Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deployment changes: (#1623)

Browse Source 
Update MongoDB container tag to `3.0`.

Doc change to reflect bdb-config.bdb-user parameter usage.

Fix typo in configuration.md.

Add BIGCHAINDB_DATABASE_SSL parameter to bigchaindb-dep.yaml for
Kubernetes deployments.

Refer the the `bdb-user` parameter from ConfigMap in
bigchaindb-dep.yaml.

Consolidate all BigchainDB parameter values under the
`bdb-config` ConfigMap.

Remove `bdb-user` from secrets.yaml.
This commit is contained in:
Krish 2017-07-03 15:55:43 +02:00 committed by GitHub
parent e89623c836
commit ece195ff8d
6 changed files with 37 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
View File

@ -49,7 +49,7 @@ There are some things worth noting about the ``mdb-instance-name``:
* We use ``mdb-instance-0``, ``mdb-instance-1`` and so on in our * We use ``mdb-instance-0``, ``mdb-instance-1`` and so on in our
documentation. Your BigchainDB cluster may use a different naming convention. documentation. Your BigchainDB cluster may use a different naming convention.
bdb-keyring.bdb-keyring bdb-config.bdb-keyring
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~
This lists the BigchainDB public keys This lists the BigchainDB public keys
@ -70,29 +70,8 @@ of all *other* nodes in your BigchainDB cluster
For example, For example,
``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"`` ``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"``
bdb-config.bdb-user
Edit secret.yaml ~~~~~~~~~~~~~~~~~~~
----------------
Make a copy of the file ``k8s/configuration/secret.yaml``
and edit the data values in the various Secrets.
That file includes many comments to explain the required values.
**In particular, note that all values must be base64-encoded.**
There are tips at the top of the file
explaining how to convert values into base64-encoded values.
Your BigchainDB node might not need all the Secrets.
For example, if you plan to access the BigchainDB API over HTTP, you
don't need the ``https-certs`` Secret.
You can delete the Secrets you don't need,
or set their data values to ``""``.
Note that ``ca.pem`` is just another name for ``ca.crt``
(the certificate of your BigchainDB cluster's self-signed CA).
bdb-certs.bdb-user
~~~~~~~~~~~~~~~~~~
This is the user name that BigchainDB uses to authenticate itself to the This is the user name that BigchainDB uses to authenticate itself to the
backend MongoDB database. backend MongoDB database.
@ -114,13 +93,33 @@ You should see an output line that resembles:
subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
The ``subject`` line states the complete user name we need to use for this The ``subject`` line states the complete user name we need to use for this
field (``bdb-certs.bdb-user``), i.e. field (``bdb-config.bdb-user``), i.e.
.. code:: bash .. code:: bash
emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
Edit secret.yaml
----------------
Make a copy of the file ``k8s/configuration/secret.yaml``
and edit the data values in the various Secrets.
That file includes many comments to explain the required values.
**In particular, note that all values must be base64-encoded.**
There are tips at the top of the file
explaining how to convert values into base64-encoded values.
Your BigchainDB node might not need all the Secrets.
For example, if you plan to access the BigchainDB API over HTTP, you
don't need the ``https-certs`` Secret.
You can delete the Secrets you don't need,
or set their data values to ``""``.
Note that ``ca.pem`` is just another name for ``ca.crt``
(the certificate of your BigchainDB cluster's self-signed CA).
threescale-credentials.* threescale-credentials.*
~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~

2
docs/server/source/server-reference/configuration.md
View File

@ -37,7 +37,7 @@ For convenience, here's a list of all the relevant environment variables (docume
`BIGCHAINDB_LOG_FMT_LOGFILE`<br> `BIGCHAINDB_LOG_FMT_LOGFILE`<br>
`BIGCHAINDB_LOG_GRANULAR_LEVELS`<br> `BIGCHAINDB_LOG_GRANULAR_LEVELS`<br>
`BIGCHAINDB_DATABASE_SSL`<br> `BIGCHAINDB_DATABASE_SSL`<br>
`BIGCHIANDB_DATABASE_LOGIN`<br> `BIGCHAINDB_DATABASE_LOGIN`<br>
`BIGCHAINDB_DATABASE_PASSWORD`<br> `BIGCHAINDB_DATABASE_PASSWORD`<br>
`BIGCHAINDB_DATABASE_CA_CERT`<br> `BIGCHAINDB_DATABASE_CA_CERT`<br>
`BIGCHAINDB_DATABASE_CERTFILE`<br> `BIGCHAINDB_DATABASE_CERTFILE`<br>

11
k8s/bigchaindb/bigchaindb-dep.yaml
View File

@ -39,7 +39,7 @@ spec:
- name: BIGCHAINDB_KEYPAIR_PUBLIC - name: BIGCHAINDB_KEYPAIR_PUBLIC
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: bdb-public-key name: bdb-config
key: bdb-public-key key: bdb-public-key
- name: BIGCHAINDB_KEYPAIR_PRIVATE - name: BIGCHAINDB_KEYPAIR_PRIVATE
value: "<private key here>" value: "<private key here>"
@ -51,6 +51,8 @@ spec:
value: "120" value: "120"
- name: BIGCHAINDB_LOG_LEVEL_CONSOLE - name: BIGCHAINDB_LOG_LEVEL_CONSOLE
value: debug value: debug
- name: BIGCHAINDB_DATABASE_SSL
value: "true"
- name: BIGCHAINDB_DATABASE_CA_CERT - name: BIGCHAINDB_DATABASE_CA_CERT
value: /etc/bigchaindb/ssl/ca.pem value: /etc/bigchaindb/ssl/ca.pem
- name: BIGCHAINDB_DATABASE_CRLFILE - name: BIGCHAINDB_DATABASE_CRLFILE
@ -60,12 +62,15 @@ spec:
- name: BIGCHAINDB_DATABASE_KEYFILE - name: BIGCHAINDB_DATABASE_KEYFILE
value: /etc/bigchaindb/ssl/bdb-instance.key value: /etc/bigchaindb/ssl/bdb-instance.key
- name: BIGCHAINDB_DATABASE_LOGIN - name: BIGCHAINDB_DATABASE_LOGIN
value: /etc/bigchaindb/ssl/bdb-user valueFrom:
configMapKeyRef:
name: bdb-config
key: bdb-user
# The following env var is not required for the bootstrap/first node # The following env var is not required for the bootstrap/first node
#- name: BIGCHAINDB_KEYRING #- name: BIGCHAINDB_KEYRING
# valueFrom: # valueFrom:
# configMapKeyRef: # configMapKeyRef:
# name: bdb-keyring # name: bdb-config
# key: bdb-keyring # key: bdb-keyring
ports: ports:
- containerPort: 9984 - containerPort: 9984

11
k8s/configuration/config-map.yaml
View File

@ -30,18 +30,13 @@ data:
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: bdb-keyring name: bdb-config
namespace: default namespace: default
data: data:
# Colon-separated list of all *other* nodes' BigchainDB public keys. # Colon-separated list of all *other* nodes' BigchainDB public keys.
bdb-keyring: "<':' separated list of public keys>" bdb-keyring: "<':' separated list of public keys>"
--- # BigchainDB instance authentication user name
apiVersion: v1 bdb-user: "<user name>"
kind: ConfigMap
metadata:
name: bdb-public-key
namespace: default
data:
# BigchainDB public key of *this* node. # BigchainDB public key of *this* node.
# Example: "EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce" # Example: "EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"
bdb-public-key: "<public key>" bdb-public-key: "<public key>"

2
k8s/configuration/secret.yaml
View File

@ -82,8 +82,6 @@ data:
bdb-instance.pem: "<b64 encoded certificate>" bdb-instance.pem: "<b64 encoded certificate>"
# Base64-encoded private key # Base64-encoded private key
bdb-instance.key: "<b64 encoded private key>" bdb-instance.key: "<b64 encoded private key>"
# Base64-encoded instance authentication credentials
bdb-user: "<b64 encoded user name>"
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

2
k8s/mongodb/mongo-ss.yaml
View File

@ -21,7 +21,7 @@ spec:
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
containers: containers:
- name: mongodb - name: mongodb
image: bigchaindb/mongodb:3.4.4 image: bigchaindb/mongodb:3.0
imagePullPolicy: Always imagePullPolicy: Always
env: env:
- name: MONGODB_FQDN - name: MONGODB_FQDN