EOSC Notebooks
This directory has all the files to get started with a new deployment of EOSC Notebooks.
Admin Environment Setup
Hashicorp Vault
Prepare environment for interrating with Hashicorp Vault:
export VAULT_ADDR=https://secrets.egi.euLogin:
# optional (values from environment)
# read CLIENT_ID CLIENT_SECRET
# export CLIENT_ID CLIENT_SECRET
# login to vault
./vault-login.pyNote: example commands to create secrets for "eosc-dev":
prefix=/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
vault kv put -mount secrets $prefix/FEDCLOUD_DYNAMIC_DNS $HOST1=$SECRET1 $HOST2=$SECRET2
vault kv put -mount secrets $prefix/deployment-hub checkin_host=... client_id=... client_secret=...Inventory parameters
Used parameters in ansible recipes:
- mail_fromdomain: hostname in from header
- mail_local: disable e-mail (only local delivery)
- site_name: site identifier
- vault_mount_point:: path to secrets in the Vault
Backup and Restore
Backup:
# initialize repository
# restic -v init <repository>
read -r PASSWORD AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
ansible-playbook \
--extra-vars "backup_password=$PASSWORD" \
--extra-vars "s3_access_key=$AWS_ACCESS_KEY_ID" \
--extra-vars "s3_secret_key=$AWS_SECRET_ACCESS_KEY" \
playbooks/backup.yamlRestore (on admin machine, config only):
read -r PASSWORD AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
ansible-playbook \
--extra-vars "backup_password=$PASSWORD" \
--extra-vars "s3_access_key=$AWS_ACCESS_KEY_ID" \
--extra-vars "s3_secret_key=$AWS_SECRET_ACCESS_KEY" \
playbooks/recover.yamlRestore (on k8s master):
kubectl label node k8s-nfs nfs-server=true
kubectl create namespace recover
kubectl apply -f /tmp/recover.yaml