diff options
-rw-r--r-- | README.mdwn | 8 | ||||
-rwxr-xr-x | baserock_database/develop.sh | 70 | ||||
-rw-r--r-- | baserock_database/image-config.yml | 13 | ||||
-rw-r--r-- | baserock_database/packer_template.json | 57 |
4 files changed, 15 insertions, 133 deletions
diff --git a/README.mdwn b/README.mdwn index 3b2501ff..26388d71 100644 --- a/README.mdwn +++ b/README.mdwn @@ -202,13 +202,12 @@ because Storyboard only supports MariaDB. To deploy this system to production: - packer build -only=production database/packer_template.json nova boot database-mariadb \ --key-name=$keyname \ --flavor dc1.1x1 \ - --image 'database-mariadb' \ - --nic='net-id=d079fa3e-2558-4bcb-ad5a-279040c202b5,v4-fixed-ip=192.168.222.30' \ - --security-groups default,database-mariadb + --image=$fedora_image_id \ + --nic="net-id=$network_id,v4-fixed-ip=192.168.222.30" \ + --security-groups default,database-mysql \ --user-data ./baserock-ops-team.cloud-config nova volume-create \ --display-name database-volume \ @@ -217,6 +216,7 @@ To deploy this system to production: 100 nova volume-attach database-mariadb <volume ID> /dev/vdb + ansible-playbook -i hosts database/image-config.yml ansible-playbook -i hosts database/instance-config.yml To add the required users and databases, run the following playbook. This can diff --git a/baserock_database/develop.sh b/baserock_database/develop.sh deleted file mode 100755 index 140092b1..00000000 --- a/baserock_database/develop.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh - -# Start up a development instance of 'database', which will be accessible on -# the local machine. (To stop it again, use `docker stop baserock-database`). - -# Note that this container works in a different way to the official Docker -# MariaDB image (<https://registry.hub.docker.com/_/mariadb/>). That's -# intentional: the official image is for use when Docker is being used as a -# production environment and the official Docker images are considered trusted. -# Here I am using Docker as a tool to locally test out trusted(ish) images that -# I create with Packer, before deploying them to an OpenStack cloud. - -set -eu - -# These lines of SQL are needed to authorize the container host for accessing -# the database remotely. (It actually grants access to any host, but since -# this is a development instance that's OK!) -CREATE_REMOTE_ROOT_USER_SQL="CREATE USER 'root'@'%' IDENTIFIED BY 'insecure' ;" -ALLOW_REMOTE_ROOT_USER_SQL="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION ;" - -docker run --detach \ - --name=baserock-database \ - --publish=127.0.0.1:3306:3306 \ - baserock/database \ - /bin/sh -c " \ - echo \"$CREATE_REMOTE_ROOT_USER_SQL\" > /tmp/mariadb-init.sql && \ - echo \"$ALLOW_REMOTE_ROOT_USER_SQL\" >> /tmp/mariadb-init.sql && \ - /usr/libexec/mariadb-prepare-db-dir mariadb && \ - /usr/bin/mysqld_safe --basedir=/usr --init-file=/tmp/mariadb-init.sql" - -trap 'docker rm -f baserock-database > /dev/null' ERR - -# Create some dummy accounts (in production deployments, this is done using the -# 'service-config.yml' Ansible playbook). We expect that there exists a 'root' -# user with no password set already. - -create_without_overwriting() { - target_file="$1" - content="$2" - if [ -e "$target_file" -a "$(cat "$target_file")" != "$content" ]; then - echo >&2 "Not overwriting existing file $target_file" - # Don't let the user create a development environment using files that - # could contain the real passwords, to avoid them being used in an - # insecure deployment. - exit 1 - fi - echo "$content" > "$target_file" -} - -create_without_overwriting "database/root.database_password.yml" "root_password: insecure" -create_without_overwriting "database/baserock_openid_provider.database_password.yml" "baserock_openid_provider_password: openid_insecure" - -# Ouch! Would be nice if you could get the 'docker run' command to wait until -# the database server is ready, or poll somehow until it is. -echo "Waiting 30 seconds for database server to be ready" -sleep 30 - -# Note that the Python 'mysqldb' module is required on the machine Ansible -# connects to for this playbook. For development deployments that is *your* -# machine (since we cannot and should not SSH into the Docker container). On -# Red Hat OSes the package you need is called 'MySQL-python'. -ansible-playbook database/user_config.yml - -echo "You have a container named 'baserock-database' listening on port 3306." -echo -echo "Pass '--link baserock-database:mysql' to 'docker run' when starting " -echo "other containers if you want to give them access to this instance." -echo -echo "Run 'docker stop baserock-database; docker rm baserock-database' when " -echo "you are done with it (all data will then be lost)." diff --git a/baserock_database/image-config.yml b/baserock_database/image-config.yml index a6ba9866..1bac0b96 100644 --- a/baserock_database/image-config.yml +++ b/baserock_database/image-config.yml @@ -1,10 +1,10 @@ # System configuration for Baserock database server. # -# Packer runs this playbook inside the system at 'build' time, using the -# command `sudo ansible-playbook`. +# This Ansible playbook expects to be run on a Fedora 21 Cloud image. --- - hosts: localhost gather_facts: False + sudo: True tasks: - name: enable persistant journal shell: mkdir /var/log/journal @@ -20,3 +20,12 @@ - mariadb - mariadb-server - MySQL-python + + - name: install libselinux-python, so Ansible can control selinux + yum: name=libselinux-python state=latest + + - name: disable SELinux on subsequent boots + selinux: state=disabled + + - name: disable SELinux on current boot + command: setenforce 0 diff --git a/baserock_database/packer_template.json b/baserock_database/packer_template.json deleted file mode 100644 index 2afd78ef..00000000 --- a/baserock_database/packer_template.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "builders": [ - { - "name": "development", - "type": "docker", - "image": "fedora:20", - "commit": true, - "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"] - }, - { - "name": "production", - "type": "openstack", - "image_name": "database-mariadb", - "flavor": "f0577618-9125-4948-b450-474e225bbc4c", - "source_image": "742e0414-c985-4994-b307-4aafade942b3", - "networks": ["d079fa3e-2558-4bcb-ad5a-279040c202b5"], - "floating_ip": "85.199.252.164", - "use_floating_ip": true, - "ssh_username": "fedora" - } - ], - "provisioners": [ - { - "type": "shell", - "inline": [ "sudo yum install -y ansible"] - }, - { - "type": "ansible-local", - "playbook_file": "database/image-config.yml", - "command": "sudo ansible-playbook" - }, - { - "type": "shell", - "inline": [ - "sudo yum install -y libselinux-python", - "sudo ansible localhost -m selinux -a state=disabled", - "sudo setenforce 0", - ], - "only": ["production"] - }, - { - "type": "shell", - "inline": [ "sync; sync; sleep 10; sync" ], - "only": ["production"] - } - ], - "post-processors": [ - [ - { - "type": "docker-tag", - "repository": "baserock/database", - "tag": "latest", - "only": ["development"] - } - ] - ] -} |