From bddf42b7500f05842f2a57a0fcd5e29ee34c1495 Mon Sep 17 00:00:00 2001 From: forest Date: Wed, 21 Jul 2021 13:35:30 -0500 Subject: [PATCH] forest's ReadMe docs changes --- README.md | 57 +++++++++++++++++++++++++++++++++++------- docs/architecture.md | 2 ++ docs/btcpay.md | 8 +++--- docs/capsul.webp | Bin 0 -> 10230 bytes docs/configuration.md | 52 ++++++++++++++++++++++++++++++++++++-- docs/database.md | 28 ++++++++++++--------- docs/deployment.md | 29 +++++++++++++++++---- docs/local-set-up.md | 28 ++++++++++----------- 8 files changed, 158 insertions(+), 46 deletions(-) create mode 100644 docs/capsul.webp diff --git a/README.md b/README.md index f60195e..41444a9 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,50 @@ -# capsulflask +# capsul-flask -Python Flask web application for capsul.org +![screenshot of capsul.org home page](./docs/capsul.webp) -How about a trip to the the `docs/` folder? -- [Setting up Capsul locally](./docs/local-set-up.md) -- [Hub-and-spoke architecture](./docs/architecture.md) -- [Deplying Capsul on a server](./docs/deployment.md) -- [Configuring Capsul](./docs/configuration.md) -- [Receiving cryptocurrency payments with BTCPay](./docs/btcpay.md) -- [Working with the database](./docs/database.md) +Python Flask web application implementing user accounts, payment, and virtual machine management for a smol "virtual machine (vm) as a service" aka "cloud compute" provider. Originally developer by [Cyberia Computer Club](https://cyberia.club) for https://capsul.org + +`capsul-flask` integrates with [Stripe](https://stripe.com/) as a credit card processor, and [BTCPay Server](https://github.com/btcpayserver/btcpayserver-docker) as a cryptocurrency payment processor. + +`capsul-flask` invokes [shell-scripts](./capsulflask/shell_scripts/) to create/manage [libvirt/qemu](https://www.libvirt.org/manpages/virsh.html) vms, and it depends on `dnsmasq` to act as the DHCP server for the vms. + +`capsul-flask` has a ["hub and spoke" architecture](./architecture.md). The "Hub" runs the web application and talks to the Postrges database, while the "Spoke"(s) are responsible for creating/managing virtual machines. In this way, capsul can be scaled to span more than one machine. One instance of the capsul-flask application can run in both hub mode and spoke mode at the same time, however there must only be one instance of the app running in "Hub" mode at any given time. + +## Quickstart (run capsul-flask on your computer in development mode) + +``` +# get an instance of postgres running locally on port 5432 +# (you don't have to use docker, but we thought this might be the easiest for a how-to example) +docker run --rm -it -e POSTGRES_PASSWORD=dev -p 5432:5432 postgres & + +# install dependencies +sudo apt install pipenv python3-dev libpq-dev + +# download and run +git clone https://giit.cyberia.club/~forest/capsul-flask +cd capsul-flask +pipenv install +pipenv run flask run +``` + +Interested in learning more? How about a trip to the the `docs/` folder: + +- [**Setting up capsul-flask locally**](./docs/local-set-up.md) + - [Manually](./docs/local-set-up.md#manually) + - [With docker-compose](./docs/local-set-up.md#docker_compose) +- [**Configuring `capsul-flask`**](./docs/configuration.md) + - [Example configuration from capsul.org (production)](./docs/configuration.md#example) + - [Loading variables from files (docker secrets)](./docs/configuration.md#docker_secrets) +- [**`capsul-flask`'s relationship to its Database Server**](./docs/database.md) + - [Database schema management (schema versions)](./docs/database.md#schema_management) + - [Running manual database queries](./docs/database.md#manual_queries) +- [**`capsul-flask`'s hub-and-spoke architecture**](./docs/architecture.md) +- [**Deploying capsul-flask on a server**](./docs/deployment.md) + - [Installing prerequisites for Spoke Mode](./docs/deployment.md#spoke_mode_prerequisites) + - [Deploying capsul-flask manually](./docs/deployment.md#deploy_manually) + - [Deploying capsul-flask with coop-cloud's docker-swarm configuration](./docs/deployment.md#coop_cloud_docker) + - [Deploying capsul-flask with coop-cloud's `abra` deployment tool](./docs/deployment.md#coop_cloud_abra) +- [**Accepting cryptocurrency payments with BTCPay Server**](./docs/btcpay.md) + - [Setting up the BTCPAY_PRIVATE_KEY](./docs/btcpay.md#BTCPAY_PRIVATE_KEY) + - [Testing cryptocurrency payments](./docs/btcpay.md#testing) + - [Sequence diagram explaining how BTC payment process works (how we accept 0-confirmation transactions 😀)](./docs/btcpay.md#0_conf_diagram) diff --git a/docs/architecture.md b/docs/architecture.md index a385c7c..9f3c8d0 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -1,5 +1,7 @@ # hub-and-spoke architecture +The "Hub" runs the web application and talks to the Postrges database, while the "Spoke"s are responsible for creating/managing virtual machines. One instance of the capsul-flask application can run in hub mode and spoke mode at the same time. + ![](images/hub-and-spoke1.png) This diagram was created with https://app.diagrams.net/. diff --git a/docs/btcpay.md b/docs/btcpay.md index ced7108..5f811d7 100644 --- a/docs/btcpay.md +++ b/docs/btcpay.md @@ -1,4 +1,4 @@ -# Receiving cryptocurrency payments with BTCPay +## Setting up the BTCPAY_PRIVATE_KEY Generate a private key and the accompanying bitpay SIN for the btcpay API client. @@ -55,12 +55,12 @@ BTCPAY_PRIVATE_KEY='-----BEGIN EC PRIVATE KEY-----\nEXAMPLEIArx/EXAMPLEKH23EXAMP ----- -## testing cryptocurrency payments +## testing cryptocurrency payments -I used litecoin to test cryptocurrency payments, because its the simplest & lowest fee cryptocurrency that BTCPay server supports. You can download the easy-to-use litecoin SPV wallet `electrum-ltc` from [github.com/pooler/electrum-ltc](https://github.com/pooler/electrum-ltc) or [electrum-ltc.org](https://electrum-ltc.org/), set up a wallet, and then either purchase some litecoin from an exchange, or ask Forest for some litecoin to use for testing. +I used litecoin to test cryptocurrency payments, because its the simplest & lowest fee cryptocurrency that BTCPay server supports. You can download the easy-to-use litecoin SPV wallet `electrum-ltc` from [github.com/pooler/electrum-ltc](https://github.com/pooler/electrum-ltc) or [electrum-ltc.org](https://electrum-ltc.org/), set up a wallet, and then either purchase some litecoin from an exchange, or [ask Forest for some litecoin](https://sequentialread.com/capsul-rollin-onwards-with-a-web-application/#sqr-comment-container) to use for testing. -## sequence diagram explaining how BTC payment process works +## sequence diagram explaining how BTC payment process works (how we accept 0-confirmation transactions 😀) ![btcpayment_process](readme/btcpayment_process.png) diff --git a/docs/capsul.webp b/docs/capsul.webp new file mode 100644 index 0000000000000000000000000000000000000000..bdaf665cf73e62879a9e1f1b98aad91f9c73e7ec GIT binary patch literal 10230 zcmZ9yV{j$F)-Jqb+qNf8CbqR>+r}glC$nQ46Wg}UiEZ0XCdN1CJ@2jW*6n(Jbak&@ zs9s&&&#G3Dk(9im0RS{5M3pp@xJmc^^*Jg4Szz?^5GG&%fDZKaut0iuT3&NnY8BN~ zmEf0eO+Lx}road8{nS;JSJRi->Ez%1ulPj1-I~8&3w#M*RUeKcB(ynXlQe{%;qRa{ zlF45uuQbz!&p8|Xmd}fyp{2}6pd}xaU!6|`7DBrqy)M75sn_Wb(5;|9@%k70drRqd zv6ml6@NVFXBw%^3=k^WkOXZ8?P3)6>*X8wkEoThHR!H;L`a8sz=;y~9*jmY)!i>-8 zzCym~{{w#hz+Wp8`x;s*=5v#IJ1^S(iO0lkF}fD?i;rx zl6Q``^4YH#K4&JheU#YBa~f`)iKpHp{W;%LB1rr9wzazz6PFKEyYpZ73SX{tm~2hx z2RfV6tgR^t)rYuxEr{S-8ox>vA6VwWYU`w#>U)KVj-^XRWP)6lZV-AY^1svV)0*8~ z1hvzl-NMA-AB$Hzd+>1@1o>nw0L(ydY1)~jh1R4oX?Rl*{iP%mWSywD#PxN~-J!9& zvbdFv0hr-hyW9H-OTcd(;@ax8?kKFQhMtNymv}6{Clt{4Da7tft$xELEQ^yP;s`es zyHa|oqwsE4q1)yoo~ozorbB08=sw|^@GQ+Z@}@HS$m7*wq9i!KXY`#WUsC;LqPm#k z!d2hiJx|*no+Lc6V}|F&N^QOuWsB|)#CcVk9oL;FrBF0IUqbpbt&1C+nh09D(0gsT z?*R;^S8h_ox*X-ptrP2fy^o$M-vNEh<+^Ic(#l2Sm~Z-YDO;3` z#>c4vpt;;ko+O!Cjf6#&+*Nt=Is$S5s5yor7>q*-;KA~HuSrt6a;rKH397Kr-&}f8 zWwaIZN5$%<)5Od3e%nmxL&0+a8$Qfy6w~;v8x^EzYMP_|n{XnZ5>YoOAMyW&<^O{U zh{xI3{|L!jaYa~~Bhub2mrP`HtWncMG^Zxu`*9;iTtX}2+hgF{K0xv``etGOuOitD z088O5oG!+H=KkS(Y(qw2g_Ec4{Lw#gG_|~sOo$-Q!`ZX{ljG*&9pQiePhROdL~>XA zeX9-G`9b~9*gw!6x56h4{q7PpyDgq&wY;`u+m!9Iz!lL6`QKE`HwA}N&@OYKiT)n` z50TNT6NyB_DT)H{iT|_#FPv2r&QEKNkfA zI{i1$RisOU| zEp_0Tp5#5jhHx4ap%@--qsVnooC8qTZMv5j>&caSx17m`f=QkwNE?d8mRxIA9E1%q zs*qx}9{FA*9?th;&QHN*k4X=8DBbvxiuD;4?@3&x$33esBXjq#`iBp<#J%?EzYS^_ zHLzr#Ml&}|5XKLL!cS%~Nb}>74%x13I=unk&Xg>TB49ZL%+38K8v`qV0sD=6#v+F8 zCqos1Q{DN~K*%lI_+h&Yq8IS5p%9i#?EnG*Xvg=ohuDde#->6Yx-5<9?Qv_6v~_ic zHQjB_Qd2C@quR{Fx<&# zGl=Mp;0m>bu6k_jL&Oi}Z*dN}lzu}x#=N2h71XF?&712Adpm zoPl6yRG4P=0e?w%HBT8X+9D{*_ZAd5^fhz41`+c5l+fumZ6kOJsaB%J0MrWF?z{Bj zMhV=86NP6<$7!l@nyEL38|3uNxjQ-mW!W|&s`JFpAAy!jzlRcgB=+PrL1)%T5ffia zZ|9N4t+n~sSb!(EcVx?%Q#_O8HdH01N;F>nF%zs1SuQBv5jo?bZqk8qe2tl}&8I>@ zy^~CXLDwPOmDemw$Z4s9dbQ;|k|GVe%88+5qb_ zsUt8GJ|4IoE34{%12PYSl(f(w=k2>?BUK>8e#m{N_U=%6oqgx~dc~auL)T8B1LY4} zfzJ%vn#8ZV$JGE-I-h*Hh53>(UHTDUt@!sn>r_Zj>LO}!qLC(Ud^@s_Fgl32>6W_Y z-*^VyDrITDplT~E7^;-vY>`IFTPZ zV0GgG1`TM8BVrH&_I6f(jzJ=Hg*+gg=^d`3`ocZsQzfQM@HMSPa0NSscFHqp?UqII zjHlM8`m=70B1okssf;c5gs-1TpOk48&!P951S+*w zux9b4k6*qep=ttKIIG8}hOR|U-?Wcr(B%~?d5HJv%lFI~J`076XDXH9P7`#fSwhaX z7~67w>tQIe%)oGbETDr~Hpon-^&7+hH;uI+<0G&PbeEXramv_lA^mnL14q6ki#FB= zO}H%DMKb2sR&Rtv!Wk8%ZIt@o2i)9(m@n5rwP|?Jm6u>Jr`TbtcS~7kjvTpLCs>|g zG>myw;t@k7w(OrI^lx>(&MI>8NZ@X4L+625PwE%+FCl|f0Wb-jZPQdDs5lI5rhM4kw zVVir}WydHI7SoBlv9-u-cC)MmXJHjfo*$(AE;6(*@+*Tt7phpR9pPSFU9Ina(Gy?_ zA@t@MJ%!1kYtCIQ!^1zFEERWOn+}U0CyG59SVX9wi%7VwP#8 zDD3jDdZy9iH0W<(-*_#vBxlNyga--A zRa)CU+AZF(7h0@fZzPk3D~7tmqLNY>KLF!AexXQy4(+O-p{j|eNToFTI1SZk*;pKb z-U~0~k!CeVb@BOHelWJLE0^u>@$^1+d?y>3YV_yrd_k`zd*heS&e}#jm`eg>_BoSP1%?A5) z;_XJTJmgh4YEVn$$`D<|vF(19WKIda6TVJ<{)Dh^e}`f`_Jn1_!a(3y>WjD{_BOdM z+%?c*`Z-&jjGf@G{TJf4V^-j4wS2W~aYXwUa-)Vfu8XwIvJE`QU6EsQQ_z+4;NvBe zW`X;!org2;xmobX5?g!^cDbLWxXN+{`I`s*uf&l}Kb5;gvX)AxUc8#Xf&;p#i7lJV zvZc@npUg)jf8-(7#&7io#x0C>ETXN;1ZSi9Mx^g-*F#_=&2>7Pk>bRe1Cr>dTYtb%_v7+fKDMB1QW~)|>tcyRP4c!xmfcBv780c#4SjJ$VD~ z88p#K4Fz^5e2=GIm*Gi`hf`W8mLH!a$$XSt_iwPtMfJkD9Hr4+&E>uR(xRd>)*|b5NFX zCkRY(&VbT@&Mo1VLoS>&oLDiFxJ{o}Jsjdq&=1K9G+g5$(L#2_!did*G`gNQ;T{=x z@hG-I8E>0zE!_r!UKii!{vG%h@!4dpx0C(`Ota1ae<@dI^h#sku0{A==6 zm|~k29(CBJn#KqEPh*)kz*a+@lUGf99$n1Z}9BJ>_S&)X%;3&PE)}?|Lx1ofkFyHVXBi-`S$Nr+8bLpe`F&spWTX%B&l5vhw0q zn>>6Z+TLx~J}{7(J8k}B(I3#`$IzM|}4qTJ#Hx(H?uw_fUm|WLFn7#t) zxu&qVm**))RvkN2qSHwR9^NQg?|-`S{ZupdulquFnw|*pA5ztFoL(bEB6i7U1?RLjf5jQh2F zYlxg8{^pd;2!{$1nbPtn|EVet-q!Rl*I82|g%aoY0@orooQO89pXbxhcA+ct$SzIq z(5SJ;)HFk@(QJUaE=VrEko4UQJvK_8fxpzXK4#@5-(QjyP4V%=yA>NfIez}K)qlC- zpEo`m#~?!t$p2{+61I>26@xgPw7duL{eFkRlY|3(uD#LjR97wgC4L(iih|d-*UKDBs z8>3x+XM1#m)M+Rpj{24QRdZ*4oxoH^)Zr{m{8Q;77E^7VXT;@lL_psdcvsD*NVNsA zoOr;8o3vL{Y}fml^C3Q0<@3&WotMsE2uV+l|D>kjOB#X{>mj4I5azhZnl5df+E8%@ zYBzRL*Kl#?b{NOIou;hGnj$F%Y;3FnKUFYp-Y;M3u zu>yH0JC~&41aq}&`m|{Mdl9_#24G~Qb8Nwwu|tUv=v^C?pe>>z$uEL}Ul z=$Lu1Ic_N|f0O~yct;RZC@sGPhS4FU{VNDy=Id0%;bjMl5pQuWB2@>|52cKL%0MZs zw-2Oq>t2;KHp90_xPUQKT5I?zn{P=|^f_W@jk4MT_zJfU!u)5Ni&I(PzZutA)EBY* zaT25}>l(QLtir-z1P=QTR(8F|Nd;`&mThn@!?h7zNr!5rvJ?rxcZDWRjMl_8 zhS#~6HE>nOesJ7TFVkLSj?<8^I8Azk6HVWUT3R}d8DDn%A%w3GxMceu`|pQFg{tL} z%J;Lpm<(4Y&)qI#K)R& zGC{{~Pah?(U6_ugK>Q=9Vc8tW=reBBrl0v>;CABz4-sG{n7^!G!TRZA{0C7t((VlQ z)zek7TeAczbKzKKy|aQvKTR`69)2Gc|J-KqHoZT@^DB(?Z2xk22O}FFjzQz8<_+Vk zcj#+ytyNRRv7U&qmSth<@j0c3wRb;reWhJb9PnOvHQTgb!TUR-d7lZBEB?qqOhRp4 z&;aNXbgpl<#3r@1(J7Ms0d4T1tN-KW=NCkeF%M&N+X7CnGb%TxthV6NW8O!gTcj%} zB1fZRsjhqC1J6UHL!!NBNU=iyT$_q7e67C_N&)ceJ7z&)IgvxC#I{U~I|M%1nXTaR zg6y^&T;=UAhCJrmid{)T`5GqoN^kj6?;s>L7>npc zIea~mpT-O;?>CGS47a81rXNP2K5(QI>*GgSyyTKMr*w*Po7n3<`guQ12d<8KnQ41l z?O+juf+vQ`i16JmUCwW_vzk_YE@-g6qrKIKN&}2CpTOg*vn~Ty80Zzh+wN1s5}VD^&z7sxVMWy|QW@Tr6SKt}f%%awH$0m=GXD!ivW){Arg0 zCugQR);J|zt`A*xhfp;8d*NB*&|9LXh}85;OCPO&gFd!wo3r7H$7e}+PI>XoN$^ur zvhzvb=3ra=TS;?A9=4$gi$-bTmC-TUR7OnE00pJ?K zh(uqQAdnM%G~t3Q|?c!FyzrV+7ofZ_1&->uH%sa>Ez90$6$twg_FL z1k1HGXPJAPeExG1XlXqLvW$6ey?VGT-9j18`wR=>`z9*wlV+z&HnAAvYA5WUPSx?C z7EYqF`UI7|$-S{#Kyu9P?lz7Q(C)@J5HAG4f3+7(nJ= zkq$YlDuyi>Kr;8>iFg&leYaxgKrmLksSA1fjE7ARvnkph=#qyxc{NEz&UQ7=8Mzqk ztJ+D1-kxrza~J4YfR0c0@UJ##W-n_Lm-)WF&qC1yt;2?j>?0B;Lg50$n)BIn z!Fpl;NoI7aszgw)s7Tt(j2vCpBjzr z!SL~i#y=Z8x;nugU=|TqP%>7e7v!5EE$T9KI5qTmx!?*o2T(<67k9+UksoKTNBL9no00kYslP7S-D@L8o0ULS;xw?m)!lDVc6~GZ@d>SKg!w-=%)r%z3hu+ zZmrHOnSbBi5$dp*<`N@)4r7oIm?_y_-elnI=B7m+Q_=?0SR{U|d*zokz9v27%gDZNyr)Y#1=9l>p7jG;4+xgv;*5dB_q4uaT(4J| zcY6=k*E?ifMu7>L&oCK75ZP!kf!xL@@EDr9EkB*WpL+H#z7YDT#)K@E8y zYJVYK^pE05JP>~KR^S;$H)#X`T&1I<4P7iO%zl(XxMQN~EYcfc+nE4CkN|8i7zZYg zRY4k}9*hQaKcJ2HWmZhUz?dHi_77SPnRKHQu?5e551RJMYX&c)iUgM9xE4PG&z7)q zjugr#PGlx$w)u_f5%XU0`gw?aC-5np6t5oMtyrdQ>}I5iLlmA?LtG#I^=ZAMXvfgc zF;2+RTG0M38^XXkBZpWi9Sy4avaU|)urf{@+YyykX|7Zeg{Lt+$1R<{X%NTjLYYZ- zwXkFwD}~I}*J~!Ydg)>pf~f<1ZZ%5OSTj@a-uC{h50O%LpXF$s8AeUw+}X!do)M9^ zGUHZ^B&9CcqV*hu)!)K-3i;J=Yvr-1_tBUT*9}>!bKvlJEENqwqLI32E?;m;gwqJ$ zECyz$anD43#Z$@2PbVMC;T=e}NxDb2+AtK>A3CTY5@zFwdkK8n`7+ZttW{7qp0`;6 zx&gODk>MJO(9aErh3L;J{(2af#lH_o+J+w)Q`HXNV5bVD7@Rh*m^co2vD$UpML*w| zP72wWPyH^nT`DPpv5-dYL>uh#?ShQn*V0*EWMqnkvKz6|S3xZW3O=LgSQZgx8qKKk zV!~`M=8Gi7fjr8L;@llAD<>S1m3gN5QYRXIS3^(Isk3X6l~`7u0$mEWS<|#M`o%F4 zL98c=HAS{s^}k&t%pbS$;a~&#KTq7s#VX2{6&P3S1#0;OkQhe2Zj@Nx62Hl%Y_v3S zSc_ANMvcd6K?dpyL^TIul{m5dLTvU~V~H&i9;`B*a37D`W`Fxex)c_Dvd9oRBte5G zZInJnT~>K3XKINkf5`9jN%S$+1}3V3AJ-*{+gJXiT`aAJ+@wp&rP6T}@!8;hy#x5x z@}mJe8^*5>r`u`V(+F%3BZb}R##Z@o(xi0bmE!3BUHCvA5vhWJsuzk~t-mf|Kqb>R za%L&ILe{VV^XH>bw3kRVRGHWy3(_rLE2&yj|K37sgSJYliFO1D^P+Lyt`{U67t8Q$ z^z;v)^MCm)Inf|=62BN=8>2`?F*pqaN9*5$lr4utI;dc>h6LCfw);>@0L8hA^tJx- z^9nNRYL>U1j;e8z9cHc!3p|obQXu+ypytnw@0j?CD7dwwB`rL^SK+?KDQh6R}hY1!D*WHe0JjAt{%bs0t_y0JZU&7SZ^cF_?G%4qjXl z@hFJl%as6>v#07|$S&4LiRai*__raq2sFA}IrPI}3Dd`r_2#QgI>B<8HE_`UyJh?( zG>ojR(3LJH3w(h}Vzxc1wNNNT{Exx1iZpXGF}~(HA;+$zjNb^Z1RngX+}dRUi$V4nH~~**k-P}WxJtqBkZefq_+GM=x8zNvziEXX!=-w(s=*cnFr}v(}%L* zUg|j6>1Pw1BgArUHPg0vyn~R&9XyK-HRV1yKhyK7O6%FLL@fsXm%l!e`%)25u{hY| zcbIyyjl>`>{M}f>$MH!s(7V=pOjG(hMmkUG=7a?IX)4T12e_TTcAeRplBHBEG7dvJ zp-yZP+jvW;Ma(KldF}lQfFxj=pT1CHXHb0H<&aWaB-sv7F9B38O%ozIsHy;3J<}{ttxh^ZO46+ zR}WbOpi=?&twu!ef}J`9MxXdU7rS}GM{M@DBXHF3eN&$Gk6n?9Ha`v}DZ>1EQoH#XJ zu-*B<$`69`X$to5rTNi}9pTs6*C196jF0#nimH{FnQ|D1+5ey}Cqtnc{+ackk1K%x E4{OrM4gdfE literal 0 HcmV?d00001 diff --git a/docs/configuration.md b/docs/configuration.md index 26b764f..a4efbc4 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -6,7 +6,7 @@ Create a `.env` file to set up the application configuration: nano .env ``` -You can enter any environment variables referenced in `__init__.py` to this file. +You can enter any environment variables referenced in [`__init__.py`](../capsulflask/__init__.py) to this file. For example you may enter your SMTP credentials like this: ``` @@ -15,7 +15,55 @@ MAIL_DEFAULT_SENDER=forest@nullhex.com MAIL_PASSWORD=************** ``` -## Loading variables from files +## Example configuration from capsul.org (production): + +``` +#LOG_LEVEL=DEBUG + +BASE_URL="https://capsul.org" + +# hub url is used by the SPOKE_MODE to contact the hub. Since this server is the hub, +# this is fine. In fact it runs into problems (routing related?) when I set it to capsul.org. +# similarly the baikal "spoke" (set up in the hosts table in the db) has "http://localhost:5000" as the https_url +HUB_URL="http://localhost:5000" + +HUB_MODE_ENABLED="t" +SPOKE_MODE_ENABLED="t" +HUB_MODEL="capsul-flask" +SPOKE_MODEL="shell-scripts" +SPOKE_HOST_ID="baikal" +SPOKE_HOST_TOKEN="" +HUB_TOKEN="" + +# smtp.. see https://flask-mail.readthedocs.io/en/latest/#configuring-flask-mail +MAIL_SERVER="smtp.nullhex.com" + +# MAIL_USE_SSL means SMTP with STARTTLS +MAIL_USE_SSL=true + +# MAIL_USE_TLS means SMTP wrapped in TLS +MAIL_USE_TLS=false + +MAIL_PORT="465" +MAIL_USERNAME="capsul@nullhex.com" +MAIL_PASSWORD="" +MAIL_DEFAULT_SENDER="capsul@nullhex.com" + +# stripe +STRIPE_SECRET_KEY="sk_live_" +STRIPE_PUBLISHABLE_KEY="pk_live_tGDHY7kBwqC71b4F0N7LZdGl00GZOw0iNJ" + +# internal +SECRET_KEY="" +POSTGRES_CONNECTION_PARAMETERS="sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=postgres.cyberia.club port=5432 ..." + + +# btcpay server +BTCPAY_URL="https://beeteeceepae2.cyberia.club" +BTCPAY_PRIVATE_KEY='-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----' +``` + +## Loading variables from files (docker secrets) To support [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/), you can also load secret values from files – for example, to load `MAIL_PASSWORD` from `/run/secrets/mail_password`, set ```sh diff --git a/docs/database.md b/docs/database.md index b2b9d72..f192783 100644 --- a/docs/database.md +++ b/docs/database.md @@ -1,6 +1,20 @@ -# Working with the Capsul database +# capsul-flask's relationship to its Database Server -## Running manual database queries +Capsul has a ["hub and spoke" architecture](./architecture.md). The "Hub" runs the web application and talks to the Postrges database, while the "Spoke"s are responsible for creating/managing virtual machines. One instance of the capsul-flask application can run in both hub mode and spoke mode at the same time, however there must only be one instance of the app running in "Hub" mode at any given time. + +The Postgres connections parameters are [configurable](./configuration.md). + +## Database schema management (schema versions) + +capsul-flask has a concept of a schema version. When the application starts, it will query the database for a table named `schemaversion` that has one row and one column (`version`). If the `version` it finds is not equal to the `desiredSchemaVersion` variable set in `db.py`, it will run migration scripts from the `schema_migrations` folder one by one until the `schemaversion` table shows the correct version. + +For example, the script named `02_up_xyz.sql` should contain code that migrates the database from schema version 1 to schema version 2. Likewise, the script `02_down_xyz.sql` should contain code that migrates from schema version 2 back to schema version 1. + +**IMPORTANT: if you need to make changes to the schema, make a NEW schema version. DO NOT EDIT the existing schema versions.** + +In general, for safety, schema version upgrades should not delete data. Schema version downgrades will simply throw an error and exit for now. + +## Running manual database queries You can manually mess around with the database like this: @@ -31,16 +45,6 @@ $ pipenv run flask cli sql -c "SELECT id, created, email, dollars, invalidated f 1, 2020-05-05T00:00:00, forest.n.johnson@gmail.com, 20.00, TRUE ``` -## Database schema management - -capsulflask has a concept of a schema version. When the application starts, it will query the database for a table named `schemaversion` that has one row and one column (`version`). If the `version` it finds is not equal to the `desiredSchemaVersion` variable set in `db.py`, it will run migration scripts from the `schema_migrations` folder one by one until the `schemaversion` table shows the correct version. - -For example, the script named `02_up_xyz.sql` should contain code that migrates the database from schema version 1 to schema version 2. Likewise, the script `02_down_xyz.sql` should contain code that migrates from schema version 2 back to schema version 1. - -**IMPORTANT: if you need to make changes to the schema, make a NEW schema version. DO NOT EDIT the existing schema versions.** - -In general, for safety, schema version upgrades should not delete data. Schema version downgrades will simply throw an error and exit for now. - ## how to view the logs on the database server (legion.cyberia.club) `sudo -u postgres pg_dump capsul-flask | gzip -9 > capsul-backup-2021-02-15.gz` diff --git a/docs/deployment.md b/docs/deployment.md index 305ad2d..e564d78 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -1,6 +1,8 @@ # Deploying Capsul on a server -## Installing prerequisites for Spoke Mode +Capsul has a ["hub and spoke" architecture](./architecture.md). The "Hub" runs the web application and talks to the Postrges database, while the "Spoke"s are responsible for creating/managing virtual machines. One instance of the capsul-flask application can run in both hub mode and spoke mode at the same time, however there must only be one instance of the app running in "Hub" mode at any given time. + +## Installing prerequisites for Spoke Mode On your spoke (see [Architecture](./architecture.md) You'll need `libvirtd`, `dnsmasq`, and `qemu-kvm`, plus a `/tank` diectory with some operating system images in it: @@ -17,7 +19,7 @@ TODO: cyberia-cloudinit.yml ## Deploying capsul-flask -### Extra Manual™ +### Manually Follow the [local set-up instructions](./local-set-up.md) on your server. @@ -28,9 +30,26 @@ init scripts, or SystemD unit files). Use the suggested `gunicorn` command (with appropriately-set address and port), instead of `flask run`, to launch the server. -TODO: cron runner +For example, here is the SystemD service unit file we use in production for `capsul.org`: -### Using vanilla Docker Swarm +``` +[Unit] +Description=capsul-flask virtual machines as a service +After=network.target + +[Service] +ExecStart=/usr/local/bin/pipenv run gunicorn --bind 127.0.0.1:5000 -k gevent --worker-connections 1000 app:app +Restart=on-failure +WorkingDirectory=/opt/capsul-flask + +[Install] +WantedBy=multi-user.target + +``` + +TODO: cron runner is required to run maintenance tasks for now, but in the future we want to build this into the python based task scheduler. + +### Using Co-op Cloud's vanilla Docker Swarm configuration Download the Co-op Cloud swarm `compose.yml`: @@ -59,7 +78,7 @@ you want, and set `your_capsul` to the "stack name" you want). TODO: cron runner -### Using Co-op Cloud / Docker Swarm +### Using Co-op Cloud's `abra` deployment tool Follow [the guide in the README for the Co-op Cloud capsul package](https://git.autonomic.zone/coop-cloud/capsul/). diff --git a/docs/local-set-up.md b/docs/local-set-up.md index 4f3adef..5fdb56b 100644 --- a/docs/local-set-up.md +++ b/docs/local-set-up.md @@ -1,19 +1,6 @@ # How to run Capsul locally -## With Docker - -If you have Docker and Docker-Compose installed, you can use the -`3wordchant/capsul-flask` Docker image to launch capsul-flask, and a Postgres -database server, for you: - -```sh -docker-compose up -``` - -docker-compose will read settings from your `.env` file; you can set any of the -options mentioned in the [configuration documentation](./configuration.md). - -## Manually +## Manually Ensure you have the pre-requisites for the psycopg2 Postgres database adapter package: @@ -67,3 +54,16 @@ pipenv run flask cli sql -c "INSERT INTO payments (email, dollars) VALUES ('Run locally with docker-compose + +If you have Docker and Docker-Compose installed, you can use the +`3wordchant/capsul-flask` Docker image to launch capsul-flask, and a Postgres +database server, for you: + +```sh +docker-compose up +``` + +docker-compose will read settings from your `.env` file; you can set any of the +options mentioned in the [configuration documentation](./configuration.md).