Skip to content

d3alek/magare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits

design-documents

design-documents

 
 

group_vars/all

group_vars/all

 
 

roles

roles

 
 

templates

templates

 
 

validators

validators

 
 

webapps

webapps

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

collectd_couchdb.conf.j2

collectd_couchdb.conf.j2

 
 

configure_collectd_write_http.sh.j2

configure_collectd_write_http.sh.j2

 
 

couchdb.service.j2

couchdb.service.j2

 
 

couchdb.yaml

couchdb.yaml

 
 

id_rsa_magare.pub

id_rsa_magare.pub

 
 

magare-network.yaml

magare-network.yaml

 
 

magareta.yaml

magareta.yaml

 
 

monit_config.j2

monit_config.j2

 
 

sshd_config.j2

sshd_config.j2

 
 

vpns.yaml

vpns.yaml

 
 

Repository files navigation

First steps on new Lime2 eMMC

Do in parallel the two sets of steps - first one deals with software and the second one with networking:

  • Download appropriate Armbian version
  • Flash to SD card using Etcher
  • Put SD card in device, connect to internet and power
  • Wait a bit, find device assigned IP (for example with arp-scan), connect with ssh and root:1234
  • set a root password following prompts and remember it. Don't make account (ctrl+c when it asks)
  • sudo armian-config > System > Install to eMMC > ext4 filesystem > wait 15 minutes... > accept power off > take SD card off > turn on
  • sudo armiban-config > Personal > timezone to Sofia and hostame to magare#
  • Make a magare#.otselo.eu entry in production
  • Make an A DNS record for the new magare (magare#.otselo.eu)
  • Add a crontab rule for root: curl -4 "https://magare#.otselo.eu:pass@dyn.dns.he.net/nic/update?hostname=magare#.otselo.eu", where pass is taken from DNS console
  • Add a new entry to couchdb-cluster.yaml
  • Configure tunneling (through router for example), make sure host is reachable on magare#.otselo.eu, ideally Demilitarized Host (all traffic forwarded to it), otherwise ports 22, 80, 443, 4369, 6984, 9100-9200
  • ansible-playbook magareta.yaml -l "magare#.otselo.eu" --ask-vault-pass --ask-pass

Manual Setup

Make sure user onmagareta has passwordless sudo access:

echo " ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/

Launch CouchDB install playbook

ansible-playbook couchdb.yaml -e @couchdb_variables.yaml --ask-vault-pass

Where couchdb_variables.yaml is a YAML file in the current directory with admin_user, admin_password and cookie (ideally admin_password and cookie are encrypted with Ansible)

Add version control to a bucket

Intially do:

cd design-documents ./update-version-control.sh "" $BUCKET user_colon_password.txt update.js validate.js

Then to update the design documents, specify a revision as the first argument instead of ""

Ansible Galaxy requirements

ansible-galaxy install ipr-cnrs.nftables ansible-galaxy install geerlingguy.certbot

Trully distributed

Each magare runs HAProxy on ports [80,443] and CouchDB on a random port. Each magare's HAProxy is configured to distribute traffic directly to the CouchDBs. That way if one magare fails, another can take over magare.otselo.eu (TODO).

Couchapps

About

Carry tons of information using CouchDB and Olimex Lime2

Topics

couchdb olimex lime2 magare

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages