Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

Home

Jump to bottom
Rob Norris edited this page Jul 26, 2018 · 24 revisions

Note: Once the environment is set up and working I will turn this into an .md doc. For now it's easier to edit and keep notes here.

Gem Environment and Services

There are three VMs, all running Docker which hosts all services other than Jenkins. ISG set up the machines and docker for us.

sbfocsdev-lv1

This is the development machine. It hosts the following:

  • Jenkins is for building and deploying Gem. Ask Rob for login information.
  • To support Jenkins we also installed JDK 8, git, and sbt-extras.
  • The jenkins user was created by the installer but needed be added to the docker group. This user was also added by ISG on the other machines with the same group, and keys so jenkins can ssh between machines transparently.

The other services are hosted in Docker:

  • You can use Portainer to manage and monitor this machine. Ask Rob for login information. On this and all other machines it was launched as follows:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
  • Docker Registry is a service that stores the docker images we create. It has no web UI. I launched it from ~rnorris as follows:
docker run -d \
  --restart=always \
  --name registry \
  -v `pwd`/certs:/certs \
  -v /gemstorage/sbfocsdev-lv1-docker-registry-storage:/var/lib/registry \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/sbfocsdev-lv1.cer \
  -e REGISTRY_HTTP_TLS_KEY=/certs/sbfocsdev-lv1.key \
  -p 443:443 \
  registry:2

My certs/ directory contains the all-certs/ certificates with the intermediate .pem file prepended to each host's cert. Not that this matters since the certs provided don't work for local Mac docker installs and I don't know how to fix it, but there you go. So for now if you wish to push to this repository you must add sbfocsdev-lv1.cl.gemini.edu to your list of insecure registries as described here. Furthermore if you're on the mac. you will need to add 172.16.5.58 as the first nameserver on the docker VM as described here (note that you have to do this every time you restart Docker or your computer sleeps, evidently). The certs do seem to work between the sbcocs*-lv1 machines, which is what matters.

sbfocstest-lv1

This is the test machine. It will host the latest build of Gem, populated with the latest backup data from production. This will be managed automatically by Jenkins.

  • You can use Portainer to manage and monitor this machine.

sbfocsprod-lv1

This is the production machine. It will host a promoted build of Gem, populated with data from the prior production version.

  • You can use Portainer to manage and monitor this machine.
Clone this wiki locally