TeamQ - How To Wiki

# Setup or clone the shop supernode

# Base system installation

  • Instance type: m5.8xlarge
    128GB RAM
    1000GB sda1 (ssd general purpose)
  • AMI: "Ubuntu 20.04 LTS - Focal" (64bit)
    • ...might need additional aws rights to access AMI marketplace.
    • chose the ssh key "aws".
      You need the private key now to continue.
      (shared via Keeper).
    • define a reasonable "name" tag.
    • launch

# First launch setup

  • after launch:
    • If there's no currently running shop supernode (we're offline, installation from scratch):
      • Attach the Elastic IP (should be 52.59.138.176)
      • otherwise write down the new external IP.
    • assign the former security group(s) if they exist or define these incoming traffic rules:
          22 tcp 0.0.0.0/0, ::/0
    80 tcp 0.0.0.0/0, ::/0
   443 tcp 0.0.0.0/0, ::/0
  2049 tcp 0.0.0.0/0, ::/0
 50080 tcp 18.195.39.130/32
  9000 txp 62.55.252.112/29
  8000 txp 62.55.252.112/29
    • create a personal PuTTY environment for access to the new IP.
      Use the ssh key defined at instance setup ("aws").
    • check that user ubuntu can sudo without password.
    • Enable ssh port forwarding on all interfaces:
      1. Edit /etc/ssh/sshd_config
        Enable "GatewayPorts"
        This is needed for sshtunnel port forwardings to listen on all network interfaces, not just 127.0.0.1
      2. To be on the safe side, open another PuTTY connection.
        Current ssh connections are maintained even if the restart of sshd fails, but we don't want to lock ourselves out.
        /!\ Breaking sshd and locking out would mean a complete system reinstall.
      3. Restart sshd:
        systemctl restart sshd

# Install system packages

  • sudo apt-get update
  • Install:
    apt-get install unzip net-tools redis-tools

# Install docker

# DON'T USE THE DEFAULT UBUNTU REPOSITORY!

Use the docker.com (opens new window) repository as decribed here:
install docker (opens new window)

# Configure docker

  • add user ubuntu to group docker:
    sudo usermod -G docker ubuntu
  • initialise a docker swarm:
    docker swarm init
  • set swarm label:
    1. copy the current node id:
      docker node ls
    2. Set the label giffits-node:
      docker node update --label-add giffits-node=production-1 NODE_ID

# Install aws client (V2)

  • install aws client (opens new window)

    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

  • install aws keys for user "ubuntu":

    • create .aws directory
    • create the files "config" and "credentials"

      • config:

        [default]
region = eu-central-1

      • credentials:
        Shared via Keeper as "AWS deployment credentials".

        [default]
aws_access_key_id = ...
aws_secret_access_key = ...
        • Remark: This should move to the deployment scripts.

  • check docker login (same command as for deployment):

    docker login -u AWS -p $(aws ecr get-login-password --region eu-central-1) https://088242704549.dkr.ecr.eu-central-1.amazonaws.com

# Adapt deployment

This step is only needed when cloning in parallel to a running system.
In order to not interfere with the already running system a parallel deployment environment is needed.

  • copy deployment.
  • modify deployment:
    • modify deployment IP variable (Instance external IP).
    • modify the aws calls for cli version 2 (if not already done):
      docker login -u AWS -p $(aws ecr get-login-password --region eu-central-1) https://088242704549.dkr.ecr.eu-central-1.amazonaws.com
    • disable all but the first few tasks (just enable the "preparation" tasks).
    • try deployment without actually running docker commands (check ssh and aws).
    • enable tasks for image pull and stack deployment.
    • deploy & check wether everything works.
    • enable all tasks, deploy & check.
    • configure HAPROXY to route specific shop traffic to the new IP address (i.e. only LAN or with a special http request header).
    • Perform GO/NOGO checks.

# Final activation

If everything works as expected:

  • Unassign the Elastic IP from the old system and assign it to the new one.
  • /!\ Caution: The ssh server fingerprint has changed now!
    Automatic ssh clients may fail. They need to update the key in their "known_hosts" file. If in doubt just delete the old key from the file.
    • Check that sshtunnel successfully connects.
Page Info: Created by GitHub on Jun 9, 2023 (last updated a minute ago by GitHub)

International phone numbers