diff --git a/README.md b/README.md index 494eb5b782bba0c865a74d6a838bffe59549f31f..9f63cd85d92fa62897f4c52ff904eeac393bc766 100644 --- a/README.md +++ b/README.md @@ -8,90 +8,60 @@ You need a Linux server (we tested on Ubuntu 16.04 and CentOS 7.3) with a recent None of the files contain passwords, instead passwords and other confidential information are provided to the containers using environment variables. In Kubernetes you can use [secrets](https://kubernetes.io/docs/concepts/configuration/secret/) for this. -# Exemplary workflow using Docker Compose -## get Dockerfiles -``` -git clone https://gitlab.inf.unibz.it/commul/docker/clarin-dspace/ -cd clarin-dspace -``` +# Kubernetes -## get my versions of dist files -``` -cp password_mod.sh.dist password_mod.sh -cp commul-customization/init-dspace-dbs.sh.dist commul-customization/init-dspace-dbs.sh -cp commul-customization/local.properties.dist commul-customization/local.properties -``` +## Prerequisites -## change passwords -``` -vi password_mod.sh -chmod +x password_mod.sh -./password_mod.sh -``` +* Kubernetes cluster +* Ceph filesystem +* GitLab including docker registry +* Kubernetes credentials +* a working [kubectl] (https://kubernetes.io/docs/tasks/tools/install-kubectl/, make sure the kubectl and your Kubernetes cluster are compatible versions) -## make sure the certificate and key are there -``` -cp -r /tmp/certs ./commul-customization/ -``` +## Setup -## build the images -``` -docker-compose up -d --build -``` +All sensitive information is stored in Kubernetes secrets. If you want to use the Kubernetes yaml files as is, make sure that you create those secrets with the same secret and key names. -## enter the DSpace container -``` -docker exec -ti clarindspace_dspace_1 bash -``` -## deploy DSpace -``` -make new_deploy -``` +## Workflow -## copy over modified aai_config.js -``` -cp /tmp/aai_config.js /opt/lindat-dspace/installation/webapps/xmlui/themes/UFAL/lib/js/ -``` +### Building docker images -## create dspace admin as tomcat8, so that the log files have the right owner -``` -su -s /bin/sh tomcat8 -/opt/lindat-dspace/installation/bin/dspace create-administrator -``` +Kubernetes is pulling images from a registry, so you need to first build the docker files locally and push them to a registry. We are using the registry feature of GitLab. Make sure to set up your local docker so that it can upload images into the registry. + +We try to keep the version numbers of all images in sync and use the script [release.sh](dockerfiles/release.sh) for this. You will need to edit this script and exchange the registry URL with your own. The script takes the new version number as its argument and builds all docker images and pushes them into our registry. -## start the dspace webapp ``` -cd /opt/repository/sources/dspace/utilities/project_helpers/scripts -/etc/init.d/tomcat8 start +cd dockerfiles +./release 1.2.3 ``` -# Kubernetes - +By default this is pushing images into the staging branch of the registry. If you want to build a production image, you need to provide the extra argument `production`. -## Prerequisites - -* Kubernetes cluster -* Kubernetes credentials -* a working [kubectl] (https://kubernetes.io/docs/tasks/tools/install-kubectl/) - -# Workflow - -## Building docker images -Kubernetes is pulling images from a registry, so you need to first build the docker files. We try to keep the version numbers of all images in sync and use the script [release.sh](dockerfiles/release.sh) for this. It takes the new version number as its argument and builds all docker images and pushes them into our registry. You will need to edit this script and exchange the registry URL with your own. +``` +cd dockerfiles +./release 1.2.3 production +``` -## deploying to Kubernetes +### deploying to Kubernetes -After pushing all images to your container registry you can ask Kubernetes to pull and deploy them. If necessary, you might need to create a [personal token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) for logging into the GitLab Registry and store it as a secret that you then reference in the Kubernetes yaml files. +After pushing all images to your container registry you can ask Kubernetes to pull and deploy them. If necessary, you might need to create a [personal token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) for logging into the GitLab Registry and store it as a secret that you then reference in the Kubernetes yaml files. You need to edit the yaml files to suit your setup, especially you need to edit: +* The image registry URL +* The ceph setup +* The name of your Kubernetes namespace -There is a handy script that calls all necessary kubectl commands one after another called [start-kube.sh](kubernetes/start-kube.sh), for bringing it all down again use [stop-kube.sh](kubernetes/stop-kube.sh) instead. For this to work, make sure that you have the correct images referenced in the deployment yaml files. +These edits you only have to do once, but for each new deploy you have to edit the version numbers of the images in the deployment yaml files. This can be done with a simple sed: ``` -image: gitlab.inf.unibz.it:4567/commul/docker/clarin-dspace/staging/dspace:1.2-RC1 +sed -i 's/1.2-RC1/1.2/' ../kubernetes/*deploy* ``` +There is a handy script that calls all necessary kubectl commands one after another called [start-kube.sh](kubernetes/start-kube.sh), for bringing it all down again use [stop-kube.sh](kubernetes/stop-kube.sh) instead. By default this doesn't touch the persistent volume claim. For a full redeploy that forgets all history you have to call the kubectl command manually: +``` +kubectl delete -f pgdata-persistentvolumeclaim.yaml +``` @@ -109,145 +79,61 @@ secrets d +# Exemplary workflow using Docker Compose (this might be outdated) -### Use existing Docker image -```console -docker image ls -a gitlab.scientificnet.org:4567/commul/dspace/* -docker pull gitlab.scientificnet.org:4567/commul/dspace/<my_image>:<my tag> +## get Dockerfiles ``` - -### Build images -* build your docker image from `/clarin-dspace-docker` directory -* push to `https://gitlab.scientificnet.org/commul/dspace/container_registry` - -```console -docker build -t gitlab.scientificnet.org:4567/commul/dspace/<my_image>:<my tag> -f Dockerfile.XX . -docker push gitlab.scientificnet.org:4567/commul/dspace/<my_image>:<my tag> +git clone https://gitlab.inf.unibz.it/commul/docker/clarin-dspace/ +cd clarin-dspace ``` -# Installation -This step in a "workspace preparation" and is not directly related with dspace. - -Provide gitlab & RBD credentials - -```console -$ kubectl -n dspace-dev create -f gitlab-scientificnet-org-registry.yaml +## get my versions of dist files ``` -```console -$ kubectl -n dspace-dev create -f rbd-secret.yaml +cp password_mod.sh.dist password_mod.sh +cp commul-customization/init-dspace-dbs.sh.dist commul-customization/init-dspace-dbs.sh +cp commul-customization/local.properties.dist commul-customization/local.properties ``` -## PostgreSQL -To install PostgreSQL, we need some passwords, so we need Kubernetes secrets -```console -$ kubectl -n dspace-dev create -f postgresql-secret.yaml -secret "dspace-postgresql" created +## change passwords ``` - -```console -$ kubectl -n dspace-dev create -f dspace-secrets.yaml -secret "dspace-secrets" created +vi password_mod.sh +chmod +x password_mod.sh +./password_mod.sh ``` -```console -$ kubectl -n dspace-dev get secrets -NAME TYPE DATA AGE -ceph-rbd-secret kubernetes.io/rbd 1 14m -default-token-c1pd4 kubernetes.io/service-account-token 3 4d -dspace-postgresql Opaque 1 1h -dspace-secrets Opaque 1 1m -gitlab-scientificnet-org-registry kubernetes.io/dockerconfigjson 1 46m +## make sure the certificate and key are there ``` - - - -Next, create a RBD Claim -```console -$ kubectl -n dspace-dev create -f postgresql-pvc.yaml -persistentvolumeclaim "dspace-postgresql" created - -$ kubectl -n dspace-dev get pvc -NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE -dspace-postgresql Bound pvc-610c358d-a518-11e7-b21c-b60483de6a40 8Gi RWO auto 2s +cp -r /tmp/certs ./commul-customization/ ``` -Ok, now we are ready to deploy our PostgreSQL! -```console -$ kubectl -n dspace-dev create -f postgresql.yaml - -$ kubectl -n dspace-dev get po -NAME READY STATUS RESTARTS AGE -dspace-postgresql-1806947503-cj077 0/1 ContainerCreating 0 2s - -$ kubectl -n dspace-dev get po -NAME READY STATUS RESTARTS AGE -dspace-postgresql-1806947503-qw8q4 0/1 Running 0 9s - -$ kubectl -n dspace-dev get po -NAME READY STATUS RESTARTS AGE -dspace-postgresql-1806947503-qw8q4 1/1 Running 0 46s +## build the images +``` +docker-compose up -d --build ``` -We have now launched the pod but we have to wait until the pod is up before accessing it -```console -$ kubectl -n dspace-dev exec -it dspace-postgresql-1806947503-qw8q4 bash -root@dspace-postgresql-1806947503-qw8q4:/# +## enter the DSpace container +``` +docker exec -ti clarindspace_dspace_1 bash ``` -Also, we can also test our PostgreSQL installation with a port forward -```console -$ kubectl -n dspace-dev port-forward dspace-postgresql-1806947503-qw8q4 5432:5432 +## deploy DSpace +``` +make new_deploy ``` -now we are able to connect to localhost:5432 - - -```console -$ kubectl -n dspace-dev create -f postgresql-service.yaml -service "dspace-postgresql" created +## copy over modified aai_config.js ``` -```console -$ kubectl -n dspace-dev exec -it servlet env | grep POSTGRESQL -DSPACE_POSTGRESQL_SERVICE_PORT_POSTGRESQL=5432 -DSPACE_POSTGRESQL_PORT_5432_TCP_ADDR=10.13.0.173 -DSPACE_POSTGRESQL_SERVICE_HOST=10.13.0.173 -DSPACE_POSTGRESQL_PORT_5432_TCP_PROTO=tcp -DSPACE_POSTGRESQL_PORT_5432_TCP_PORT=5432 -DSPACE_POSTGRESQL_SERVICE_PORT=5432 -DSPACE_POSTGRESQL_PORT=tcp://10.13.0.173:5432 -DSPACE_POSTGRESQL_PORT_5432_TCP=tcp://10.13.0.173:5432 +cp /tmp/aai_config.js /opt/lindat-dspace/installation/webapps/xmlui/themes/UFAL/lib/js/ ``` -## DSpace -```console -$ kubectl -n dspace-dev create -f servlet.yaml -pod "servlet" created +## create dspace admin as tomcat8, so that the log files have the right owner ``` -```console -$ kubectl -n dspace-dev get po -NAME READY STATUS RESTARTS AGE -dspace-postgresql-1806947503-qw8q4 1/1 Running 0 4d -servlet 1/1 Running 0 34s +su -s /bin/sh tomcat8 +/opt/lindat-dspace/installation/bin/dspace create-administrator ``` -```console -$ kubectl -n dspace-dev logs servlet -[Wed Oct 4 12:24:25 UTC 2017] Starting -[Wed Oct 4 12:24:25 UTC 2017] Cloning lindat-dspace repository...skip! /opt/repository/sources/dspace already exists -[Wed Oct 4 12:24:25 UTC 2017] Creating workspace...skip! /opt/repository/workspace already exists -[Wed Oct 4 12:24:25 UTC 2017] Copy makefile...skip! /opt/repository/workspace/config/variable.makefile already exists -[Wed Oct 4 12:24:25 UTC 2017] Copy local.properties...skip! /opt/repository/workspace/sources/local.properties already exists -[Wed Oct 4 12:24:25 UTC 2017] Compilation and Deployment of DSpace...already done -already done -already done -[Wed Oct 4 12:24:25 UTC 2017] Copy aai_config.js...skip! /opt/lindat-dspace/installation/webapps/xmlui/themes/UFAL/lib/js/aai_config.js already exists -[Wed Oct 4 12:24:25 UTC 2017] Create dspace admin...already done -[Wed Oct 4 12:24:25 UTC 2017] Starting Tomcat...Starting Tomcat 8... -Tomcat started. + +## start the dspace webapp ``` -```console -$ kubectl -n dspace-dev port-forward servlet 8080:8080 -Forwarding from 127.0.0.1:8080 -> 8080 -Forwarding from [::1]:8080 -> 8080 +cd /opt/repository/sources/dspace/utilities/project_helpers/scripts +/etc/init.d/tomcat8 start ``` - -connect to http://localhost:8080/repository/xmlui/#