Add instructions for bootstrapping faasd on digitalocean

README.md

@@ -56,7 +56,9 @@ You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular
 
 Automate everything within < 60 seconds and get a public URL and IP address back. Customise as required, or adapt to your preferred cloud such as AWS EC2.
 
-* [Provision faasd 0.7.5 on DigitalOcean with Terraform 0.12.0](https://gist.github.com/alexellis/fd618bd2f957eb08c44d086ef2fc3906)
+* [Provision faasd 0.8.1 on DigitalOcean with Terraform 0.12.0](docs/bootstrap/README.md)
+
+* [Provision faasd on DigitalOcean with built-in TLS support](docs/bootstrap/digitalocean-terraform/README.md)
 
 ### A note on private repos / registries
 

docs/bootstrap/README.md

@@ -0,0 +1,20 @@
+# Bootstrap faasd on Digitalocean
+
+1) [Sign up to DigitalOcean](https://www.digitalocean.com/?refcode=2962aa9e56a1&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste)
+2) [Download Terraform](https://www.terraform.io)
+3) Clone this gist using the URL from the address bar
+4) Run `terraform init`
+5) Run `terraform apply -var="do_token=$(cat $HOME/digitalocean-access-token)"`
+6) View the output for the login command and gateway URL i.e.
+
+```
+gateway_url = http://178.128.39.201:8080/
+login_cmd = faas-cli login -g http://178.128.39.201:8080/ -p rvIU49CEcFcHmqxj
+password = rvIU49CEcFcHmqxj
+```
+
+Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine.
+
+A single host with 1GB of RAM will be deployed for you, to remove at a later date simply use `terraform destroy`.
+
+If required, you can remove the VM via `terraform destroy -var="do_token=$(cat $HOME/digitalocean-access-token)"`

docs/bootstrap/cloud-config.tpl

@@ -0,0 +1,29 @@
+#cloud-config
+ssh_authorized_keys:
+  - ${ssh_key}
+
+package_update: true
+
+packages:
+ - runc
+
+runcmd:
+- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.2/containerd-1.3.2.linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
+- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.2/containerd.service | tee /etc/systemd/system/containerd.service
+- systemctl daemon-reload && systemctl start containerd
+- /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
+- mkdir -p /opt/cni/bin
+- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
+- mkdir -p /go/src/github.com/openfaas/
+- mkdir -p /var/lib/faasd/secrets/
+- echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
+- echo admin > /var/lib/faasd/secrets/basic-auth-user
+- cd /go/src/github.com/openfaas/ && git clone https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.8.1/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
+- systemctl status -l containerd --no-pager
+- journalctl -u faasd-provider --no-pager
+- systemctl status -l faasd-provider --no-pager
+- systemctl status -l faasd --no-pager
+- curl -sSLf https://cli.openfaas.com | sh
+- sleep 5 && journalctl -u faasd --no-pager

docs/bootstrap/digitalocean-terraform/README.md

@@ -0,0 +1,37 @@
+# Bootstrap faasd with TLS support on Digitalocean
+
+1) [Sign up to DigitalOcean](https://www.digitalocean.com/?refcode=2962aa9e56a1&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste)
+2) [Download Terraform](https://www.terraform.io)
+3) Clone this gist using the URL from the address bar
+4) Run `terraform init`
+5) Configure terraform variables as needed by updating the `main.tfvars` file:
+
+   | Variable     | Description         | Default         |
+   | ------------ | ------------------- | --------------- |
+   | `do_token` | Digitalocean API token | None |
+   | `do_domain` | Public domain used for the faasd gateway | None |
+   | `letsencrypt_email` | Email used by when ordering TLS certificate from Letsencrypt | `""` |
+   | `do_create_record` | When set to `true`, a new DNS record will be created. This works only if your domain (`do_domain`) is managed by Digitalocean | `false` |
+   | `do_region` | Digitalocean region for creating the droplet | `fra1` |
+   | `ssh_key_file` | Path to public SSH key file |`~/.ssh/id_rsa.pub` |
+
+> Environment variables can also be used to set terraform variables when running the `terraform apply` command using the format `TF_VAR_name`.
+
+6) Run `terraform apply`
+   1) Add `-var-file=main.tfvars` if you have set the variables in `main.tfvars`.
+   2) OR [use environment variables](https://www.terraform.io/docs/commands/environment-variables.html#tf_var_name) for setting the terraform variables when running the `apply` command
+
+7) View the output for the login command and gateway URL i.e.
+
+```
+droplet_ip = 178.128.39.201
+gateway_url = https://faasd.example.com/
+login_cmd = faas-cli login -g https://faasd.example.com/ -p rvIU49CEcFcHmqxj
+password = rvIU49CEcFcHmqxj
+```
+8) Use your browser to access the OpenFaaS interface
+
+Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine. 
+Also take into consideration the DNS propagation time for the new DNS record.
+
+A single host with 1GB of RAM will be deployed for you, to remove at a later date simply use `terraform destroy`.

docs/bootstrap/digitalocean-terraform/cloud-config.tpl

@@ -0,0 +1,57 @@
+#cloud-config
+ssh_authorized_keys:
+  - ${ssh_key}
+
+groups:
+  - caddy
+
+users:
+  - name: caddy
+    gecos: Caddy web server
+    primary_group: caddy
+    groups: caddy
+    shell: /usr/sbin/nologin
+    homedir: /var/lib/caddy
+
+write_files:
+- content: |
+    {
+      email ${letsencrypt_email}
+    }
+
+    ${faasd_domain_name} {
+      reverse_proxy 127.0.0.1:8080
+    }
+
+  path: /etc/caddy/Caddyfile
+
+package_update: true
+
+packages:
+ - runc
+
+runcmd:
+- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.2/containerd-1.3.2.linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
+- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.2/containerd.service | tee /etc/systemd/system/containerd.service
+- systemctl daemon-reload && systemctl start containerd
+- /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
+- mkdir -p /opt/cni/bin
+- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
+- mkdir -p /go/src/github.com/openfaas/
+- mkdir -p /var/lib/faasd/secrets/
+- echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
+- echo admin > /var/lib/faasd/secrets/basic-auth-user
+- cd /go/src/github.com/openfaas/ && git clone https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.8.1/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
+- systemctl status -l containerd --no-pager
+- journalctl -u faasd-provider --no-pager
+- systemctl status -l faasd-provider --no-pager
+- systemctl status -l faasd --no-pager
+- curl -sSLf https://cli.openfaas.com | sh
+- sleep 5 && journalctl -u faasd --no-pager
+- wget https://github.com/caddyserver/caddy/releases/download/v2.0.0-rc.2/caddy_2.0.0-rc.2_linux_amd64.tar.gz -O /tmp/caddy.tar.gz && tar -zxvf /tmp/caddy.tar.gz -C /usr/bin/ caddy
+- wget https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service -O /etc/systemd/system/caddy.service
+- systemctl daemon-reload
+- systemctl enable caddy
+- systemctl start caddy

docs/bootstrap/digitalocean-terraform/main.tf

@@ -0,0 +1,82 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
+variable "do_token" {
+  description = "Digitalocean API token"
+}
+variable "do_domain" {
+  description = "Your public domain"
+}
+variable "letsencrypt_email" {
+  description = "Email used to order a certificate from Letsencrypt"
+}
+variable "do_create_record" {
+  default     = false
+  description = "Whether to create a DNS record on Digitalocean"
+}
+variable "do_region" {
+  default     = "fra1"
+  description = "The Digitalocean region where the faasd droplet will be created."
+}
+variable "ssh_key_file" {
+  default     = "~/.ssh/id_rsa.pub"
+  description = "Path to the SSH public key file"
+}
+
+provider "digitalocean" {
+  token = var.do_token
+}
+
+data "local_file" "ssh_key"{
+  filename = pathexpand(var.ssh_key_file)
+}
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_-#"
+}
+
+data "template_file" "cloud_init" {
+  template = "${file("cloud-config.tpl")}"
+    vars = {
+      gw_password=random_password.password.result,
+      ssh_key=data.local_file.ssh_key.content,
+      faasd_domain_name="faasd.${var.do_domain}"
+      letsencrypt_email=var.letsencrypt_email
+    }
+}
+
+resource "digitalocean_droplet" "faasd" {
+  region = var.do_region
+  image  = "ubuntu-18-04-x64"
+  name   = "faasd"
+  size = "s-1vcpu-1gb"
+  user_data = data.template_file.cloud_init.rendered
+}
+
+resource "digitalocean_record" "faasd" {
+  domain = var.do_domain
+  type   = "A"
+  name   = "faasd"
+  value  = digitalocean_droplet.faasd.ipv4_address
+  # Only creates record if do_create_record is true
+  count  = var.do_create_record == true ? 1 : 0
+}
+
+output "droplet_ip" {
+  value = digitalocean_droplet.faasd.ipv4_address
+}
+
+output "gateway_url" {
+  value = "https://faasd.${var.do_domain}/"
+}
+
+output "password" {
+    value = random_password.password.result
+}
+
+output "login_cmd" {
+  value = "faas-cli login -g https://faasd.${var.do_domain}/ -p ${random_password.password.result}"
+}

docs/bootstrap/digitalocean-terraform/main.tfvars

@@ -0,0 +1,3 @@
+do_token          = ""
+do_domain         = ""
+letsencrypt_email = ""

docs/bootstrap/main.tf

@@ -0,0 +1,56 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
+variable "do_token" {}
+
+variable "ssh_key_file" {
+  default     = "~/.ssh/id_rsa.pub"
+  description = "Path to the SSH public key file"
+}
+
+provider "digitalocean" {
+  token = var.do_token	
+}
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_-#"
+}
+
+data "local_file" "ssh_key"{
+  filename = pathexpand(var.ssh_key_file)
+}
+
+data "template_file" "cloud_init" {
+  template = "${file("cloud-config.tpl")}"
+    vars = {
+      gw_password=random_password.password.result,
+      ssh_key=data.local_file.ssh_key.content,
+    }
+}
+
+resource "digitalocean_droplet" "faasd" {
+
+  region = "lon1"
+  image  = "ubuntu-18-04-x64"
+  name   = "faasd"
+  # Plans: https://developers.digitalocean.com/documentation/changelog/api-v2/new-size-slugs-for-droplet-plan-changes/
+  #size   = "512mb"
+  size = "s-1vcpu-1gb"
+  user_data = data.template_file.cloud_init.rendered
+}
+
+output "password" {
+    value = random_password.password.result
+}
+
+output "gateway_url" {
+  value = "http://${digitalocean_droplet.faasd.ipv4_address}:8080/"
+}
+
+output "login_cmd" {
+  value = "faas-cli login -g http://${digitalocean_droplet.faasd.ipv4_address}:8080/ -p ${random_password.password.result}"
+}
+