Create shared dock ami #611
Conversation
…t require variables tied to environment
|
Requires running command in following way: |
|
Requires running |
| @@ -0,0 +1,10 @@ | |||
| --- | |||
| - hosts: cream | |||
There was a problem hiding this comment.
The problem is that the whole reason we're doing this is to have access to variables tied to an environment, but I don't know how to run this on localhost while getting the variables for another environment...
There was a problem hiding this comment.
add localhost to [grizzly:children] in hosts file
| @@ -0,0 +1,39 @@ | |||
| --- | |||
| - name: create new config file for krain | |||
There was a problem hiding this comment.
Not right now, no. Seems like it should though. Do we want to move it there? Would need some guidance on how to do this.
There was a problem hiding this comment.
Actually, we can't do that because we start the services (krain and charon) before running dock-init.
There was a problem hiding this comment.
where did you get these files from? why not just use/update the regular roles to install this? scared of something new
| - app_name: "krain" | ||
|
|
||
| - name: encode krain config to base64 | ||
| shell: cat ~/{{ app_name }}.conf | base64 -w 0 |
There was a problem hiding this comment.
are you encoding this for a reason?
There was a problem hiding this comment.
So that we don't have to deal with weird formatting/spacing issues, since we're just adding this to a file to echo it into a file.
There was a problem hiding this comment.
why are we echoing instead of copying it directly to host? does not look like you are transforming this file at all
echo {{ krain_base64['stdout'] }} | base64 --decode >> /etc/init/krain.conf
no transform just a decode?
| # Set ENV files | ||
| export CONSUL_PORT={{ consul_api_port }} | ||
| export CONSUL_HOSTNAME={{ ansible_default_ipv4.address }} | ||
| export VAULT_PORT=65240 |
| echo {{ charon_base64['stdout'] }} | base64 --decode >> /etc/init/charon.conf | ||
| # Start services | ||
| start amazon-ssm-agent |
There was a problem hiding this comment.
not needed for dock (only for hot pool)
| @@ -0,0 +1,10 @@ | |||
| --- | |||
| - hosts: cream | |||
There was a problem hiding this comment.
add localhost to [grizzly:children] in hosts file
| insertafter: EOF | ||
| block: | | ||
| {{ registry_address }} registry.runnable.com | ||
| command: docker login -u {{ docker_hub_username }} -p {{ docker_hub_password }} |
| @@ -0,0 +1,39 @@ | |||
| --- | |||
| - name: create new config file for krain | |||
There was a problem hiding this comment.
where did you get these files from? why not just use/update the regular roles to install this? scared of something new
| - app_name: "krain" | ||
|
|
||
| - name: encode krain config to base64 | ||
| shell: cat ~/{{ app_name }}.conf | base64 -w 0 |
There was a problem hiding this comment.
why are we echoing instead of copying it directly to host? does not look like you are transforming this file at all
echo {{ krain_base64['stdout'] }} | base64 --decode >> /etc/init/krain.conf
no transform just a decode?
| command: sudo docker build --no-cache --tag="registry.runnable.com/{{ image_builder_docker_namespace }}:{{ git_branch }}" /opt/runnable/image-builder | ||
| command: sudo docker build --no-cache --tag="{{ image_builder_docker_namespace }}:{{ git_branch }}" /opt/runnable/image-builder | ||
|
|
||
| - name: push image-builder |
There was a problem hiding this comment.
delete we no longer need to do this
There was a problem hiding this comment.
FYI, this requires a change in docker-listener for whitelisted image inspect list.
…ripts into create-shared-dock-ami * 'create-shared-dock-ami' of github.com:CodeNow/devops-scripts: Remove psad from dock (#613) Added s3 log bucket to ansible
…e-shared-dock-ami * 'master' of github.com:CodeNow/devops-scripts: Add aws host for API Moved cmd order Updated url Added clio port. Revert "Revert "Added clio http url env var"" Revert "Added clio http url env var" Added clio http url env var Remove mongo certs to run pheidi Added deploy song Added new DB users in gamma/delta Updated to point clio to the same DB as everyone else :( Removed quotes Fixed host Added mongo hosts. Point to api's db Removed extra host Removed dep on mongo-clio Downgraded to node 4 Add mongo-clio and clio to services.
thejsj
force-pushed
the
create-shared-dock-ami
branch
from
e6f671f to
15fee45
Compare
thejsj
force-pushed
the
create-shared-dock-ami
branch
from
ce64411 to
cbd2587
Compare
| -e DATADOG_HOST={{ datadog_host_address }} | ||
| -e DATADOG_PORT={{ datadog_port }} | ||
| -e DOCKER_CERT_PATH=/etc/ssl/docker | ||
| -e IMAGE_INSPECT_LIST=localhost,registry.runnable.com,runnable |
There was a problem hiding this comment.
this might be bad, we will now inspect all hemindal containers, can you make this runnable/image-builder? and test it works? also you can remove registry.runnable.com
| @@ -0,0 +1,41 @@ | |||
| #!upstart | |||
| description "{{ app_name }}" | |||
| author "Anandkumar Patel" | |||
There was a problem hiding this comment.
you made this, I am not taking the blame for its bugs
| msg: "application Installed: {{ app_name }}, branch : {{ git_branch }} " | ||
|
|
||
| - name: create repository dir | ||
| become: true |
There was a problem hiding this comment.
worst. we were trying to remove all the places we do this.... but if you have to that is fine
There was a problem hiding this comment.
I forget why I had to this... but I feel there was a reason for it.
There was a problem hiding this comment.
yea, because the /opts dir was made with sudo. its ok
| @@ -1,6 +1,7 @@ | |||
| --- | |||
| - name: ensure registry.runnable in /etc/hosts | |||
There was a problem hiding this comment.
wait why do you still have this? we can remove this now right
|
Missing before merge:
|
…e-shared-dock-ami * 'master' of github.com:CodeNow/devops-scripts: Sorted Updated vars for deploy
| become: true | ||
| command: docker pull {{ item }} | ||
| with_items: | ||
| - "registry.runnable.com/runnable/image-builder:v4.3.0" |
There was a problem hiding this comment.
@anandkumarpatel and I talked about this. We DO want to bake this image into the AMI in order to make first builds fast, but we have to push image-builder into docker hub as a public image.
image-builder twice Had a problem with starting up Docker and having it use the config with the keys vs it not using it, so change the order for this in order for the first part to use insecure docker for pulling images and then switch to docker with certs + keys.
2 participants
What this PR does
registrly.runnable.comfor image-builderBugs/Things that need to be fixed
How to create environment agnostic AMI
base.ymlwith these flags.Run through mounting docker as you normally would. Because docker needs to be setup for the next step, you need to go into
/etc/default/dockerand remove TLS from it. In the future this should be done automatically.Run
dock.ymlwith following arguments:Tests
/var/log/cloud-init-output.loguser-script-dock-init.logdocker pscurl localhost:3100 -vand files show up/var/log/cloud-init-output.loguser-script-dock-init.logdocker pscurl localhost:3100 -vand files show upDeployment (post-merge)
TODO for the future
runnable/image-builderandregistry.runnable.com/runnable/image-buidler/dockervolume to script in order for everything to live in this scriptbase.ymltodock.ymlin order to be able to build dock with one command