diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2016-02-17 16:07:23 +0000 |
|---|---|---|
| committer | Baserock Gerrit <gerrit@baserock.org> | 2016-02-19 12:37:25 +0000 |
| commit | 2ff5d6f4fb78cbdc0affdcb5a96cdc0c4612f743 (patch) | |
| tree | 4458dd56f7d55d2e26de5b662362c377c208e672 /README.mdwn | |
| parent | ed303aa8aa09ae8de03aad364acae9a3f80bd40a (diff) | |
| download | infrastructure-2ff5d6f4fb78cbdc0affdcb5a96cdc0c4612f743.tar.gz | |
baserock_openid_provider: Update on top of Fedora 23, and without Packer
This means we no longer use Packer for anything, which is good.
The switch from Django 1.7 to Django 1.9 caused some problems in the
openid_provider module. Upstream for that module is here:
https://bitbucket.org/romke/django_openid_provider/
At the time of writing there was no fix upstream for these issues, it
would be good to submit them. We have other unsubmitted changes against
that upstream in our openid_provider code.
One issue was use of import_module (which is now available from
importlib, doesn't need to be imported from django.utils any more).
Another is use of WSGIRequest.REQUEST, which is deprecated since
Django 1.7 and removed in Django 1.9. We now need to use .POST or
.GET to get that info.
Change-Id: I60793aaf0d84d81b89ff59efbe08240d99b7973f
Diffstat (limited to 'README.mdwn')
| -rw-r--r-- | README.mdwn | 66 |
1 files changed, 9 insertions, 57 deletions
diff --git a/README.mdwn b/README.mdwn index 280f071a..a9db18d5 100644 --- a/README.mdwn +++ b/README.mdwn @@ -131,46 +131,6 @@ NOTE: to run these playbooks you need to have the public ssh key of the backups instance in `keys/backup.key.pub`. -Deployment with Packer ----------------------- - -> **NOTE**: I no longer think that Packer is the right tool for our needs. This -> is partly because of critical bugs that have not been fixed since I started -> using it (e.g. <https://github.com/mitchellh/packer/issues/1462>), and partly -> because I realised that I was just using it to wrap `nova` and -> `ansible-playbook`, and it is simple enough to use those commands directly. -> -> I had hoped that we could make use of Packer's multiple backends in order to -> test systems locally in Docker before deploying them to OpenStack. It turns -> out Docker is sufficiently different to OpenStack that this doesn't make life -> any easier during development. Networking setup is different, systemd doesn't -> work inside Docker by default, base images are different in other ways, etc. -> -> So I recommend not using Packer for future systems, and I will try to -> migrate the definitions for the existing ones to just use Ansible. -> -> Sam Thursfield 10/04/15 - -Some of the systems are built with [Packer]. I chose Packer because it provides -similar functionality to the `morph deploy` command, although its -implementation makes different tradeoffs. The documentation below shows the -commands you need to run to build systems with Packer. Some of the systems can -be deployed as Docker images as well as OpenStack images, to enable local -development and testing. - -The following error from Packer means that you didn't set your credentials -correctly in the `OS_...` environment variables, or they were not accepted. - -> Build 'production' errored: Missing or incorrect provider - -The the Packer tool requires a floating IP to be available at the time a system -is being deployed to OpenStack. Currently 185.43.218.169 should be used for -this. If you specify a floating IP that is in use by an existing instance, you -will steal it for your own instance and probably break one of our web services. - -[Packer]: http://www.packer.io/ - - Systems ------- @@ -279,35 +239,27 @@ receive mail, or relay mail sent by systems outside the baserock.org cloud. ### OpenID provider -To deploy a development instance: - - packer build -only=development baserock_openid_provider/packer_template.json - baserock_openid_provider/develop.sh - # Now you have a root shell inside your container - cd /srv/baserock_openid_provider - python ./manage.py runserver 0.0.0.0:80 - # Now you can browse to http://localhost:80/ and see the server. - To deploy this system to production: vim baserock_openid_provider/baserock_openid_provider/settings.py -Edit the DATABASES['default']['HOST'] to point to the fixed IP of the -'database' machine, and check the settings. See: -https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ - - packer build -only=production baserock_openid_provider/packer_template.json +Check the DATABASE_HOST IP, and check the other settings against the [Django +deployment +checklist](https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/). nova boot openid.baserock.org \ --key-name $keyname \ --flavor dc1.1x1 \ - --image 'baserock_openid_provider' \ - --nic "net-id=$network_id',v4-fixed-ip=192.168.222.67" \ - --security-groups default,web-server + --image $fedora_image_id \ + --nic "net-id=$network_id,v4-fixed-ip=192.168.222.144" \ + --security-groups default,web-server \ --user-data ./baserock-ops-team.cloud-config + ansible-playbook -i hosts baserock_openid_provider/image-config.yml ansible-playbook -i hosts baserock_openid_provider/instance-config.yml +The baserock_openid_provider system is stateless. + To change Cherokee configuration, it's usually easiest to use the cherokee-admin tool in a running instance. SSH in as normal but forward port 9090 to localhost (pass `-L9090:localhost:9090` to SSH). Backup the old |