Skip to content
Snippets Groups Projects
Select Git revision
  • 0fc68c76b1b4a50d887a5a50f274f5f52ea26ffd
  • master default protected
  • e-infra2
  • ci-megalinter-speedup
  • e-infra
  • envri-hub-new-aai
  • egi-b2drop-no-collapse
  • lfs
  • gpu_staging
  • resurrect-testing-ownloud
  • experiments/collab
  • update_claim_group_keys
  • envri-hub
  • enable_rtc
  • eosc-ui
  • future/jupyterhub-5.x
  • versioning
  • eosc-templating
  • staging1-raw-image
  • token-exchange
  • del-users
21 results

notebooks-operations

  • Clone with SSH
  • Clone with HTTPS
  • EOSC Notebooks

    This directory has all the files to get started with a new deployment of EOSC Notebooks.

    Admin Environment Setup

    Hashicorp Vault

    Prepare environment for interrating with Hashicorp Vault:

    export VAULT_ADDR=https://secrets.egi.eu

    Login:

    # optional (values from environment)
    # read CLIENT_ID CLIENT_SECRET
    # export CLIENT_ID CLIENT_SECRET
    
    # login to vault
    ./vault-login.py

    Note: example commands to create secrets for "eosc-dev":

    prefix=/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
    vault kv put -mount secrets $prefix/FEDCLOUD_DYNAMIC_DNS $HOST1=$SECRET1 $HOST2=$SECRET2
    vault kv put -mount secrets $prefix/deployment-hub checkin_host=... client_id=... client_secret=...

    Inventory parameters

    Used parameters in ansible recipes:

    • mail_fromdomain: hostname in from header
    • mail_local: disable e-mail (only local delivery)
    • site_name: site identifier
    • vault_mount_point:: path to secrets in the Vault

    Backup and Restore

    Backup:

    # initialize repository
    # restic -v init <repository>
    
    read -r PASSWORD AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
    ansible-playbook  \
      --extra-vars "backup_password=$PASSWORD" \
      --extra-vars "s3_access_key=$AWS_ACCESS_KEY_ID" \
      --extra-vars "s3_secret_key=$AWS_SECRET_ACCESS_KEY" \
      playbooks/backup.yaml

    Restore (on admin machine, config only):

    read -r PASSWORD AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
    ansible-playbook \
      --extra-vars "backup_password=$PASSWORD" \
      --extra-vars "s3_access_key=$AWS_ACCESS_KEY_ID" \
      --extra-vars "s3_secret_key=$AWS_SECRET_ACCESS_KEY" \
      playbooks/recover.yaml

    Restore (on k8s master):

    kubectl label node k8s-nfs nfs-server=true
    kubectl create namespace recover
    kubectl apply -f /tmp/recover.yaml