Equatower: Difference between revisions
From Nasqueron Agora
(Created page with "'''Equatower''' is an infrastructure server used to serve Docker containers. New services, provisionned by SaltStack through our rOPS repository, should be deployed to Equato...") |
No edit summary |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
'''Equatower''' | '''Equatower''' was an infrastructure server used to serve Docker containers. It's hosted on [[Dreadnought]] hypervisor. | ||
New services, | It has been superseded by docker-001. This page is valid for docker-001, with the only need to replace 51.255.124.10 by 51.255.124.9. | ||
New services, provisioned by SaltStack through our rOPS repository, should be deployed to this docker-001 or to [[Operations grimoire/Kubernetes|Kubernetes cluster]]. | |||
== PaaS Docker == | |||
=== Containers === | |||
{| class="wikitable sortable" | |||
|- | |||
! Group !! Container !! Image !! Purpose | |||
|- | |||
| jenkins_cd || jenkins || jenkinsci/jenkins || Jenkins master for CD | |||
|- | |||
| jenkins_cd || apsile || nasqueron/jenkins-slave-php || Jenkins slave | |||
|- | |||
| jenkins_cd || elapsi || nasqueron/jenkins-slave-php || Jenkins slave | |||
|- | |||
| openfire || openfire || gizmotronic/openfire || XMPP server | |||
|- | |||
| phpbb || phpbb_db || nasqueron/mysql || MySQL server for phpBB PaaS | |||
|- | |||
| phpbb || phpbb_ook || nasqueron/nginx-php7-fpm || QA container for phpBB PaaS | |||
|- | |||
| phpbb || phpbb_test || nasqueron/nginx-php7-fpm || dev container for phpBB PaaS | |||
|} | |||
=== Ports === | === Ports === | ||
| Line 16: | Line 39: | ||
| 38080 || Jenkins || back-end web server | | 38080 || Jenkins || back-end web server | ||
|} | |} | ||
== Administration tasks == | |||
=== Acquisitariat (MySQL server) === | |||
To connect to the MySQL server, you can run a temporary container linked to our production server. | |||
ssh -t dwellers.nasqueron.org mysql acquisitariat | |||
If you need more control tweak this line: | |||
docker run -it --rm --link acquisitariat:mysql nasqueron/mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"' | |||
If you need to work with SQL files, connect directly to the server: | |||
docker exec -it acquisitariat bash | |||
Finally, some containers allow direct access. From a Phabricator container, for example, you can get a MySQL client with: | |||
/opt/phabricator/bin/storage shell | |||
== Troubleshoot == | |||
=== Let's Encrypt certificates renewal fail === | |||
Let's Encrypt resolves in IPv6 first, so if IPv6 is down, renewal will be slow and unsuccessful with timeout messages. | |||
=== No network at boot time === | |||
Access the machine on the hypervisor, then: | |||
;Check the interface is up: | |||
ip addr | |||
ifup ens192 # to bring it up | |||
The interface to use is the one connected to the main network, with 00:50:56:0c:53:94 as MAC address. It normally should be defined at ens192. | |||
;If you've reset the configuration and need to add again the IP: | |||
ip addr add 51.255.124.10/32 dev ens192 | |||
;Routing is probably the issue: | |||
ip route add 91.121.86.254 dev ens192 | |||
ip route add default via 91.121.86.254 | |||
;Same for the case we can ping/ssh (slowly) from [[Ysul]] but not from the world: | |||
ip route change 91.121.86.254 dev ens192 | |||
ip route change default via 91.121.86.254 | |||
;Reconfigure the IPv6 tunnel | |||
At some point, the Linux route2 method stopped to work, but the Linux net-tools method still work. | |||
ip tunnel del he-ipv6 | |||
/sbin/ipv6-setup-tunnel | |||
Could be broken, if so, use old ifconfig commands like in [[Dwellers]]. | |||
[[Category:Servers]] | |||
Latest revision as of 12:32, 24 September 2020
Equatower was an infrastructure server used to serve Docker containers. It's hosted on Dreadnought hypervisor.
It has been superseded by docker-001. This page is valid for docker-001, with the only need to replace 51.255.124.10 by 51.255.124.9.
New services, provisioned by SaltStack through our rOPS repository, should be deployed to this docker-001 or to Kubernetes cluster.
PaaS Docker
Containers
| Group | Container | Image | Purpose |
|---|---|---|---|
| jenkins_cd | jenkins | jenkinsci/jenkins | Jenkins master for CD |
| jenkins_cd | apsile | nasqueron/jenkins-slave-php | Jenkins slave |
| jenkins_cd | elapsi | nasqueron/jenkins-slave-php | Jenkins slave |
| openfire | openfire | gizmotronic/openfire | XMPP server |
| phpbb | phpbb_db | nasqueron/mysql | MySQL server for phpBB PaaS |
| phpbb | phpbb_ook | nasqueron/nginx-php7-fpm | QA container for phpBB PaaS |
| phpbb | phpbb_test | nasqueron/nginx-php7-fpm | dev container for phpBB PaaS |
Ports
| Port | Service | Purpose |
|---|---|---|
| 3478 | Openfire | STUN / TURN |
| 5222 | Openfire | C2S XMPP |
| 5263 | Openfire | S2S XMPP |
| 38080 | Jenkins | back-end web server |
Administration tasks
Acquisitariat (MySQL server)
To connect to the MySQL server, you can run a temporary container linked to our production server.
ssh -t dwellers.nasqueron.org mysql acquisitariat
If you need more control tweak this line:
docker run -it --rm --link acquisitariat:mysql nasqueron/mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'
If you need to work with SQL files, connect directly to the server:
docker exec -it acquisitariat bash
Finally, some containers allow direct access. From a Phabricator container, for example, you can get a MySQL client with:
/opt/phabricator/bin/storage shell
Troubleshoot
Let's Encrypt certificates renewal fail
Let's Encrypt resolves in IPv6 first, so if IPv6 is down, renewal will be slow and unsuccessful with timeout messages.
No network at boot time
Access the machine on the hypervisor, then:
- Check the interface is up
ip addr ifup ens192 # to bring it up
The interface to use is the one connected to the main network, with 00:50:56:0c:53:94 as MAC address. It normally should be defined at ens192.
- If you've reset the configuration and need to add again the IP
ip addr add 51.255.124.10/32 dev ens192
- Routing is probably the issue
ip route add 91.121.86.254 dev ens192 ip route add default via 91.121.86.254
- Same for the case we can ping/ssh (slowly) from Ysul but not from the world
ip route change 91.121.86.254 dev ens192 ip route change default via 91.121.86.254
- Reconfigure the IPv6 tunnel
At some point, the Linux route2 method stopped to work, but the Linux net-tools method still work.
ip tunnel del he-ipv6 /sbin/ipv6-setup-tunnel
Could be broken, if so, use old ifconfig commands like in Dwellers.
