STI
/
myos
3
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity
myos/README.md

3.9 KiB
Raw Blame History

yaip - Yet Another IPFS Project

Docker paas based on docker compose files.

Disclaimer

This is work in progress ;)

Requirements

You need docker, git and make.

Usage

Examples

  • Configure myos for domain domain.tld and stack zen
$ make bootstrap DOMAIN=domain.tld STACK=zen
  • Start myos stacks
$ make node up

make node starts the stack node with docker host services :

  • consul (service discovery)
  • fabio (load balancer)
  • ipfs (inter planetary file system)
  • registrator (docker/consul bridge) make up starts the stack zen with docker services :
  • ipfs (mount ~/.ipfs)
  • zen (mount ~/.zen)
  • Stop myos
$ make shutdown
  • Install myos
$ make install

Install myos on a server and manage server config with ansible.

Variables

  • DEBUG

Show executed commands.

$ make up DEBUG=true
  • DRYRUN

Do nothing, show commands instead of executing it.

$ make up DRYRUN=true
  • VERBOSE

Show called functions.

$ make up VERBOSE=true
  • Show variable VARIABLE
$ make print-VARIABLE

Setup

  • SETUP_LETSENCRYPT

Generate ${DOMAIN} certificate files with letsencrypt.

By default, myos generates invalid ${DOMAIN} certificate files with openssl. You can use letsencrypt instead, to generate valid wildcard certificate files.

To achieve this, you must add following DNS entries to domain ${DOMAIN} to prove you own it:

_acme-challenge.${DOMAIN}       IN CNAME ${DOMAIN}.acme.${DOMAIN}.
acme.${DOMAIN}.                 IN NS certbot.${DOMAIN}.
certbot.${DOMAIN}.              IN A ${DOCKER_HOST_INET4}

In this config, DOCKER_HOST_INET4 should be the external IP address of the server running certbot. Port 53 of this IP address must be reachable from internet and point to this server.

If you want a simple DNS configuration to host all your services on the same server, you can setup following DNS config:

@                               IN A ${DOCKER_HOST_INET4}
*.${DOMAIN}.                    IN CNAME ${DOMAIN}.
_acme-challenge.${DOMAIN}       IN CNAME ${DOMAIN}.acme.${DOMAIN}.
acme.${DOMAIN}.                 IN NS ${DOMAIN}.

This will point domain {DOMAIN} to the IP address {DOCKER_HOST_INET4} of this server, and point all subdomains *.{DOMAIN} to the ip address pointed by ${DOMAIN}.

At this point, you should be able to generate a valid certificate for *.${DOMAIN} using certbot dns standalone plugin. This task is done automatically when creating the node stack if SETUP_LETSENCRYPT variable is not empty.

If you already launched myos node stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt.

$ make node-down
$ docker volume rm node_myos

You can then test the letsencrypt certificate generation using DEBUG mode that force to use the letsencrypt staging server.

$ make node SETUP_LETSENCRYPT=true DEBUG=true

If letsencrypt certificate generation fails, you can retry the generation of a staging certificate.

$ make node-certbot-staging

Once the certificate generation is working, you can ask for a valid certificate.

$ make node-down
$ docker volume rm node_myos
$ make node SETUP_LETSENCRYPT=true

Debug

  • Show docker compose yaml config
$ make config

make config show docker compose yaml config for stack STACK make node-config show docker compose yaml config for stack node make user-config show docker compose yaml config for stack User make stack-elastic-config show docker compose yaml config for stack elastic

  • Show debug variables
$ make debug
  • Generate self documentation
$ make doc
  • Show env args
$ make print-env_args

Status

Beta software, use it at your own risks.