Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revisions to Overview page in prod dep. template

Browse Source
This commit is contained in:
Troy McConaghy 2018-03-03 14:55:31 +01:00
parent 802cc73d33
commit 2304f8cd10
1 changed files with 53 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
docs/server/source/production-deployment-template/workflow.rst
View File

@ -76,32 +76,64 @@ We'll say more about that file below.)
Things Each Node Operator Must Do Things Each Node Operator Must Do
--------------------------------- ---------------------------------
1. :doc:`Deploy a Kubernetes cluster on Azure <../production-deployment-template/template-kubernetes-azure>`. 1. Make up an `FQDN <https://en.wikipedia.org/wiki/Fully_qualified_domain_name>`_
for your BigchainDB node (e.g. ``mynode.mycorp.com``).
This is where external users will access the BigchainDB HTTP API, for example.
Make sure you've registered the associated domain name (e.g. ``mycorp.com``).
2. Make up an FQDN for your BigchainDB node (e.g. ``mynode.mycorp.com``). Get an SSL certificate for your BigchainDB node's FQDN.
Make sure you've registered the associated domain name (e.g. ``mycorp.com``), Also get the root CA certificate and all intermediate certificates.
and have an SSL certificate for the FQDN. They should all be provided by your SSL certificate provider.
(You can get an SSL certificate from any SSL certificate provider.) Put all those certificates together in one certificate chain file in the following order:
3. Download the HTTPS certificate chain and HTTPS certificate key of your registered domain. - Domain certificate (i.e. the one you ordered for your FQDN)
Certificate chain includes your primary SSL cert (e.g. your_domain.crt) followed by all intermediate and root - All intermediate certificates
CA cert(s). e.g. If cert if from DigiCert, download "Best format for nginx". - Root CA certificate
4a. If the BigchainDB node uses 3scale for API authentication, monitoring and billing, DigiCert has `a web page explaining certificate chains <https://www.digicert.com/ssl-support/pem-ssl-creation.htm>`_.
you must ask the BigchainDB node operator/owner for all relevant 3scale credentials and deployment
workflow.
4b. If the BigchainDB does not use 3scale for API authentication, then the organization managing the BigchainDB You will put the path to that certificate chain file in the ``vars`` file,
node **must** generate a unique *SECRET_TOKEN* for authentication and authorization of requests to the BigchainDB node. when you configure your node later.
.. Note:: 2a. If your BigchainDB node will use 3scale for API authentication, monitoring and billing,
All the operations required to set up a Self-Signed CA can be automatically generated from you will need all relevant 3scale settings and credentials.
our :ref:`"How to configure a BigchainDB node" <how-to-configure-a-bigchaindb-node>` guide.
5. Set Up a Self-Signed Certificate Authority 2b. If your BigchainDB node will not use 3scale, then write authorization will be granted
to all POST requests with a secret token in the HTTP headers.
(All GET requests are allowed to pass.)
You can make up that ``SECRET_TOKEN`` now.
You will put it in the ``vars`` file later.
Every BigchainDB node in a cluster can have a different secret token.
We use SSL/TLS and self-signed certificates 3. Deploy a Kubernetes cluster for your BigchainDB node. We have some instructions for how to
for MongoDB authentication (and message encryption). :doc:`Deploy a Kubernetes cluster on Azure <../production-deployment-template/template-kubernetes-azure>`.
The certificates are signed by the organization managing the :ref:`bigchaindb-node`.
You can now proceed to set up your :ref:`BigchainDB node <kubernetes-template-deploy-a-single-bigchaindb-node>`. .. warning::
In theory, you can deploy your BigchainDB node to any Kubernetes cluster, but there can be differences
between different Kubernetes clusters, especially if they are running different versions of Kubernetes.
We tested this Production Deployment Template on Azure ACS in February 2018 and at that time
ACS was deploying a **Kubernetes 1.7.7** cluster. If you can force your cluster to have that version of Kubernetes,
then you'll increase the likelihood that everything will work in your cluster.
4. Deploy your BigchainDB node inside your new Kubernetes cluster.
You will fill up the ``vars`` file,
then you will run a script which reads that file to generate some Kubernetes config files,
you will send those config files to your Kubernetes cluster,
and then you will deploy all the stuff that you need to have a BigchainDB node.
⟶ Proceed to :ref:`deploy your BigchainDB node <kubernetes-template-deploy-a-single-bigchaindb-node>`.
.. raw:: html
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>