Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #1406 from bennerv/deploydev-docs 

Documentation for deploying whole int-style servce in dev mode
This commit is contained in:
Mangirdas Judeikis 2021-05-06 11:48:42 +03:00 коммит произвёл GitHub
Родитель eff1cc23d4 a16991c152
Коммит eb247dbc7f
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
5 изменённых файлов: 231 добавлений и 86 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
Makefile
Просмотреть файл

@ -99,6 +99,9 @@ secrets-update:
az storage blob upload -n secrets.tar.gz -c secrets -f secrets.tar.gz --account-name ${SECRET_SA_ACCOUNT_NAME} >/dev/null
rm secrets.tar.gz
tunnel:
go run ./hack/tunnel $(shell az network public-ip show -g ${RESOURCEGROUP} -n rp-pip --query 'ipAddress')
e2e.test:
go test ./test/e2e -tags e2e -c -ldflags "-X github.com/Azure/ARO-RP/pkg/util/version.GitCommit=$(COMMIT)" -o e2e.test
@ -136,4 +139,4 @@ vendor:
# https://groups.google.com/forum/#!topic/golang-nuts/51-D_YFC78k
hack/update-go-module-dependencies.sh
.PHONY: admin.kubeconfig aro az clean client deploy discoverycache generate image-aro image-aro-multistage image-fluentbit image-proxy lint-go proxy publish-image-aro publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test test-e2e test-go test-python vendor
.PHONY: admin.kubeconfig aro az clean client deploy discoverycache generate image-aro image-aro-multistage image-fluentbit image-proxy lint-go proxy publish-image-aro publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor

45
docs/deploy-development-rp.md
Просмотреть файл

@ -2,50 +2,7 @@
## Prerequisites
1. Install [Go 1.14](https://golang.org/dl) or later, if you haven't already.
1. Install [Python 3.6+](https://www.python.org/downloads), if you haven't
already. You will also need `python-setuptools` installed, if you don't have it
installed already.
1. Install `virtualenv`, a tool for managing Python virtual environments. The
package is called `python-virtualenv` on both Fedora and Debian-based
systems.
1. Fedora users: install the `gpgme-devel`, `libassuan-devel`, and `openssl` packages.
Debian users: install the `libgpgme-dev` package.
OSX users: please follow [Prepare your development environment using
OSX](./prepare-your-development-environment-using-osx.md).
> __NOTE:__ The `gpgme-devel` and `libassuan-devel` libraries are needed in the aro `mirror` functionality. The dependency can be excluded if one uses build tag `containers_image_openpgp` when building the RP. See [this link](https://github.com/containers/image#supported-build-tags) for more details on removal.
1. Install the [az
client](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), if you
haven't already. You will need `az` version 2.0.72 or greater, as this
version includes the `az network vnet subnet update
--disable-private-link-service-network-policies` flag.
1. Install [OpenVPN](https://openvpn.net/community-downloads), if you haven't
already.
## Getting started
1. Log in to Azure:
```bash
az login
```
1. Git clone this repository to your local machine:
```bash
go get -u github.com/Azure/ARO-RP/...
cd ${GOPATH:-$HOME/go}/src/github.com/Azure/ARO-RP
```
1. Your development environment is prepared according to the steps outlined in [Prepare Your Dev Environment](./prepare-your-dev-environment.md)
## Installing the extension

153
docs/deploy-full-rp-service-in-dev.md Normal file
Просмотреть файл

@ -0,0 +1,153 @@
# Deploy an Entire RP Development Service
## Prerequisites
1. Your development environment is prepared according to the steps outlined in [Prepare Your Dev Environment](./prepare-your-dev-environment.md)
## Deploying an int-like Development RP
1. Fetch the most up-to-date secrets with `make secrets`
1. Copy and source your environment file.
```bash
cp env.example env
vi env
. ./env
```
1. Generate the development RP configuration
```bash
make dev-config.yaml
```
1. Update and resource your environment file
> It should look something like below once completed
```bash
export LOCATION=eastus
export ARO_IMAGE=arointsvc.azurecr.io/aro:latest
. secrets/env
export RESOURCEGROUP=$USER-aro-$LOCATION
export DATABASE_ACCOUNT_NAME=$USER-aro-$LOCATION
export DATABASE_NAME=ARO
export KEYVAULT_PREFIX=$USER-aro-$LOCATION
export ARO_IMAGE=${USER}aro.azurecr.io/aro:$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty)
```
```bash
. ./env
```
1. Run `make deploy`
> __NOTE:__ This will fail on the first attempt to run due to certificate and container mirroring requirements.
1. Update the certificates in keyvault
<!-- TODO: this is almost duplicated elsewhere. Would be nice to move to common area -->
```bash
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-mdm \
--file secrets/rp-metrics-int.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-mdsd \
--file secrets/rp-logging-int.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name cluster-mdsd \
--file secrets/cluster-logging-int.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name dev-arm \
--file secrets/arm.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-firstparty \
--file secrets/firstparty.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-server \
--file secrets/localhost.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-por" \
--name portal-server \
--file secrets/localhost.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-por" \
--name portal-client \
--file secrets/portal-client.pem >/dev/null
```
1. Mirror the OpenShift images to your new ACR
<!-- TODO (bv) allow mirroring through a pipeline would be faster and a nice to have -->
1. Setup mirroring environment variables
```bash
export DST_ACR_NAME=${USER}aro
export SRC_AUTH_QUAY=FILL_IN # Get quay auth https://cloud.redhat.com/openshift/create/local -> Download Pull Secret
export SRC_AUTH_REDHAT=$(echo $USER_PULL_SECRET | jq -r '.auths."registry.redhat.io".auth')
export DST_AUTH=$(echo -n '00000000-0000-0000-0000-000000000000:'$(az acr login -n ${DST_ACR_NAME} --expose-token | jq -r .accessToken) | base64 -w0)
1. Login to the Azure Container Registry
```bash
docker login -u 00000000-0000-0000-0000-000000000000 -p "$(echo $DST_AUTH | base64 -d | cut -d':' -f2)" "${DST_ACR_NAME}.azurecr.io"
```
1. Run the mirroring
> The `latest` argument will take the InstallStream from `pkg/util/version/const.go` and mirror that version
```bash
go run ./cmd/aro mirror latest
```
1. Push the ARO image to your ACR
```bash
make publish-image-aro-multistage
```
1. Delete the existing VMSS
> __NOTE:__ This needs to be deleted as deploying won't recreate the VMSS if the commit hash is the same.
```bash
az vmss delete -g ${RESOURCEGROUP} --name rp-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty)
```
1. Run `make deploy`
## Deploying a cluster
1. Setup a local tunnel to the RP
```bash
make tunnel
```
1. Deploy your cluster
```bash
RESOURCEGROUP=v4-$LOCATION CLUSTER=bvesel go run ./hack/cluster create
```
> __NOTE:__ The cluster will not be accessible via DNS unless you update the parent domain of the cluster.
## SSHing into RP VMSS Instance
1. Update the RP NSG to allow SSH
```bash
az network nsg rule create \
--name ssh-to-rp \
--resource-group $RESOURCEGROUP \
--nsg-name rp-nsg \
--access Allow \
--priority 140 \
--source-address-prefixes "$(curl --silent ipecho.net/plain)/32" \
--protocol Tcp \
--destination-port-ranges 22
```
1. SSH into the VM
```bash
VMSS_PIP=$(az vmss list-instance-public-ips -g $RESOURCEGROUP --name rp-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty) | jq -r '.[0].ipAddress')
ssh cloud-user@${VMSS_PIP}
```

73
docs/prepare-your-dev-environment.md Normal file
Просмотреть файл

@ -0,0 +1,73 @@
# Prepare Your Development Environment
This document goes through the development dependencies one requires in order to build the RP code.
## Software Required
1. Install [Go 1.14](https://golang.org/dl) or later, if you haven't already.
1. Install [Python 3.6+](https://www.python.org/downloads), if you haven't already. You will also need `python-setuptools` installed, if you don't have it installed already.
1. Install `virtualenv`, a tool for managing Python virtual environments.
> The package is called `python-virtualenv` on both Fedora and Debian-based systems.
1. Install the [az client](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), if you haven't already. You will need `az` version 2.0.72 or greater, as this version includes the `az network vnet subnet update --disable-private-link-service-network-policies` flag.
1. Install [OpenVPN](https://openvpn.net/community-downloads) if it is not already installed
1. Install the relevant packages required for your OS defined below.
### Fedora Packages
1. Install the `gpgme-devel`, `libassuan-devel`, and `openssl` packages.
> `sudo dnf install -y gpgme-devel libassuan-devel openssl`
### Debian Packages
1. Install the `libgpgme-dev` package.
### MacOS Packages
1. We are open to developers on MacOS working on this repository. We are asking MacOS users to setup GNU utils on their machines.
We are aiming to limit the amount of shell scripting, etc. in the repository, installing the GNU utils on MacOS will minimise the chances of unexpected differences in command line flags, usages, etc., and make it easier for everyone to ensure compatibility down the line.
Install the following packages on MacOS:
```bash
# GNU Utils
brew install coreutils
brew install findutils
brew install gnu-tar
brew install grep
# Install envsubst
brew install gettext
brew link --force gettext
# Install
brew install gpgme
# GNU utils
# Ref: https://web.archive.org/web/20190704110904/https://www.topbug.net/blog/2013/04/14/install-and-use-gnu-command-line-tools-in-mac-os-x
# gawk, diffutils, gzip, screen, watch, git, rsync, wdiff
export PATH="/usr/local/bin:$PATH"
# coreutils
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
# findutils
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
#grep
export PATH="/usr/local/opt/grep/libexec/gnubin:$PATH"
#python-virtualenv
sudo pip3 install virtualenv
```
## Getting Started
1. Login to Azure:
```bash
az login
```
1. Clone the repository to your local machine:
```bash
go get -u github.com/Azure/ARO-RP/...
cd ${GOPATH:-$HOME/go}/src/github.com/Azure/ARO-RP
```

41
docs/prepare-your-development-environment-using-osx.md
Просмотреть файл

@ -1,41 +0,0 @@
# Prepare your development environment using OSX
We are open to developers on OSX working on this repository. We are asking OSX
users to setup GNU utils on their machines.
We are aiming to limit the amount of shell scripting, etc. in the repository,
installing the GNU utils on OSX will minimise the chances of unexpected
differences in command line flags, usages, etc., and make it easier for everyone
to ensure compatibility down the line.
## Guidance
```bash
# GNU Utils
brew install coreutils
brew install findutils
brew install gnu-tar
brew install grep
# Install envsubst
brew install gettext
brew link --force gettext
# Install
brew install gpgme
# GNU utils
# Ref: https://web.archive.org/web/20190704110904/https://www.topbug.net/blog/2013/04/14/install-and-use-gnu-command-line-tools-in-mac-os-x
# gawk, diffutils, gzip, screen, watch, git, rsync, wdiff
export PATH="/usr/local/bin:$PATH"
# coreutils
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
# findutils
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
#grep
export PATH="/usr/local/opt/grep/libexec/gnubin:$PATH"
#python-virtualenv
sudo pip3 install virtualenv
```