0%

MoinMoin in Production on CoreOS - Part4: Staging to IDCF Cloud

I backuped MoinMoin pages archives to IDCF Object Storage. Before deploying to the production environment on DigitalOcean, I prepared CoreOS instance on IDCF Cloud for staging environment. This is very first time I wrote MoinMoin installing as a fleet unit file.

CoreOS from ISO

At first I changed password of coreos user from IDCF Cloud browser console. This enable us to ssh with password.

$ sudo passwd core

Then I could login with pasword via SSH.

$ ssh core@10.1.1.191 -o PreferredAuthentications=password

Edit Cloud-config file

The first step to setting up a new CoreOS cluster is generating a new discovery URL, a unique address that stores peer CoreOS addresses and metadata. The easiest way to do this is to use

I executed curl command for generating new discovery URL.

$ curl -w "\n" https://discovery.etcd.io/new
https://discovery.etcd.io/485b242d1cb90f50ada691ee2f37a6c7

This is my usual cloud-config.yml to create a basic CoreOS instance.

~/cloud-config.yml
#cloud-config
coreos:
etcd:
discovery: https://discovery.etcd.io/485b242d1cb90f50ada691ee2f37a6c7
addr: $private_ipv4:4001
peer-addr: $private_ipv4:7001
fleet:
public-ip: $private_ipv4
units:
- name: etcd.service
command: start
- name: fleet.service
command: start
- name: timezone.service
command: start
content: |
[Unit]
Description=timezone
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ln -sf ../usr/share/zoneinfo/Japan /etc/localtime
write_files:
- path: /etc/profile.d/nse-function.sh
permissions: 0755
content: |
function nse() {
sudo nsenter --pid --uts --mount --ipc --net --target $(docker inspect --format="{{ .State.Pid }}" $1)
}
- path: /etc/environment
permissions: 0644
content: |
COREOS_PUBLIC_IPV4=
COREOS_PRIVATE_IPV4=10.1.1.191
- path: /etc/profile.d/nse-function.sh
permissions: 0755
content: |
function nse() {
sudo nsenter --pid --uts --mount --ipc --net --target $(docker inspect --format="{{ .State.Pid }}" $1)
}
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaMqAk6OeBLkyU6kj9HHq18xIBgSewSzZDRT3dYRnE92F5tz/16W/McxQ3XoIu8Z7aDNt5WEE+vWatAAItUPWQLRKjM0zwPC04hciMXloC7WjEeIikksg9hGzuc6nals7sfItCOx1aKqLFnEpRmXnzmKycYT8YqRBFzbGFJ+RSGmskVJeMaKUXunF43JH93ugmMCFqv92OnUHsY0tNeqI/EEncghHIKRwoHq46dNvECsvhX8ZruscQB3oGK24+sjZlL78kXeFXM4q3ZbefZESF4iKhs3BMfmT7ihNnuntdZhAHupBxg5npolw6yGZLjZcilduSnuTR6BDWtNEIS0S1 deis

Since I created this CoreOS instance from ISO the stable version is bumped to 444.5.0. It is needed to be set -V option for the latest version.

$ sudo coreos-install -d /dev/sda -V 444.5.0 -C stable -c ./cloud-config.yml
...
Installing cloud-config...
Success! CoreOS stable 444.5.0 is installed on /dev/sda

Restarting to finish installing.

$ sudo reboot

Using fleetctl

Before using fleetctl command from outside of fleet cluster, it shoud be set FLEETCTL_TUNNEL environment pointing to one of the fleet machines. It may also required to start ssh-agent beforehand.

$ export FLEETCTL_TUNNEL=10.1.1.191
$ fleetctl list-machines
MACHINE IP METADATA
4a236dee... 10.1.1.191 -

This is a basic fleet unit file just starting docker container safelly. I will add data volume container unit next time.

~/docker_apps/moin/moin.service
[Unit]
Description=MoinMoin Service
Requires=docker.service
After=docker.service
[Service]
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill moin
ExecStartPre=-/usr/bin/docker rm moin
ExecStartPre=/usr/bin/docker pull 10.1.1.32:5000/moin
ExecStart=/usr/bin/docker run --name moin -p 80:80 10.1.1.32:5000/moin
ExecStop=/usr/bin/docker kill moin
[Install]
WantedBy=multi-user.target

After finished writing moin.service unit file, I submit and start moin unit using fleetctl command.

$ fleetctl submit moin.service
$ fleetctl start moin.service
Unit moin.service launched on 4a236dee.../10.1.1.191
$ fleetctl list-unit-files
UNIT HASH DSTATE STATE TARGET
moin.service b665615 launched launched 4a236dee.../10.1.1.191
$ fleetctl journal -f moin.service

I confirmed moin.service unit running.

$ fleetctl list-units
UNIT MACHINE ACTIVE SUB
moin.service 4a236dee.../10.1.1.191 active running

And go to this URL.

It is also possible to login to target machine passing unit name.

$ fleetctl ssh moin
CoreOS (stable)