Merge pull request #62 from infracloudio/deploy_stack

Deploy tinkerbell stack in a single step

Dockerfile

@@ -7,6 +7,6 @@ EXPOSE 42114
 RUN apk add --update ca-certificates && \
     apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl
 
-COPY deploy/migrate /migrate
-COPY deploy/docker-entrypoint-initdb.d/tinkerbell-init.sql /init.sql
+COPY deploy/db/migrate /migrate
+COPY deploy/db/docker-entrypoint-initdb.d/tinkerbell-init.sql /init.sql
 COPY tink-server /bin/

docker-compose.yml → deploy/docker-compose.yml

@@ -7,6 +7,7 @@ services:
 
   tink-server:
     image: quay.io/tinkerbell/tink:latest
+    restart: unless-stopped
     environment:
       FACILITY: ${FACILITY:-onprem}
       PACKET_ENV: ${PACKET_ENV:-testing}
@@ -41,7 +42,8 @@ services:
 
   db:
     build:
-      context: deploy
+      context: db
+    restart: unless-stopped
     environment:
       POSTGRES_DB: tinkerbell
       POSTGRES_PASSWORD: tinkerbell
@@ -63,13 +65,10 @@ services:
 
   tink-cli:
     image: quay.io/tinkerbell/tink-cli:latest
+    restart: unless-stopped
     environment:
       TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113
       TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert
-    logging:
-      driver: fluentd
-      options:
-        tag: tink-cli
     depends_on:
       tink-server:
         condition: service_healthy
@@ -81,8 +80,9 @@ services:
     build:
       context: registry
       args:
-        REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USER
-        REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASS
+        REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USERNAME
+        REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASSWORD
+    restart: unless-stopped
     environment:
       REGISTRY_HTTP_ADDR: 0.0.0.0:443
       REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.pem
@@ -103,8 +103,9 @@ services:
 
   boots:
     image: quay.io/tinkerbell/boots:latest
+    restart: unless-stopped
     network_mode: host
-    command: -dhcp-addr 0.0.0.0:67 -tftp-addr $HOST_IP:69 -http-addr $HOST_IP:80 -log-level DEBUG
+    command: -dhcp-addr 0.0.0.0:67 -tftp-addr $TINKERBELL_HOST_IP:69 -http-addr $TINKERBELL_HOST_IP:80 -log-level DEBUG
     environment:
       API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN:-ignored}
       API_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN:-ignored}
@@ -113,21 +114,21 @@ services:
       PACKET_VERSION: ${PACKET_VERSION:-ignored}
       ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored}
       ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1}
-      MIRROR_HOST: ${NGINX_IP:-127.0.0.1}
+      MIRROR_HOST: ${TINKERBELL_NGINX_IP:-127.0.0.1}
       CACHER_GRPC_AUTHORITY: 127.0.0.1:42111
       CACHER_CERT_URL: http://127.0.0.1:42112/cert
       DNS_SERVERS: 8.8.8.8
-      PUBLIC_IP: $HOST_IP
-      BOOTP_BIND: $HOST_IP:67
-      HTTP_BIND: $HOST_IP:80
-      SYSLOG_BIND: $HOST_IP:514
-      TFTP_BIND: $HOST_IP:69
-      DOCKER_REGISTRY: $HOST_IP
-      REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USER
-      REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASS
-      TINKERBELL_GRPC_AUTHORITY: $HOST_IP:42113
-      TINKERBELL_CERT_URL: http://$HOST_IP:42114/cert
-      ELASTIC_SEARCH_URL: $HOST_IP:9200
+      PUBLIC_IP: $TINKERBELL_HOST_IP
+      BOOTP_BIND: $TINKERBELL_HOST_IP:67
+      HTTP_BIND: $TINKERBELL_HOST_IP:80
+      SYSLOG_BIND: $TINKERBELL_HOST_IP:514
+      TFTP_BIND: $TINKERBELL_HOST_IP:69
+      DOCKER_REGISTRY: $TINKERBELL_HOST_IP
+      REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USERNAME
+      REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASSWORD
+      TINKERBELL_GRPC_AUTHORITY: $TINKERBELL_HOST_IP:42113
+      TINKERBELL_CERT_URL: http://$TINKERBELL_HOST_IP:42114/cert
+      ELASTIC_SEARCH_URL: $TINKERBELL_HOST_IP:9200
     depends_on:
       fluentbit:
         condition: service_started
@@ -138,7 +139,7 @@ services:
         options:
           tag: boots
     ports:
-      - $HOST_IP:80:80/tcp
+      - $TINKERBELL_HOST_IP:80:80/tcp
       - 67:67/udp
       - 69:69/udp
 
@@ -147,16 +148,17 @@ services:
     restart: unless-stopped
     tty: true
     ports:
-      - $NGINX_IP:80:80/tcp
+      - $TINKERBELL_NGINX_IP:80:80/tcp
     volumes:
-      - /packet/nginx/:/usr/share/nginx/html/
+      - /var/tinkerbell/nginx/:/usr/share/nginx/html/
     logging:
       driver: fluentd
       options:
         tag: nginx
 
   elasticsearch:
     image: elasticsearch:7.3.0
+    restart: unless-stopped
     ports:
       - 9200:9200
       - 9300:9300
@@ -168,14 +170,15 @@ services:
     image: kibana:7.3.0
     depends_on:
       - elasticsearch
-    restart: always
+    restart: unless-stopped
     environment:
       ELASTICSEARCH_HOSTS: http://elasticsearch:9200
     ports:
       - 5601:5601
 
   fluentbit:
     image: fluent/fluent-bit:1.3
+    restart: unless-stopped
     ports:
       - 24224:24224
       - 24224:24224/udp
@@ -186,6 +189,7 @@ services:
 
   cacher:
     image: quay.io/packet/cacher:workflow
+    restart: unless-stopped
     environment:
       FACILITY: ${FACILITY:-onprem}
       PACKET_API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN}
@@ -217,6 +221,7 @@ services:
 
   hegel:
     image: quay.io/tinkerbell/hegel:latest
+    restart: unless-stopped
     network_mode: host
     environment:
       ROLLBAR_TOKEN: ${ROLLBAR_TOKEN-ignored}

fluent-bit.conf → deploy/fluent-bit.conf

@@ -47,14 +47,6 @@
     Index boots
     Type  boots
 
-[OUTPUT]
-    Name es
-    Match tinkerbell-cli
-    Host elasticsearch
-    Port 9200
-    Index tinkerbell-cli
-    Type  tinkerbell-cli
-
 [OUTPUT]
     Name es
     Match nginx
@@ -65,8 +57,8 @@
 
 [OUTPUT]
     Name es
-    Match tinkerbell-server
+    Match tink-server
     Host elasticsearch
     Port 9200
-    Index tinkerbell-server
-    Type  tinkerbell-server
+    Index tink-server
+    Type  tink-server

deploy/registry/Dockerfile

@@ -0,0 +1,6 @@
+FROM registry:2
+ARG REGISTRY_USERNAME
+ARG REGISTRY_PASSWORD
+RUN mkdir -p /certs /auth
+RUN htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > /auth/htpasswd
+EXPOSE 443

docs/setup.md

@@ -1,43 +1,79 @@
-# Setup the Provisioner machine with docker-compose.yml file
-
-## Install git and git lfs as follows
-
-1. ### Setup git and git lfs
-    ```shell
-    $ sudo apt install -y git  
-    $ wget https://github.com/git-lfs/git-lfs/releases/download/v2.9.0/git-lfs-linux-amd64-v2.9.0.tar.gz  
-    $ tar -C /usr/local/bin -xzf git-lfs-linux-amd64-v2.9.0.tar.gz  
-    $ rm git-lfs-linux-amd64-v2.9.0.tar.gz  
-    $ git lfs install  
-
-2. ### Setup go
-    ```shell
-    $ wget https://dl.google.com/go/go1.13.9.linux-amd64.tar.gz
-    $ tar -C /usr/local -xzf go1.13.9.linux-amd64.tar.gz go/
-    $ rm go1.12.13.linux-amd64.tar.gz
-
-3. ### Set GOPATH
-    ```shell
-    $ echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
-    $ echo 'export GOPATH=$GOPATH:$HOME/go' >> ~/.bashrc
-    $ echo 'export PATH=$PATH:$GOPATH' >> ~/.bashrc
-    $ source ~/.bashrc
-
-4. ### Install docker and docker-compose as follows:
-   ```shell
-    $ curl -L get.docker.com | bash
-    $ curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-    $ chmod +x /usr/local/bin/docker-compose
-
-5. ### Clone the tink repo in the $GOPATH
-    ```shell
-    $ mkdir -p ~/go/src/github.com/tinkerbell
-    $ cd ~/go/src/github.com/tinkerbell
-    $ git clone https://github.com/tinkerbell/tink.git
-    $ cd tink
-
-6. ### Provide the input details in "inputenv" file
-
-7. ### Run the following command
-    ```
-    $ sudo ./setup_with_docker_compose.sh
+# Setup the Provisioner
+
+### Prerequisites
+ - The setup must be executed as a privileged or root user. 
+ - The setup downloads about 1.5GB of assets, therefore, it is advised to have a minimum of 10GB disk space available before you begin. 
+
+### Interactive Mode
+Execute the following commands to bring up the Tinkerbell stack with an interactive setup:
+```shell
+$ wget https://raw.githubusercontent.com/tinkerbell/tink/master/setup.sh && chmod +x setup.sh
+$ ./setup.sh
+```
+
+### Declarative Mode
+You can also execute the setup in declarative mode. In order to do so, define the following environment variables (examples here):
+```shell
+export TB_INTERFACE=network-interface         # enp1s0f1
+export TB_NETWORK=network-with-cidr           # 192.168.1.0/29
+export TB_IPADDR=provisioner-ip-address       # 192.168.1.1
+export TB_REGUSER=registry-username           # admin
+```
+
+Now, you can execute the setup with the following command:
+```shell
+$ curl https://raw.githubusercontent.com/tinkerbell/tink/master/setup.sh | bash
+```
+
+### Good to know
+ - All the environment variables are kept in the `envrc` file, which is generated from the setup itself.  
+ - It is advised that you keep all the environment variables in the same file. 
+ - It is important to note that if you execute the setup the again, a new `envrc` will be generated. However, the existing environment configuration be saved as `envrc.bak`.
+ - The setup removes all the `.tar.gz` files downloaded in process.
+
+ # Setup the Provisioner
+
+### Prerequisites
+ - The setup must be executed as a privileged or root user. 
+ - The setup downloads about 1.5GB of assets, therefore, it is advised to have a minimum of 10GB disk space available before you begin. 
+
+### Interactive Mode
+Execute the following commands to bring up the Tinkerbell stack with an interactive setup:
+```shell
+$ wget https://raw.githubusercontent.com/tinkerbell/tink/master/setup.sh && chmod +x setup.sh
+$ ./setup.sh
+```
+
+### Declarative Mode
+You can also execute the setup in declarative mode. In order to do so, define the following environment variables (examples here):
+```shell
+export TB_INTERFACE=network-interface         # enp1s0f1
+export TB_NETWORK=network-with-cidr           # 192.168.1.0/29
+export TB_IPADDR=provisioner-ip-address       # 192.168.1.1
+export TB_REGUSER=registry-username           # admin
+```
+
+Now, you can execute the setup with the following command:
+```shell
+$ curl https://raw.githubusercontent.com/tinkerbell/tink/master/setup.sh | bash
+```
+
+### Good to know
+ - All the environment variables are kept in the `envrc` file, which is generated from the setup itself.  
+ - It is advised that you keep all the environment variables in the same file. 
+ - It is important to note that if you execute the setup the again, a new `envrc` will be generated. However, the existing environment configuration be saved as `envrc.bak`.
+ - The setup removes all the `.tar.gz` files downloaded in process.
+
+### For Packet Environment
+
+The script was tested with:
+ - Server class: `c3.small.x86` 
+ - Operating System: Ubuntu 18.04 and CentOS 7
+ - Region: Amsterdam, NL (AMS1)
+ - ENV variables:
+ ```shell
+  export TB_INTERFACE=enp1s0f1
+  export TB_NETWORK=192.168.1.0/29
+  export TB_IPADDR=192.168.1.1
+  export TB_REGUSER=admin
+ ``` 

envrc

@@ -0,0 +1,28 @@
+# Network interface for Tinkerbell 
+export TINKERBELL_NETWORK_INTERFACE=enp5s0f1
+
+# Subnet (IP block) used by Tinkerbell ecosystem 
+export TINKERBELL_NETWORK=192.168.1.0/29
+
+# Host IP is used by provisioner to expose different services such as tink, boots, etc. 
+export TINKERBELL_HOST_IP=192.168.1.1
+
+# NGINX IP is used by provisioner to serve files required for iPXE boot 
+export TINKERBELL_NGINX_IP=192.168.1.2
+
+# Netmask for Tinkerbell network 
+export TINKERBELL_NETMASK=255.255.255.248
+
+# Broadcast IP for Tinkerbell network 
+export TINKERBELL_BROADCAST_IP=192.168.1.7
+
+# We host a private Docker registry on provisioner which is used by different workers
+# Registry username 
+export TINKERBELL_REGISTRY_USERNAME=admin
+
+# Registry password 
+export TINKERBELL_REGISTRY_PASSWORD=admin
+
+export FACILITY=onprem
+export ROLLBAR_TOKEN=ignored
+export ROLLBAR_DISABLE=1