sustainability-zhaw / docker-deploy

Ansible Scrips and Compose Files for deployments in a Docker Swarm
MIT License
0 stars 0 forks source link

docker-deploy

An Ansible playbook for deploying the SDG Dashboard to a Docker Swarm.

This is part of the open deployment strategy. This strategy consists of three repositories:

  1. The System Inventory
  2. The Support Files
  3. The Ansible Playbook (this repository)

Important Both the System Inventory and the Support Files are and remain private.

Deployment

This playbook expects an inventory with at least one mainnode host configured. The playbook expects that the host is a master node of a docker swarm and that the inventory user is capable to run all docker commands without requireing a password.

This repository uses the auto deployment feature of the phish108/ansible:9.1.0-2 container image.

If all repos have been cloned adjacent to each other, one can use docker compose run

docker compose run --rm deploy

The compose file expects to have the following repository names:

For more fine grained control:

docker run -it --rm 
           -v ${PRIVATE_SSH_KEYS}:/sshkeys \
           -v ${INVENTORY_PATH}:/inventory \
           -v ${SUPPORT_FILES_PATH}:/configs \
           -v $(pwd):/ansible \
           phish108/ansible:9.1.0-2

Preparations

Important This repository needs to be complemented by a host inventory, configs, secrets, local settings, and, of course, private ssh keys.

It is recommended to have two separate private repositories for these purposes:

The first repository should hold the host inventory of the docker swarm. This repository needs to provide the file /inventory/main.yaml and /inventory/known_hosts to the playbook.

The second repository needs to provide the support files with the service configuration.

The playbook main.yaml expects these files under /configs.

Finally, you need private keys for the connecting to the servers. These keys should be local to the machine that you are using or at least secrets to the used cicd platform. For these processes I have a separate set of connection keys, stored in the folder ~/.autossh. This separates my personal keys from deployment keys.

The deployment installs a protected graphiql instance.

The layout of the inventory configs is as follows:

The Structure of the containers.yaml file:

containers:
  dashboard_sha: 7d191b6
  adresolver_sha: b73cba8
  schema_sha: a719f16
  authomator_sha: df07b2d
  dspace_sha: e48a854
  evento_sha: d58f8d3
  sdgindexer: 459a702
  keywords: 44ddb4e

The containers.yaml file provides the reference to the the most recent versions of the service containers.

Configuration of the message queue

The message is handled by rabbitmq.

The minimum configuration for our purposes is provided in contrib/message-queue.

The configuration is designed as such, so the the definitions for users, exchanges, queues etc. are configured separately under /etc/rabbitmq/definitions.d/ in the rabbitmq container.

Important note:

The configuration of the services must match rabbitmq's definition, otherwise the system won't work.

If services appear not to work do the following:

  1. Check the username and password configuration of all services to match those set for rabbitmq.
  2. Check the exchange name of all services use the same configuration as rabbitmq.