95e3cffb86
Signed-off-by: Loïc Dachary <loic@dachary.org>
132 lines
4.2 KiB
Markdown
132 lines
4.2 KiB
Markdown
# Deploying Capsul on a server
|
|
|
|
Capsul has a ["hub and spoke" architecture](./architecture.md). The "Hub" runs the web application and talks to the Postgres database, while the "Spoke"s are responsible for creating/managing virtual machines. One instance of the capsul-flask application can run in both hub mode and spoke mode at the same time, however there must only be one instance of the app running in "Hub" mode at any given time.
|
|
|
|
## <a name="spoke_mode_prerequisites"></a>Installing prerequisites for Spoke Mode
|
|
|
|
On your spoke (see [Architecture](./architecture.md) You'll need `libvirtd`, `dnsmasq`, and `qemu-kvm`, plus a `/tank` diectory with some operating system images in it:
|
|
|
|
```
|
|
sudo apt install libvirt-daemon-system virtinst git dnsmasq qemu qemu-kvm
|
|
sudo mkdir -p /var/www /tank/{vm,img,config}
|
|
sudo mkdir -p /tank/img/debian/10
|
|
cd !$
|
|
sudo wget https://cloud.debian.org/images/cloud/buster/20201023-432/debian-10-genericcloud-amd64-20201023-432.qcow2 -O root.img.qcow2
|
|
```
|
|
|
|
TODO: network set-up
|
|
|
|
|
|
## cyberia-cloudinit.yml
|
|
|
|
The create vm shell script depends on this file. I think right now its file path is hard-coded to `/tank/config/cyberia-cloudinit.yml`
|
|
|
|
```
|
|
#cloud-config
|
|
preserve_hostname: true
|
|
users:
|
|
- name: cyberian
|
|
groups: wheel
|
|
lock_passwd: true
|
|
shell: /bin/bash
|
|
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
|
ssh-authorized_keys:
|
|
```
|
|
|
|
### Metrics
|
|
|
|
Capsul integrates with Prometheus to grab the data for the capsul metric graphs.
|
|
|
|
The code that generates those metrics is here: https://github.com/kumina/libvirt_exporter
|
|
|
|
### autonomic / servers.coop version for ipv6 support
|
|
|
|
```
|
|
#cloud-config
|
|
package_upgrade: true
|
|
packages:
|
|
- curl
|
|
- wget
|
|
- git
|
|
- vim
|
|
bootcmd:
|
|
- echo 'iface ens3 inet6 dhcp' >> /etc/network/interfaces.d/50-cloud-init
|
|
- ifdown ens3; ifup ens3
|
|
final_message: "The system is finally up, after $UPTIME seconds"
|
|
users:
|
|
- name: user
|
|
groups: sudo
|
|
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
|
ssh-authorized-keys:
|
|
```
|
|
|
|
|
|
## Deploying capsul-flask
|
|
|
|
### <a name="deploy_manually"></a>Manually
|
|
|
|
Follow the [local set-up instructions](./local-set-up.md) on your server.
|
|
|
|
Make sure to set `BASE_URL` correctly, generate your own secret tokens, and
|
|
configure your own daemon management for the capsul-flask server (e.g. writing
|
|
init scripts, or SystemD unit files).
|
|
|
|
Use the suggested `gunicorn` command (with appropriately-set address and port),
|
|
instead of `flask run`, to launch the server.
|
|
|
|
For example, here is the SystemD service unit file we use in production for `capsul.org`:
|
|
|
|
```
|
|
[Unit]
|
|
Description=capsul-flask virtual machines as a service
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/usr/local/bin/pipenv run gunicorn --bind 127.0.0.1:5000 -k gevent --worker-connections 1000 app:app
|
|
Restart=on-failure
|
|
WorkingDirectory=/opt/capsul-flask
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
```
|
|
|
|
TODO: cron runner is required to run maintenance tasks for now, but in the future we want to build this into the python based task scheduler.
|
|
|
|
### <a name="coop_cloud_docker"></a> Using Co-op Cloud's vanilla Docker Swarm configuration
|
|
|
|
Download the Co-op Cloud swarm `compose.yml`:
|
|
|
|
```sh
|
|
wget https://git.autonomic.zone/coop-cloud/capsul/src/branch/main/compose.yml
|
|
```
|
|
|
|
Optionally, download add-on compose files for Stripe, BTCPay, and Spoke Mode:
|
|
|
|
```sh
|
|
wget https://git.autonomic.zone/coop-cloud/capsul/src/branch/main/compose.{stripe,btcpay,spoke}.yml
|
|
```
|
|
|
|
Then, create a `.env` file and configure appropriately -- you probably want to
|
|
define most settings in [the Co-op Cloud `.envrc.sample`
|
|
file](https://git.autonomic.zone/coop-cloud/capsul/src/branch/main/.envrc.sample).
|
|
|
|
Load the environment variables (using Python `direnv`, or a manual `set -a && source .env && set +a`), insert any necessary secrets, then run the deployment:
|
|
|
|
```sh
|
|
docker stack deploy -c compose.yml -c compose.stripe.yml your_capsul
|
|
```
|
|
|
|
(where you'd add an extra `-c compose.btcpay.yml` for each optional compose file
|
|
you want, and set `your_capsul` to the "stack name" you want).
|
|
|
|
TODO: cron runner
|
|
|
|
### <a name="coop_cloud_abra"></a> Using Co-op Cloud's `abra` deployment tool
|
|
|
|
Follow [the guide in the README for the Co-op Cloud capsul package](https://git.autonomic.zone/coop-cloud/capsul/).
|
|
|
|
### Using docker-compose
|
|
|
|
TODO
|