
OPENPGP_PRIVATE_KEY_FILE="/etc/config/webapp-deployer-api.my.domain.com.pgp.key"
|
OPENPGP_PRIVATE_KEY_FILE="/etc/config/webapp-deployer-api.my.domain.com.pgp.key"
|
||||||
LACONIC_CONFIG="/etc/config/registry.yml"
|
LACONIC_CONFIG="/etc/config/registry.yml"
|
||||||
LRN=lrn://laconic/deployers/webapp-deployer-api.my.domain.com
|
|
||||||
CHECK_INTERVAL=15
|
|
||||||
|
|
||||||
AUCTION_CHECK_INTERVAL=10
|
|
||||||
HANDLE_AUCTION_REQUESTS=true
|
|
||||||
AUCTION_BID_AMOUNT=50000
|
|
||||||
```
|
```
|
||||||
|
@ -8,15 +8,6 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- 9555
|
- 9555
|
||||||
|
|
||||||
cerc-webapp-auction-handler:
|
|
||||||
image: cerc/webapp-deployer-backend:local
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
RUN_AUCTIONS_HANDLER: "true"
|
|
||||||
volumes:
|
|
||||||
- srv:/srv
|
|
||||||
- config:/etc/config:ro
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
config:
|
config:
|
||||||
srv:
|
srv:
|
||||||
|
@ -1,10 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ "$RUN_AUCTIONS_HANDLER" = "true" ]; then
|
|
||||||
exec "./scripts/handle-auctions.sh"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
function is_privileged {
|
function is_privileged {
|
||||||
ip link add dummy0 type dummy >/dev/null
|
ip link add dummy0 type dummy >/dev/null
|
||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
@ -25,11 +20,6 @@ if [ -z "$DEPLOYMENT_RECORD_NAMESPACE" ]; then
|
|||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$FQDN_POLICY" = "allow" ] && [ -z "$DEPLOYMENT_IP" ]; then
|
|
||||||
echo "DEPLOYMENT_IP is required with 'allow' FQDN_POLICY"
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$IMAGE_REGISTRY" ]; then
|
if [ -z "$IMAGE_REGISTRY" ]; then
|
||||||
echo "IMAGE_REGISTRY is required."
|
echo "IMAGE_REGISTRY is required."
|
||||||
exit 2
|
exit 2
|
||||||
@ -45,16 +35,10 @@ if [ ! -f "/etc/config/kube.yml" ]; then
|
|||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AUCTION_OPTS=""
|
|
||||||
if [ "$HANDLE_AUCTION_REQUESTS" = "true" ]; then
|
|
||||||
AUCTION_OPTS="--auction-requests"
|
|
||||||
fi
|
|
||||||
|
|
||||||
STORAGE_ROOT="${STORAGE_ROOT:-/srv}"
|
STORAGE_ROOT="${STORAGE_ROOT:-/srv}"
|
||||||
DEPLOYMENTS_DIR="${DEPLOYMENTS_DIR:-$STORAGE_ROOT/deployments}"
|
DEPLOYMENTS_DIR="${DEPLOYMENTS_DIR:-$STORAGE_ROOT/deployments}"
|
||||||
LOG_DIR="${LOG_DIR:-$STORAGE_ROOT/logs}"
|
LOG_DIR="${LOG_DIR:-$STORAGE_ROOT/logs}"
|
||||||
CONTAINERS_DIR="${CONTAINER_DIR:-$STORAGE_ROOT/containers}"
|
CONTAINERS_DIR="${CONTAINER_DIR:-$STORAGE_ROOT/containers}"
|
||||||
REGISTRY_LOCK_FILE="${REGISTRY_LOCK_FILE:-/srv/registry_mutex_lock_file}"
|
|
||||||
|
|
||||||
if [[ ! -d "${DEPLOYMENTS_DIR}" ]]; then
|
if [[ ! -d "${DEPLOYMENTS_DIR}" ]]; then
|
||||||
mkdir -p "${DEPLOYMENTS_DIR}"
|
mkdir -p "${DEPLOYMENTS_DIR}"
|
||||||
@ -132,7 +116,6 @@ while true; do
|
|||||||
echo "########### UNDEPLOY ############"
|
echo "########### UNDEPLOY ############"
|
||||||
laconic-so undeploy-webapp-from-registry \
|
laconic-so undeploy-webapp-from-registry \
|
||||||
--laconic-config /etc/config/laconic.yml \
|
--laconic-config /etc/config/laconic.yml \
|
||||||
--registry-lock-file "${REGISTRY_LOCK_FILE}" \
|
|
||||||
--deployment-parent-dir "${DEPLOYMENTS_DIR}" \
|
--deployment-parent-dir "${DEPLOYMENTS_DIR}" \
|
||||||
--delete-names \
|
--delete-names \
|
||||||
--delete-volumes \
|
--delete-volumes \
|
||||||
@ -140,7 +123,7 @@ while true; do
|
|||||||
--include-tags "$INCLUDE_TAGS" \
|
--include-tags "$INCLUDE_TAGS" \
|
||||||
--exclude-tags "$EXCLUDE_TAGS" \
|
--exclude-tags "$EXCLUDE_TAGS" \
|
||||||
--lrn "$LRN" \
|
--lrn "$LRN" \
|
||||||
--min-required-payment 0 \
|
--min-required-payment ${MIN_REQUIRED_PAYMENT:-0} \
|
||||||
$EXTRA_UNDEPLOY_OPTS \
|
$EXTRA_UNDEPLOY_OPTS \
|
||||||
$UPDATE_OPTS \
|
$UPDATE_OPTS \
|
||||||
--discover
|
--discover
|
||||||
@ -155,7 +138,6 @@ while true; do
|
|||||||
laconic-so deploy-webapp-from-registry \
|
laconic-so deploy-webapp-from-registry \
|
||||||
--kube-config /etc/config/kube.yml \
|
--kube-config /etc/config/kube.yml \
|
||||||
--laconic-config /etc/config/laconic.yml \
|
--laconic-config /etc/config/laconic.yml \
|
||||||
--registry-lock-file "${REGISTRY_LOCK_FILE}" \
|
|
||||||
--image-registry ${IMAGE_REGISTRY} \
|
--image-registry ${IMAGE_REGISTRY} \
|
||||||
--deployment-parent-dir "${DEPLOYMENTS_DIR}" \
|
--deployment-parent-dir "${DEPLOYMENTS_DIR}" \
|
||||||
--dns-suffix ${DEPLOYMENT_DNS_SUFFIX} \
|
--dns-suffix ${DEPLOYMENT_DNS_SUFFIX} \
|
||||||
@ -165,14 +147,11 @@ while true; do
|
|||||||
--include-tags "$INCLUDE_TAGS" \
|
--include-tags "$INCLUDE_TAGS" \
|
||||||
--exclude-tags "$EXCLUDE_TAGS" \
|
--exclude-tags "$EXCLUDE_TAGS" \
|
||||||
--fqdn-policy "${FQDN_POLICY:-prohibit}" \
|
--fqdn-policy "${FQDN_POLICY:-prohibit}" \
|
||||||
--ip "${DEPLOYMENT_IP}" \
|
|
||||||
--lrn "$LRN" \
|
--lrn "$LRN" \
|
||||||
--min-required-payment ${MIN_REQUIRED_PAYMENT:-0} \
|
--min-required-payment ${MIN_REQUIRED_PAYMENT:-0} \
|
||||||
--config-upload-dir "$UPLOAD_DIRECTORY" \
|
--config-upload-dir "$UPLOAD_DIRECTORY" \
|
||||||
--private-key-file "$OPENPGP_PRIVATE_KEY_FILE" \
|
--private-key-file "$OPENPGP_PRIVATE_KEY_FILE" \
|
||||||
--private-key-passphrase "$OPENPGP_PASSPHRASE" \
|
--private-key-passphrase "$OPENPGP_PASSPHRASE" \
|
||||||
--recreate-on-deploy \
|
|
||||||
$AUCTION_OPTS \
|
|
||||||
$LOG_OPTS \
|
$LOG_OPTS \
|
||||||
$EXTRA_DEPLOY_OPTS \
|
$EXTRA_DEPLOY_OPTS \
|
||||||
$UPDATE_OPTS \
|
$UPDATE_OPTS \
|
@ -1,47 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ ! -f "/etc/config/laconic.yml" ]; then
|
|
||||||
echo "/etc/config/laconic.yml is required."
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$HANDLE_AUCTION_REQUESTS" = "true" ]; then
|
|
||||||
if [ -z "$AUCTION_BID_AMOUNT" ]; then
|
|
||||||
echo "AUCTION_BID_AMOUNT is required when handling auction requsts."
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "Not handling auction requests"
|
|
||||||
|
|
||||||
# k8s integration only supports "always" restart policy, so wait indefinitely
|
|
||||||
# TODO: Exit container once restart policy is supported
|
|
||||||
tail -f /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
STORAGE_ROOT="${STORAGE_ROOT:-/srv}"
|
|
||||||
DEPLOYMENTS_DIR="${DEPLOYMENTS_DIR:-$STORAGE_ROOT/deployments}"
|
|
||||||
REGISTRY_LOCK_FILE="${REGISTRY_LOCK_FILE:-/srv/registry_mutex_lock_file}"
|
|
||||||
|
|
||||||
if [[ ! -d "${DEPLOYMENTS_DIR}" ]]; then
|
|
||||||
mkdir -p "${DEPLOYMENTS_DIR}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd /app/
|
|
||||||
while true; do
|
|
||||||
echo "=============================================================="
|
|
||||||
|
|
||||||
echo "############ DEPLOYMENT AUCTION #############"
|
|
||||||
laconic-so handle-deployment-auction \
|
|
||||||
--laconic-config /etc/config/laconic.yml \
|
|
||||||
--registry-lock-file "${REGISTRY_LOCK_FILE}" \
|
|
||||||
--state-file "${DEPLOYMENTS_DIR}/autoauction.state" \
|
|
||||||
--bid-amount ${AUCTION_BID_AMOUNT}
|
|
||||||
rc=$?
|
|
||||||
if [ $rc -eq 0 ]; then
|
|
||||||
echo "############ DEPLOYMENT AUCTION SUCCESS #############"
|
|
||||||
else
|
|
||||||
echo "############ DEPLOYMENT AUCTION FAILURE STATUS $rc #############"
|
|
||||||
fi
|
|
||||||
|
|
||||||
sleep ${AUCTION_CHECK_INTERVAL:-10}
|
|
||||||
done
|
|
Loading…
Reference in New Issue
Block a user