-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1214 from Zarquan/20230912-zrq-infra-notes
20230912 zrq infra notes
- Loading branch information
Showing
3 changed files
with
463 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| # | ||
| # <meta:header> | ||
| # <meta:licence> | ||
| # Copyright (c) 2023, ROE (http://www.roe.ac.uk/) | ||
| # | ||
| # This information is free software: you can redistribute it and/or modify | ||
| # it under the terms of the GNU General Public License as published by | ||
| # the Free Software Foundation, either version 3 of the License, or | ||
| # (at your option) any later version. | ||
| # | ||
| # This information is distributed in the hope that it will be useful, | ||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| # GNU General Public License for more details. | ||
| # | ||
| # You should have received a copy of the GNU General Public License | ||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| # </meta:licence> | ||
| # </meta:header> | ||
| # | ||
| #zrq-notes-time | ||
| #zrq-notes-indent | ||
| #zrq-notes-crypto | ||
| #zrq-notes-ansible | ||
| #zrq-notes-osformat | ||
| #zrq-notes-zeppelin | ||
| # | ||
| # AIMetrics: [] | ||
| # | ||
|
|
||
| Target: | ||
|
|
||
| Bring the local copy up to date. | ||
|
|
||
| Result: | ||
|
|
||
| Work in progress ... | ||
|
|
||
| # ----------------------------------------------------- | ||
| # Merge upstream changes. | ||
| #[user@desktop] | ||
|
|
||
| source "${HOME:?}/aglais.env" | ||
| pushd "${AGLAIS_CODE}" | ||
|
|
||
| git checkout master | ||
|
|
||
| git pull | ||
|
|
||
| git fetch upstream | ||
|
|
||
| git merge upstream/master | ||
|
|
||
| git status | ||
|
|
||
| git push | ||
|
|
||
| popd | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Start a new branch. | ||
| #[user@desktop] | ||
|
|
||
| branchname=infra-notes | ||
|
|
||
| source "${HOME:?}/aglais.env" | ||
| pushd "${AGLAIS_CODE}" | ||
|
|
||
| newbranch=$(date '+%Y%m%d')-zrq-${branchname:?} | ||
|
|
||
| git checkout master | ||
|
|
||
| git checkout -b "${newbranch:?}" | ||
|
|
||
| git push --set-upstream 'origin' "$(git branch --show-current)" | ||
|
|
||
| popd | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Add the new notes. | ||
| #[user@desktop] | ||
|
|
||
| source "${HOME:?}/aglais.env" | ||
| pushd "${AGLAIS_CODE}" | ||
|
|
||
| gedit notes/zrq/20230912-01-git-catchup.txt & | ||
|
|
||
| .... | ||
| .... | ||
|
|
||
| gedit notes/zrq/20230912-02-infra-notes.txt | ||
|
|
||
| .... | ||
| .... | ||
|
|
||
| gedit notes/zrq/20230912-03-backups.txt | ||
|
|
||
| .... | ||
| .... | ||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,248 @@ | ||
| # | ||
| # <meta:header> | ||
| # <meta:licence> | ||
| # Copyright (c) 2023, ROE (http://www.roe.ac.uk/) | ||
| # | ||
| # This information is free software: you can redistribute it and/or modify | ||
| # it under the terms of the GNU General Public License as published by | ||
| # the Free Software Foundation, either version 3 of the License, or | ||
| # (at your option) any later version. | ||
| # | ||
| # This information is distributed in the hope that it will be useful, | ||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| # GNU General Public License for more details. | ||
| # | ||
| # You should have received a copy of the GNU General Public License | ||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| # </meta:licence> | ||
| # </meta:header> | ||
| # | ||
| #zrq-notes-time | ||
| #zrq-notes-indent | ||
| #zrq-notes-crypto | ||
| #zrq-notes-ansible | ||
| #zrq-notes-osformat | ||
| #zrq-notes-zeppelin | ||
| # | ||
| # AIMetrics: [] | ||
| # | ||
|
|
||
| Target: | ||
|
|
||
| Notes on how the infrastructure nodes were created. | ||
|
|
||
| Result: | ||
|
|
||
| Work in progress ... | ||
|
|
||
| # ----------------------------------------------------- | ||
|
|
||
| Code to deploy the node(s) is in /deployments/infra-ops | ||
| https://github.com/wfau/gaia-dmp/tree/master/deployments/infra-ops/ansible | ||
|
|
||
| This part of the source code is a work in progress. | ||
| The original aim was to deploy 2 separate hosts, 'celatum' for secrets and 'gitstore' for a git repository. | ||
| https://github.com/wfau/gaia-dmp/blob/master/deployments/infra-ops/ansible/hosts.yml | ||
|
|
||
| Ended up only deploying 'gitstore' .. and then using it to store our secrets. | ||
| Ho hum. | ||
|
|
||
| The 'create-all' playbook creates sshkeys and network, and then creates the 'gitstore' node. | ||
| https://github.com/wfau/gaia-dmp/blob/1c12107ed41ec35f51ccf5c88e5154fa56bdab5a/deployments/infra-ops/ansible/create-all.yml#L23-L27 | ||
|
|
||
| Notes on using the Ansible scripts are here: | ||
| https://github.com/wfau/gaia-dmp/blob/master/notes/zrq/20220221-01-infraops-ansible.txt | ||
| https://github.com/wfau/gaia-dmp/blob/master/notes/zrq/20220411-01-infra-server.txt | ||
|
|
||
| Looks like we got this far and then got diverted. | ||
|
|
||
| Since then the 'gitstore' node has been assigned a DNS record of data.gaia-dmp.uk, | ||
| making it our 'data' node. | ||
|
|
||
| # ----------------------------------------------------- | ||
| #[user@desktop] | ||
|
|
||
| host data.gaia-dmp.uk | ||
|
|
||
| > data.gaia-dmp.uk is an alias for iris-gaia-data.duckdns.org. | ||
| > iris-gaia-data.duckdns.org has address 128.232.222.153 | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Our 'gitstore' node stores our project secrets. | ||
| # These can be acessed from any location via ssh. | ||
| #[user@gitstore] | ||
|
|
||
| cat /home/fedora/secrets | ||
|
|
||
| > secrets: | ||
| > | ||
| > example: | ||
| > fish: "Silver Fish" | ||
| > bird: "Yellow Bird" | ||
| > | ||
| > devops: | ||
| > | ||
| > duckdns: | ||
| > token: "...." | ||
| > | ||
| > stfc: | ||
| > echo: | ||
| > endpoint: "s3.echo.stfc.ac.uk" | ||
| > template: "s3.echo.stfc.ac.uk/%(bucket)" | ||
| > zip_secret: "...." | ||
| > access_key: "...." | ||
| > secret_key: "...." | ||
|
|
||
|
|
||
| cat /home/fedora/bin/getsecret | ||
|
|
||
| > #!/bin/sh | ||
| > key=${1:?'key required'} | ||
| > | ||
| > yq " | ||
| > .secrets.${key} // \"\" | ||
| > " "${HOME}/secrets" | ||
|
|
||
|
|
||
| getsecret 'example.bird' | ||
|
|
||
| > Yellow Bird | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Our 'gitstore' node stores our password hashes. | ||
| # These are loaded into the Zeppelin Shiro database on each deployment. | ||
| # These are the only part of the user passwords that we keep. | ||
| # ** If a user's passhash is blank, the deploy scripts will generate a new password for them. ** | ||
| #[user@gitstore] | ||
|
|
||
| cat /home/fedora/passhashes | ||
|
|
||
| > users: | ||
| > passhash: | ||
| > "DCrake": "........" | ||
| > "NHambly": "........" | ||
| > "SVoutsinas": "........" | ||
| > "DMorris": "........" | ||
| > .... | ||
| > .... | ||
|
|
||
|
|
||
| cat /home/fedora/bin/getpasshash | ||
|
|
||
| > #!/bin/sh | ||
| > key=${1:?} | ||
| > yq ' | ||
| > .users.passhash.'${key}' // "" | ||
| > ' '/home/fedora/passhashes' | ||
|
|
||
|
|
||
| getpasshash 'DMorris' | ||
|
|
||
| > "........" | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Our 'gitstore' node stores our SSL certificates. | ||
| #[user@gitstore] | ||
|
|
||
| ls -al /home/fedora/certs | ||
|
|
||
| > .... | ||
| > .... | ||
| > drwxrwxr-x. 2 fedora fedora 4096 Mar 15 19:00 20230123 | ||
| > drwxrwxr-x. 2 fedora fedora 4096 Jun 14 10:42 20230314 | ||
| > drwxrwxr-x. 2 fedora fedora 4096 Sep 11 13:54 20230614 | ||
| > drwxrwxr-x. 2 fedora fedora 4096 Sep 12 10:43 20230905 | ||
| > drwxrwxr-x. 2 fedora fedora 4096 Sep 12 12:13 20230912 | ||
| > -rw-r--r--. 1 fedora fedora 63293 Sep 12 12:13 certs.tar.gz | ||
| > lrwxrwxrwx. 1 fedora fedora 27 Sep 12 10:44 latest -> /home/fedora/certs/20230912 | ||
|
|
||
|
|
||
| ls -al /home/fedora/certs/20230123 | ||
|
|
||
| > -rw-r--r--. 1 fedora fedora 22782 Mar 15 19:00 certs.tar.gz | ||
|
|
||
|
|
||
| ls -al /home/fedora/certs/20230314 | ||
|
|
||
| > lrwxrwxrwx. 1 fedora fedora 9 Jun 14 10:42 20230614 -> 20230614/ | ||
| > -rw-rw-r--. 1 fedora fedora 55319 Mar 15 19:14 certs.tar.gz | ||
|
|
||
|
|
||
| ls -al /home/fedora/certs/20230614 | ||
|
|
||
| > lrwxrwxrwx. 1 fedora fedora 18 Sep 5 15:09 certs -> /home/fedora/certs | ||
| > -rw-rw-r--. 1 fedora fedora 55926 Jun 14 10:41 certs.tar.gz | ||
|
|
||
|
|
||
| ls -al /home/fedora/certs/20230905 | ||
|
|
||
| > lrwxrwxrwx. 1 fedora fedora 8 Sep 12 10:43 20230912 -> 20230912 | ||
| > -rw-r--r--. 1 fedora fedora 37522 Sep 11 13:57 certs.tar.gz | ||
|
|
||
|
|
||
| ls -al /home/fedora/certs/20230912 | ||
|
|
||
| > -rw-r--r--. 1 fedora fedora 63293 Sep 12 12:13 certs.tar.gz | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Our 'gitstore' node stores a backup of our users' notebooks. | ||
| #[user@gitstore] | ||
|
|
||
| ls -al /var/local/backups/notebooks/ | ||
|
|
||
| > drwxrwxr-x. 3 fedora fedora 4096 Nov 2 2022 20221102-050416-live.gaia-dmp.uk-notebooks | ||
| > drwxrwxr-x. 3 fedora fedora 4096 Dec 4 2022 20221204-141216-live.gaia-dmp.uk-notebooks | ||
| > .... | ||
| > .... | ||
| > drwxrwxr-x. 3 fedora fedora 4096 Sep 12 15:50 20230912-155030-live.gaia-dmp.uk-notebooks | ||
| > lrwxrwxrwx. 1 fedora fedora 42 Sep 12 15:50 latest -> 20230912-155030-live.gaia-dmp.uk-notebooks | ||
|
|
||
|
|
||
| du -h -d 1 /var/local/backups/notebooks/ | ||
|
|
||
| > 103M /var/local/backups/notebooks/20221102-050416-live.gaia-dmp.uk-notebooks | ||
| > 110M /var/local/backups/notebooks/20221204-141216-live.gaia-dmp.uk-notebooks | ||
| > .... | ||
| > .... | ||
| > 188M /var/local/backups/notebooks/20230912-155030-live.gaia-dmp.uk-notebooks | ||
| > 3.1G /var/local/backups/notebooks/ | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Our 'gitstore' node has an old backup of some users' home directories. | ||
| # ** These are no longer used and the data is out of date ** | ||
| #[user@gitstore] | ||
|
|
||
| ls -al /var/local/backups/homedirs/ | ||
|
|
||
| > drwxr-xr-x. 12 fedora fedora 4096 Jul 4 2022 20220711-120030-green-homedirs | ||
| > drwxr-xr-x. 9 fedora fedora 4096 Jul 8 2022 20220711-120215-blue-homedirs | ||
| > .... | ||
| > .... | ||
| > drwxr-xr-x. 9 fedora fedora 4096 Jul 8 2022 20220727-103930-blue-homedirs | ||
| > lrwxrwxrwx. 1 fedora fedora 29 Jul 27 2022 latest -> 20220727-103930-blue-homedirs | ||
|
|
||
|
|
||
| # ----------------------------------------------------- | ||
| # Our 'gitstore' node has an old backup of some logs. | ||
| # ** These are no longer used and the data is out of date ** | ||
| #[user@gitstore] | ||
|
|
||
| ls -al /var/local/backups/logs/2023/20230720/iris-gaia-blue/logs/ | ||
|
|
||
| > -r--r--r--. 1 fedora fedora 3719 Jul 20 11:45 zeppelin-fedora-iris-gaia-blue-20230619-zeppelin.log | ||
| > -r--r--r--. 1 fedora fedora 262513 Jul 20 11:45 zeppelin-fedora-iris-gaia-blue-20230619-zeppelin.log.2023-06-19 | ||
| > -r--r--r--. 1 fedora fedora 489883 Jul 20 11:45 zeppelin-fedora-iris-gaia-blue-20230619-zeppelin.log.2023-06-20 | ||
| > .... | ||
| > .... | ||
| > -r--r--r--. 1 fedora fedora 491881 Jul 20 11:45 zeppelin-fedora-iris-gaia-blue-20230619-zeppelin.log.2023-07-18 | ||
| > -r--r--r--. 1 fedora fedora 141689 Jul 20 11:45 zeppelin-fedora-iris-gaia-blue-20230619-zeppelin.log.2023-07-19 | ||
| > -r--r--r--. 1 fedora fedora 6231 Jul 20 11:45 zeppelin-fedora-iris-gaia-blue-20230619-zeppelin.out | ||
| > -r--r--r--. 1 fedora fedora 177 Jul 20 11:45 zeppelin-interpreter-md-Evison-Evison-fedora-iris-gaia-blue-20230619-zeppelin.log | ||
| > -r--r--r--. 1 fedora fedora 76781315 Jul 20 11:45 zeppelin-interpreter-spark-Evison-Evison-fedora-iris-gaia-blue-20230619-zeppelin.log | ||
|
|
Oops, something went wrong.