Update Deployment Documentation (#1699)

* Documentation update * Add save and restore of .env file to save and restore scripts for combine_deploy * Fix setup_target.py for calling with sudo * Create GitHub Action to build and push combine_deploy image
sillsdev · Jul 27, 2022 · 5e5d7cc · 5e5d7cc
1 parent 92a17f1
commit 5e5d7cc
Show file tree

Hide file tree

Showing 12 changed files with 437 additions and 265 deletions.
diff --git a/.github/workflows/combine_deploy_image.yml b/.github/workflows/combine_deploy_image.yml
@@ -0,0 +1,34 @@
+name: "Update combine_deploy image"
+
+on:
+  push:
+    branches: [master]
+    paths:
+      - "deploy/**"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+      - name: Login to AWS ECR
+        uses: docker/login-action@v2
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: Build combine_deploy
+        uses: docker/build-push-action@v3
+        with:
+          context: "{{defaultContext}}:deploy"
+          push: true
+          tags: public.ecr.aws/thecombine/combine_deploy:latest
diff --git a/deploy/ansible/roles/docker_install/defaults/main.yml b/deploy/ansible/roles/docker_install/defaults/main.yml
@@ -2,6 +2,5 @@
 install_credential_helper: false
 credential_helper_version: v0.6.3
 
-# Kubernetes/minikube is validated on Docker 19.03.x
 docker_packages:
   - containerd.io
diff --git a/deploy/ansible/roles/ethernet_config/defaults/main.yaml b/deploy/ansible/roles/ethernet_config/defaults/main.yaml
diff --git a/deploy/ansible/roles/ethernet_config/handlers/main.yaml b/deploy/ansible/roles/ethernet_config/handlers/main.yaml
diff --git a/deploy/ansible/roles/ethernet_config/tasks/main.yml b/deploy/ansible/roles/ethernet_config/tasks/main.yml
diff --git a/deploy/docker_home/restore_config.sh b/deploy/docker_home/restore_config.sh
@@ -1,6 +1,6 @@
 # restore /etc/hosts entries for combine targets
 if [ -f "/config/hosts" ] ; then
-    cp /config/hosts /etc/hosts
+    cp /config/hosts /etc
 fi
 
 if [ -d "/config/.ssh" ] ; then
@@ -10,3 +10,8 @@ fi
 if [ -d "/config/.kube" ] ; then
     cp -r /config/.kube ${HOME}
 fi
+
+if [ -f "/config/.env" ] ; then
+    cp /config/.env ${HOME}
+    . ${HOME}/.env
+fi
diff --git a/deploy/docker_home/save_config.sh b/deploy/docker_home/save_config.sh
@@ -8,4 +8,7 @@ if [ -d "/config" ] ; then
     if [ -d "${HOME}/.kube" ] ; then
         cp -r ${HOME}/.kube /config
     fi
+    if [ -f "${HOME}/.env" ] ; then
+        cp ${HOME}/.env /config
+    fi
 fi
diff --git a/deploy/scripts/setup_target.py b/deploy/scripts/setup_target.py
@@ -17,8 +17,12 @@ def parse_args() -> argparse.Namespace:
     parser.add_argument("ip", help="IPv4 address for the target device.")
     parser.add_argument("name", help="Name of the target device.")
     parser.add_argument(
-        "--user", default="sillsdev", help="Username for ssh connection to the target device."
+        "--target-user",
+        "-t",
+        default="sillsdev",
+        help="Username for ssh connection to the target device.",
     )
+    parser.add_argument("--local-user", "-l", help="Local user for creating ssh keys.")
     parser.add_argument("--hosts", default="/etc/hosts", help="File for host definition.")
     return parser.parse_args()
 
@@ -72,10 +76,34 @@ def main() -> None:
     args = parse_args()
     # Add the target IP and target name to /etc/hosts (or other hosts file)
     update_hosts_file(args.ip, args.name, Path(args.hosts).resolve())
+
+    """
+    Set up the ssh key and copy it do the target.
+
+    Usually this script needs to be run with `sudo` so that the /etc/hosts file can
+    be modified.  This results in, the key getting setup for the root user instead of
+    the user that invoked the script with `sudo`.
+    The --local-user/-l option is available to generate the key for a local user instead
+    of root.  Some things to note are:
+      1. This script switches to the local user with `su` to run the two commands for setting
+         up the ssh key
+      2. The --session-command option for su needs to be used instead of -c
+         (at least for ssh-copy-id)
+      3. The command needs to be quoted.
+    """
+    if args.local_user is None:
+        cmd_prefix = ""
+        cmd_suffix = ""
+    else:
+        cmd_prefix = f'su {args.local_user} --session-command "'
+        cmd_suffix = '"'
     # Generate ssh keys
-    os.system("ssh-keygen")
+    ssh_cmd = f"{cmd_prefix}ssh-keygen{cmd_suffix}"
+    os.system(ssh_cmd)
     # Copy ssh id to target
-    os.system(f"ssh-copy-id {args.user}@{args.name}")
+    ssh_cmd = f"{cmd_prefix}ssh-copy-id {args.target_user}@{args.name}{cmd_suffix}"
+    print(ssh_cmd)
+    os.system(ssh_cmd)
 
 
 if __name__ == "__main__":

diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile with python 3.9
+# This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
 #    pip-compile dev-requirements.in
@@ -63,9 +63,7 @@ humanfriendly==10.0
 idna==3.3
     # via requests
 importlib-metadata==4.12.0
-    # via
-    #   markdown
-    #   mkdocs
+    # via mkdocs
 isort==5.10.1
     # via -r dev-requirements.in
 jinja2==3.1.2
@@ -199,9 +197,7 @@ types-requests==2.28.3
 types-urllib3==1.26.16
     # via types-requests
 typing-extensions==4.3.0
-    # via
-    #   black
-    #   mypy
+    # via mypy
 urllib3==1.26.10
     # via
     #   kubernetes