testnet-ops/service-provider-setup
nabarun 65be098ce9 Add steps to clean up service provider setup (#14)
Part of [Service Provider Setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5)
- Move user setup playbook to separate directory
- Remove unneeded variables

Co-authored-by: Adw8 <adwaitgharpure@gmail.com>
Reviewed-on: cerc-io/testnet-ops#14
2024-10-23 06:53:07 +00:00
..
templates Add steps to clean up service provider setup (#14) 2024-10-23 06:53:07 +00:00
vars Add steps to clean up service provider setup (#14) 2024-10-23 06:53:07 +00:00
.gitignore Add ansible playbook to automate service provider setup (#10) 2024-10-01 12:17:10 +00:00
deploy-backend.yml Update service provider setup to configure laconicd chain id (#12) 2024-10-21 10:22:32 +00:00
deploy-frontend.yml Update service provider setup to configure laconicd chain id (#12) 2024-10-21 10:22:32 +00:00
README.md Add steps to clean up service provider setup (#14) 2024-10-23 06:53:07 +00:00
run-laconic-console.yml Update service provider setup to configure laconicd chain id (#12) 2024-10-21 10:22:32 +00:00
run-laconicd.yml Update service provider setup to configure laconicd chain id (#12) 2024-10-21 10:22:32 +00:00
service-provider-setup.yml Add ansible playbook to automate service provider setup (#10) 2024-10-01 12:17:10 +00:00
setup-container-registry.yml Update service provider setup to configure laconicd chain id (#12) 2024-10-21 10:22:32 +00:00
setup-dns.yml Update service provider setup to configure laconicd chain id (#12) 2024-10-21 10:22:32 +00:00
setup-k8s.yml Add steps to clean up service provider setup (#14) 2024-10-23 06:53:07 +00:00
setup-system.yml Add result with endpoints to service-provider-setup README (#11) 2024-10-08 12:41:36 +00:00

service-provider-setup

Prerequisites

  • Setup Ansible: follow the installation guide to setup ansible on your machine

  • Set up a DigitalOcean Droplet with passwordless SSH access

  • Buy a domain and configure nameservers pointing to DigitalOcean

  • Generate a DigitalOcean access token, used for API authentication and managing cloud resources

  • Setup a user: Follow steps from Setup a user to setup a new user with passwordless sudo

Become a Service Provider

Setup

  • Copy the vars files:

    cd vars
    cp dns-vars.example.yml dns-vars.yml
    cp gpg-vars.example.yml gpg-vars.yml
    cp k8s-vars.example.yml k8s-vars.yml
    cp container-vars.example.yml container-vars.yml
    cp laconicd-vars.example.yml laconicd-vars.yml
    cp webapp-vars.example.yml webapp-vars.yml
    cd -
    
  • Update the following values in the respective variable files:

    # vars/dns-vars.yml
    full_domain: ""                   # eg: laconic.com
    service_provider_ip: ""           # eg: 23.111.78.179
    do_api_token: ""                  # DigitalOcean access token that you generated, eg: dop_v1...
    
    # vars/gpg-vars.yml
    gpg_user_name: ""                 # full name of the user for the GPG key
    gpg_user_email: ""                # email address associated with the GPG key
    gpg_passphrase: ""                # passphrase for securing the GPG key
    
    # vars/k8s-vars.yml
    org_id: ""                        # eg: lcn
    location_id: ""                   # eg: cad
    support_email: ""                 # eg: support@laconic.com
    
    # vars/container-vars.yml
    container_registry_username: ""   # username to login to the container registry
    container_registry_password: ""   # password to login to the container registry
    
    # vars/laconicd-vars.yml
    chain_id: "" # chain id to use for the Laconic chain
    
    # vars/webapp-vars.yml
    authority_name: ""                # eg: laconic-authority
    cpu_reservation: "1"              # minimum number of cpu cores to be used, eg: 2
    memory_reservation: "2G"          # minimum amount of memory in GB to be used, eg: 4G
    cpu_limit: "6"                    # maximum number of cpu cores to be used, eg: 6
    memory_limit: "8G"                # maximum amount of memory in GB to be used, eg: 8G
    deployer_gpg_passphrase: ""       # passphrase for creating GPG key used by webapp-deployer, eg: SECRET
    handle_auction_requests: "true"   # whether the webapp deployer should handle deployment auction requests, eg: true
    auction_bid_amount: "500000"      # bid amount for deployment auctions in alnt, eg: 500000
    
  • Create a new hosts.ini file:

    cp ../hosts.example.ini hosts.ini
    
  • Edit the hosts.ini file:

    [deployment_host]
    <host_name> ansible_host=<target_ip> ansible_user=<new_username> ansible_ssh_common_args='-o ForwardAgent=yes'
    
    • Replace <host_name> with the desired hostname of the remote machine
    • Replace <target_ip> with the IP address or hostname of the target machine
    • Under deployment_host, Replace <ansible_user> with the name of the user you have created
  • Verify that you are able to connect to the host using the following command:

    ansible all -m ping -i hosts.ini
    
    # Expected output:
    
    # <host_name> | SUCCESS => {
    #  "ansible_facts": {
    #      "discovered_interpreter_python": "/usr/bin/python3.10"
    #  },
    #  "changed": false,
    #  "ping": "pong"
    # }
    
  • Run the service-provider-setup.yml ansible-playbook to:

    • Create DNS records
    • Deploy k8s
    • Setup laconicd and laconic console
    • Setup container registry
    • Deploy the webapp-deployer API and webapp-deployer UI
    LANG=en_US.utf8 ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER
    

Result

After the playbook finishes executing, the following services will be deployed (your setup should look similar to the example below):

Cleanup

Run the following steps on the target machine to stop the webapp-deployer, container-registry, fixturenet-laconicd and laconic-console-deployment, undeploy k8s, remove GPG keys and DNS records

  • Stop deployments

    $ laconic-so deployment --dir webapp-ui stop
    $ laconic-so deployment --dir webapp-deployer
    $ laconic-so deployment --dir container-registry stop
    $ laconic-so deployment --dir laconic-console-deployment  stop --delete-volumes
    $ laconic-so deployment --dir fixturenet-laconicd-deployment  stop --delete-volumes
    
  • Remove deployment directories

    sudo rm -rf webapp-ui
    sudo rm -rf webapp-deployer
    sudo rm -rf container-registry
    sudo rm -rf laconic-console-deployment
    sudo rm -rf fixturenet-laconicd-deployment
    
  • Remove spec files

    rm webapp-deployer.spec
    rm container-registry.spec
    rm laconic-console-spec.yml
    rm fixturenet-laconicd-spec.yml
    
  • Undeploy the k8s

    $ cd service-provider-template
    $ export VAULT_KEY=<gpg_passphrase>
    $ bash .vault/vault-rekey.sh
    $ ansible-playbook -i hosts site.yml --tags=k8s --limit=<org_id>_<location_id> --user <user> --extra-vars 'k8s_action=destroy'
    
  • Remove service-provider-template repo

    $ rm -rf service-provider-template
    
  • Remove any existing GPG keys

    $ rm -rf gpg-keys/
    $ gpg --list-secret-keys --keyid-format=long
    /home/dev/.gnupg/pubring.kbx
    ----------------------------
    sec   rsa4096/DA9E3D638930A699 2024-10-15 [SCEA]
          69A3200727091E72B773BBEBDA9E3D638930A699
    uid                 [ultimate] deepstack <support@deepstacksoft.com>
    ssb   rsa3072/2B5D80CF44753EFD 2024-10-15 [SEA]
    
    sec   rsa3072/2449A62C838440AB 2024-10-15 [SC]
          646A42164F978DC1415C11F12449A62C838440AB
    uid                 [ultimate] webapp-deployer-api.deepstack.com
    ssb   rsa3072/67576558A2F2FE91 2024-10-15 [E]
    
    $ gpg --delete-secret-key 69A3200727091E72B773BBEBDA9E3D638930A699
    $ gpg --delete-key 69A3200727091E72B773BBEBDA9E3D638930A699
    $ gpg --delete-secret-key 646A42164F978DC1415C11F12449A62C838440AB
    $ gpg --delete-key 646A42164F978DC1415C11F12449A62C838440AB
    
  • Remove the user if required

    $ userdel <user>
    
    # If required, kill process that is using the user
    # userdel: user <user> is currently used by process 1639
    # $ kill -9 1639
    
  • Remove DNS records using DigitalOcean's API: