Temporary Docker Servers

We want to externalize integration tasks, and therefore we need a clone of our default docker installations. These servers should contain a single integration.

Internal Preparations

Create a new server

For example, with the server name temp-mqtt-broker...

• Go to AWS Instances on EC2
• Launch a new instance from the template temp-server
• Set parameters:
  • Project: The project it belongs to, mostly OpenDataHub (for cost accounting)
  • Name: The name of this server, must always start with temp- as prefix, plus the name of the service we are integrating with this server
  • Backup: Always false, we do not need backups for temporary servers
  • DelegatedTo: The external contributor or company which is responsible for this server
  • Manager: The internal manager (pmoser or rthoeni mostly)
• Launch the instance
• Assign a Elastic IP with name temp-mqtt-broker-eip
• Go to Route53 create a DNS entry with the name mqtt-broker.temp.testingmachine.eu pointing to the server's IP
• Create and assign a new security group with the name temp-mqtt-broker-sg (optional, ssh is already enabled world-wide)
• Assign the IAM role docker to this EC2 instance (if not already)

Ansible Installation

• Clone our infrastructure repo locally
• Go to ansible
• Add the DNS to hosts under [temp] and to the initial main list inside hosts
• Add public-keys to the corresponding folder
• Create a host_vars yml file with the name of the server, see example below:

    ansible_python_interpreter: /usr/bin/python3
  
    users2:
      pinco:
        user_password: "$6$JFhrCJrT8v9CvaD$7ArleySaZwcMwm1yDiY1WTbdqU3PQmUKKgDpgTygNAcDKacECAUz/X032XszCNEbSz2ilxf2uaueynVxEIqqn0"
        user_authorized_keys:
          - "{{ lookup('file', '../public-keys/pinco') }}"
      pallino:
        user_password: "$6$JFhrCJrT8v9CvaD$7ArleySaZwcMwm1yDiY1WTbdqU3PQmUKKgDpgTygNAcDKacECAUz/X032XszCNEbSz2ilxf2uaueynVxEIqqn0"
        user_authorized_keys:
          - "{{ lookup('file', '../public-keys/pallino') }}"
  
    organizations2:
      temporg:
        - "pinco"
        - "pallino"
  

• Run ssh -i ~/.ssh/temp-servers.pem [email protected] to add the IP to the known hosts file, and test connectivity
• Run ansible-galaxy install --force -r requirements.yml
• Run ansible-playbook --user=admin --private-key=~/.ssh/temp-servers.pem --limit=temp playbooks/temp.yml
• Try to login to the server with your username + credentials
• Test sudo su

Proxy Installation

• Open our infrastructure repo
• Open the file ansible/playbooks/proxy-02.yml
• Add the new DNS entries (always use port 1333 for the main app, and 1334 etc. for others)
• Commit + push + wait 5-10 minutes

Initial Test Deployment

• Ansible installs this automatically into /var/docker/test
• The port is always 1333
• Test if everything works with the given main DNS entry (Hello World should be shown)

Checklist for external contributors

This is a list of what we need to create an autonomous instance:

• for each user, that should be able to login
  • public key
  • name + surname, login will be first letter of name + surname (ex., pmoser)
• a set of static IPs (optional, at the moment the default is to have SSH open for to the world)
• a set of URLs that should point to the server (port + URL needed)

Getting started information for contributors

Copy/paste this into your email body:

Hi all,
the server has been prepared and is accessible with the following URL:

   ssh [your-user]@[servername].temp.testingmachine.eu

We have the following users with root privileges:
  - [user1]
  - [user2]

The default password for all users is this one: 
  
    avp6EQQ.

Please change it after your first login.

The following URLs point to our proxy which does https redirects for you:
  - [url1] -> [servername].temp.testingmachine.eu:1333
  - [url2] -> [servername].temp.testingmachine.eu:1334
  - etc.

An example installation can already be found under:

    /var/docker/test

    Have a look into .env and docker-compose.yml

It was started with 

    docker-compose up -d

Happy hacking!