diff --git a/INSTALL.md b/INSTALL.md index f88cdfe..c848be6 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -9,7 +9,7 @@ The architecture of kernelCI is split into three main components: * Frontend * Backend -For more information on the architecture please visit: http://wiki.kernelci.org/ +For more information on the architecture please visit: http://wiki.kernelci.org/ ## Prerequisites @@ -19,22 +19,48 @@ Two machines: * Git tools * Ansible >= 2.0: http://docs.ansible.com/ansible/latest/intro_installation.html * The target machine where the kernelci infrastructure (front and back end) will be deployed - * Target configuration prerequisites - * Supported OS: Debian (Jessie) + * Target configuration prerequisites + * Supported OS: Debian (Jessie and after), Centos >= 7 * ssh root access to the server * Python >= 2.7.12 +* Ansible need to have a way to be root either with direct root connect or either with user+sudo/su, you need to choose which way will be used. + * For direct root access: + * add ansible_ssh_user=root after serverhostname in hosts + * For user+sudo + * add ansible_ssh_user=user become_method=sudo after serverhostname in hosts + * More informations on http://docs.ansible.com/ansible/latest/become.html + ## Installing +### Install order +* You need to install the [backend first](http://github.com/kernelci/kernelci-backend-config/) +* Then you need to generate tokens for frontend and set them in secrets.yml +* Then install the [frontend](http://github.com/kernelci/kernelci-frontend-config/) + ### Get the source code ``` -$ git clone https://github.com/kernelci/kernelci-backend-config.git +For Deploying kernelci-backend +git clone https://github.com/kernelci/kernelci-backend-config.git ``` ### Configure Host -Edit /etc/hosts - add new line: +* You need to choose the FQDN used for calling both the frontend and backend. + These FQDN must be set in the hostname variable. (default from group_vars/all is kernelci-frontend/kernelci-backend) + Thoses name could be different from the hostname of the host. + +* then add the choosen hostname in the hosts file + * Example: ``` - +[dev] +#this machine will be managed directly via root +kernelci.mydns.com ansible_ssh_user=root +[rec] +#this machine will be managed via the user admin becoming root via "su" +kernelci.mydns.com ansible_ssh_user=admin become_method=su +[prod] +#this machine will be managed via the user admin using sudo +kernelci.mydns.com ansible_ssh_user=admin become_method=sudo ``` ### Create secrets.yml file @@ -52,22 +78,47 @@ To skip the secrets taks, just pass: The secret keys that have to be defined are: -* backend_url -* base_url -* backend_token -* secret_key -* info_email -* ssl_stapling_resolver -* google_analytics +* master_key: The password used for generating tokens before any admin token was created (See Manual tasks below). +* info_email: email address to be displayed for contact informations +* ssl_stapling_resolver: (optionnal) -The `secret_key` value should be set to a random string, it is used internally -by Flask. - Other non-secrets variable might need to be defined, please look at the `templates` directories. ### Run Ansible ``` $ cd $ ansible-playbook -i hosts site.yml -e "@../secrets.yml" -l <$TARGET_NAME> -``` \ No newline at end of file +``` + +This will deploy the kernel-ci backend code into `/srv/$hostname`, +intall all dependencies and set up an nginx host called `$hostname`. + +By default an S3-backup shell script and firewall rules via `ufw` will be +installed as well. Skip them with: + + --skip-tags=backup,firewall + +### Requirements + +Non exhaustive list of requirements is in the 'requirements.txt' file: those +need to be installed via pip. +For production, requirements.txt is sufficient. For development purpose, requirements-dev.txt +will add extra package for testing. +For the moment ansible does not handle this requirements-dev.txt. + +### Manual tasks + * You need to generate an admin token, this token will be used to generate others token (referenced as ADMINTOKEN below) +``` + curl -XPOST -H "Content-Type: application/json" -H "Authorization: SECRET_KEY" "localhost:8888/token" -d '{"email": "xxx@xxx", "username": "admin", "admin": 1}' +``` + * You need to generate a GET+POST token for the frontend. Set it in secrets.yml (it is used for /etc/linaro/kernelci-frontend.cfg:BACKEND_TOKEN=xxxx) +``` + curl -XPOST -H "Content-Type: application/json" -H "Authorization: ADMINTOKEN" "localhost:8888/token" -d '{"email": "xxx@xxx", "username": "admin", "get": 1, "post": 1}' +``` + + * If you plan to have a LAVA lab interacting with your kernelci, you need to generate a LAB token for your LAVA lab. This token will be used along with the backend FQDN for CALLBACK Jobs. +``` + curl -XPOST -H "Content-Type: application/json" -H "Authorization: ADMINTOKEN" "localhost:8888/lab" -d '{"namel": "lab-xxx", "contact": { {"name": "xxx", "surname": "xxx", "email": "xxx@xxx"} }' +``` +