-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #130 from ripienaar/0100
(misc) Release 0.10.0
- Loading branch information
Showing
5 changed files
with
212 additions
and
160 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,125 +28,25 @@ This project includes a provisioner that you can use, it will call a `helper` th | |
|
|
||
| ## Configuring Choria Server | ||
|
|
||
| Provisioning is off and cannot be enabled in the version of Choria shipped to the Open Source community, to use it you need to perform a custom build and make your own packages. Choria provides the tools to do this. | ||
| Provisioning is enabled in the Open Source server by means of a JWT token that you create during provisioning. The JWT token holds all of the information the server | ||
| needs to find it's provisioning server and will present that token also to the provisioning server for authentication. | ||
|
|
||
| The following section guides you through setting up a custom build that will produce a `acme-choria` RPM with completely custom paths etc. It will have provisioning enabled and whenever it detects `plugin.choria.server.provision` is not set to `false` will enter provisioning mode by connecting to `choria-provision.example.net:4222`. | ||
| The token is signed using a trusted private key, the provisioner will only provision nodes presenting a trusted key. | ||
|
|
||
| ### Creating a custom build specification | ||
|
|
||
| The build specification is in the `go-choria` repository in `packager/buildspec.yaml`, lets see a custom one: | ||
|
|
||
| ```yaml | ||
| flags_map: | ||
| TLS: github.com/choria-io/go-choria/build.TLS | ||
| maxBrokerClients: github.com/choria-io/go-choria/build.maxBrokerClients | ||
| Secure: github.com/choria-io/go-choria/vendor/github.com/choria-io/go-protocol/protocol.Secure | ||
| Version: github.com/choria-io/go-choria/build.Version | ||
| SHA: github.com/choria-io/go-choria/build.SHA | ||
| BuildTime: github.com/choria-io/go-choria/build.BuildDate | ||
| ProvisionBrokerURLs: github.com/choria-io/go-choria/build.ProvisionBrokerURLs | ||
| ProvisionModeDefault: github.com/choria-io/go-choria/build.ProvisionModeDefault | ||
| ProvisionAgent: github.com/choria-io/go-choria/build.ProvisionAgent | ||
| ProvisionSecure: github.com/choria-io/go-choria/build.ProvisionSecure | ||
| ProvisionRegistrationData: github.com/choria-io/go-choria/build.ProvisionRegistrationData | ||
| ProvisionFacts: github.com/choria-io/go-choria/build.ProvisionFacts | ||
| ProvisionToken: github.com/choria-io/go-choria/build.ProvisionToken | ||
| ProvisionJWTFile: github.com/choria-io/go-choria/build.ProvisionJWTFile | ||
| ProvisioningBrokerUsername: github.com/choria-io/go-choria/build.ProvisioningBrokerUsername | ||
| ProvisioningBrokerPassword: github.com/choria-io/go-choria/build.ProvisioningBrokerPassword | ||
|
|
||
| foss: | ||
| compile_targets: | ||
| defaults: | ||
| output: choria-{{version}}-{{os}}-{{arch}} | ||
| pre: | ||
| - rm additional_agent_*.go || true | ||
| - go generate | ||
| flags: | ||
| ProvisionModeDefault: "true" | ||
| ProvisionBrokerURLs: "choria-provision.example.net:4222" | ||
| ProvisionSecure: "false" | ||
| ProvisionRegistrationData: "/opt/acme/etc/node-metadata.json" | ||
| ProvisionFacts: "/opt/acme/etc/node-metadata.json" | ||
| ProvisionToken: "toomanysecrets" | ||
|
|
||
| 64bit_linux: | ||
| os: linux | ||
| arch: amd64 | ||
|
|
||
| packages: | ||
| defaults: | ||
| name: acme-choria | ||
| bindir: /opt/acme-choria/sbin | ||
| etcdir: /opt/acme-choria/etc | ||
| release: 1 | ||
| manage_conf: 1 | ||
| contact: [email protected] | ||
| rpm_group: Acme/Tools | ||
|
|
||
| el7_64: | ||
| template: el/el7 | ||
| dist: el7 | ||
| target_arch: x86_64 | ||
| binary: 64bit_linux | ||
| ``` | ||
| This is a stripped down packaging config based on the stock one, it will: | ||
| * Build only a 64bit Linux binary | ||
| * Package a el7 64bit RPM with the name `acme-choria` and custom paths | ||
| * Provisioning is on by default unless specifically disabled in the configuration | ||
| * It will use this agent by default to enable provisioning, you can supply your own see below | ||
| * It will connect to `choria-provision.example.net:4222` with TLS disabled | ||
| * It will publish regularly the file `/opt/acme/etc/node-metadata.json` to `choria.provisioning_data` on the middleware | ||
| * It will use `/opt/acme/etc/node-metadata.json` as a fact source so you can discover it or retrieve its facts using `rpcutil#inventory` action | ||
|
|
||
| In this case you will have a static broker that will be connected to, this might be too limiting for your needs - perhaps you wish to use a regional or client appropriate provisioner host instead. You can implement the `provtarget.TargetResolver` interface and then compile that into your binary by placing the following YAML in your go-choria `packager` directory: | ||
|
|
||
| ```yaml | ||
| # packager/provision_target_provider.yaml | ||
| --- | ||
| name: MyCorp Provisioning Target Provider | ||
| repo: github.com/mycorp/ec2provtarget | ||
| ```nohighlight | ||
| $ choria tool jwt provisioning.jwt key.pem --srv choria.example.net --token toomanysecrets | ||
| ``` | ||
|
|
||
| In the above repo should be a method `ec2provtarget.Provisioner()` that returns an instance of your provisioner that implements `provtarget.TargetResolver`. See the [default one](https://github.com/choria-io/go-choria/tree/master/provtarget/builddefaults) for an example. | ||
|
|
||
| You can verify the resulting build with: `acme-choria buildinfo` and it should have a line like: `Provisioning Target Resolver: MyCorp Provisioning Target Provider` | ||
|
|
||
| ### Using your own agent | ||
| Here we create a `provisioning.jwt` that will instruct Choria to look for `_choria-provisioner._tcp.choria.example.net` SRV | ||
| records to find the server to connect to. | ||
|
|
||
| You might not like the provisioning flow exposed by this agent, no problem you can supply your own. | ||
| Other options can be set for example to hard code provisioning URLs, username and passwords and more. | ||
|
|
||
| Create `packaging/user_plugins.yaml` | ||
|
|
||
| ```yaml | ||
| --- | ||
| choria_provision: github.com/acme/prov_agent | ||
| ``` | ||
|
|
||
| Arrange for this to be in the project using `glide get` and in the `buildspec.yaml` set `ProvisionAgent: "false"` in the flag section, it will now not activate this agent and instead use yours. | ||
| It also need to implement the `plugin.Pluggable` interface that the Choria plugin system needs. | ||
|
|
||
| ### Building | ||
|
|
||
| Do a `rake build` (needs docker) and after some work you'll have a rpm tailored to your own paths, name and with Provisioning enabled. | ||
|
|
||
| ``` | ||
| $ choria buildinfo | ||
| # ... | ||
| Server Settings: | ||
| Provisioning Brokers: choria-provision.example.net:4222 | ||
| Provisioning Default: true | ||
| Default Provisioning Agent: true | ||
| Provisioning TLS: false | ||
| Provisioning Registration Data: /opt/acme/etc/node-metadata.json | ||
| Provisioning Facts: /opt/acme/etc/node-metadata.json | ||
| # ... | ||
| ``` | ||
| When this file is placed in `/etc/choria/provisioning.jwt` and Choria starts without a configuration it will provision | ||
| via these settings. | ||
|
|
||
| If you just want the binary and no packages use `rake build_binaries`. | ||
| Choria also support provisioning plugins to resolve this information dynamically but this requires custom binaries and should | ||
| in general be avoided. | ||
|
|
||
| ## Provisioning nodes | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,16 @@ | ||
| module github.com/choria-io/provisioning-agent | ||
|
|
||
| go 1.14 | ||
| go 1.16 | ||
|
|
||
| require ( | ||
| github.com/choria-io/go-backplane v1.2.2-0.20210419093051-1cba8056dc51 | ||
| github.com/choria-io/go-choria v0.21.1-0.20210419092041-62e718089d95 | ||
| github.com/dgrijalva/jwt-go v3.2.1-0.20200107013213-dc14462fd587+incompatible | ||
| github.com/choria-io/go-choria v0.22.1-0.20210721091802-fc47b6926222 | ||
| github.com/ghodss/yaml v1.0.0 | ||
| github.com/nats-io/nats-server/v2 v2.2.2-0.20210408165533-36e18c20ff39 | ||
| github.com/onsi/ginkgo v1.16.1 | ||
| github.com/onsi/gomega v1.11.0 | ||
| github.com/prometheus/client_golang v1.10.0 | ||
| github.com/golang-jwt/jwt v3.2.1+incompatible | ||
| github.com/nats-io/nats-server/v2 v2.3.2 | ||
| github.com/onsi/ginkgo v1.16.4 | ||
| github.com/onsi/gomega v1.14.0 | ||
| github.com/prometheus/client_golang v1.11.0 | ||
| github.com/sirupsen/logrus v1.8.1 | ||
| gopkg.in/alecthomas/kingpin.v2 v2.2.6 | ||
| ) |
Oops, something went wrong.