8
* Access to ~canonical-losa owned charms
9
* Access to lp:bygmester
8
* Access to the spec code at lp:~canonical-is/canonical-mojo-specs/mojo-pes-capomastro/
9
* Access to Jenkins bot keys at lp:~ce-infrastructure/bygmester/ce-jenkins-bot
10
* Access to the PPA at lp:~ce-infrastructure/+archive/ubuntu/capomastro
13
* juju-core>=1.17.4-0ubuntu1
14
* juju-local>=1.17.4-0ubuntu1
16
* python-novaclient>=1:2.17.0-0ubuntu1
17
* python-swiftclient>=1:2.0.3-0ubuntu1
23
### Deploy Application
25
1. Initialize deployment space
29
2. Bootstrap juju environment (assumes Canonistack)
31
# The "local" environment is default. To switch environments do:
32
# export JUJU_ENV="canonistack"
35
NOTE: IF you are connecting to a private cloud provider like Canonistack
36
you can use ./helpers/establish_tunnel.sh to create the tunnel for you.
42
4. Post-deploy configuration (execute once all services have started)
44
./post-deploy-config.sh
46
NOTE: This will attempt to bootstrap with the ~ce-jenkins-bot user keys.
47
Type in a bad password to proceed, if asked for one. Log into the system and do the
50
* Change to the 'jenkins' user
54
* Add a public/private keypair associated with your Launchpad account to
57
* Tell bzr which Launchpad account to use
59
bzr launchpad-login ~me
61
5. Upgrade application
66
### Add floating IPs (optional)
68
If using a non-local provider you will need to associate a floating IP with
69
the "apache2/0" service unit for web access. Optionally associate a floating
70
IP with the "jenkins/0" service unit if you require web access to it as well.
72
NOTE: Eventually apache will sit in front of haproxy and this documentation
73
will be updated when that happens.
78
* Go through and address FIXME's / things that were papered over
79
* Make sure we can deploy something similar to what IS will deploy
80
* Get upgrades working the IS-way
81
* Figure out / fix the psql ssl issue when deploying locally
82
* Add support for jenkins-slaves
83
* Potentially move the jenkins slave bootstrapping tarball into
17
Install the Mojo package from its PPA (and juju-local if doing local test):
19
sudo apt-add-repository --yes ppa:mojo-maintainers/ppa && sudo apt-get update
20
sudo apt-get --yes install mojo juju-local
22
Initialize the local environment for Juju so you can deploy Capomastro:
28
It is also highly recommended to use the company VPN to run any deployment, see
29
https://wiki.canonical.com/InformationInfrastructure/IS/HowTo/CompanyOpenVPN
30
for instructions on how to set it up. You may have problems accessing IS-owned
31
resources if you do not use the VPN when running the Mojo script.
37
There are two important vars in the deployment script: MOJO_REPO and MOJO_STAGE.
39
MOJO_REPO should have the Launchpad address of the repository containing the spec
40
of Capomastro. It can be a local repository, i.e. a local directory in the file
41
system, as long as all changes have been committed (not necessarily pushed though).
43
MOJO_STAGE point to the working spec directory inside the Mojo repository. You
44
may need to tweak that if you are working on a new spec which does not follow the
45
IS organization, but most likely that never needs to be changed.
47
Also, before running the deployment script, you must have both the secret of Capomastro's
48
PPA and the SSH key pair used by the Jenkins bot to fetch and build images.
50
The script expects the Capomastro PPA to be configured through a charm option
51
and it is copied over the rest of the Mojo files automatically. Just put the
52
option formatted as YAML in /tmp/secrets, like this:
58
repository: "<private PPA credentials here>"
60
As for the Jenkins bot configuration, simply create a directory /tmp/keys
61
and add both SSH key and its .pub inside it. The script will use them for some
62
post desployment steps, otherwise Jenkins won't be able to fetch and build
63
images correctly right after the setup of the service.
65
All this ensures no secrets or credentials are stored anywhere in the spec.
70
You may need to provide a password for sudo at the start of it:
77
1. you should avoid using this script for any serious production deployment. This
78
was meant for testing and development only, though it could be used just fine
79
on staging servers if needed. Local deployments with Juju and Mojo are supported
80
but you may encounter unknown problems, so beware. Ideally you should always
81
deploy to Canonistack, but that is quite slow, that's why this script exists.
83
2. if using a non-local provider you will need to associate a floating IP with
84
the "apache2/0" service unit for web access. Optionally associate a floating
85
IP with the "jenkins/0" service unit if you require web access to it as well,
86
but keep in mind that would be insecure as all artifacts by default are visible
89
3. when using this locally, you won't be able to actually build images with
90
Capomastro right away as the default policy for LXC units is not to allow
91
nesting. You'll need to stop the Jenkins unit, update its policy to allow that,
92
restart the unit and then try again. These are the config options you'll need:
94
lxc.aa_profile = lxc-container-default-with-nesting
95
lxc.mount.auto = cgroup:mixed
100
Previously, in the shellscripts used to deploy the Capomastro charm manually,
101
these were the equivalent to the new Mojo spec commands we are using:
103
init.sh -> collect script
104
deploy.sh -> the manifest file at the root of the spec
105
bootstrap.sh -> manually done only when needed now
106
post-deploy-config.sh -> also part of the manifest file
107
upgrade-charm.sh -> collect-upgrade script
108
config/ directory -> services file