archive/blender-cloud
0
1
Fork 1
Code Issues 24 Pull Requests Projects Releases Wiki Activity
Files
8e6fc604e31b72650a661580078043e6c64cd1a5
blender-cloud/docker
History
Sybren A. Stüvel 8e6fc604e3 Build custom images for ElasticSearch & Kibana 
We can then remove X-Pack and control ElasticSearch's memory usage.

This also gives us the opportunity to let Kibana do its optimization when
we build the image, rather than every time the container is recreated.
2017-09-21 11:28:16 +02:00
..
1_base
Docker: removed superfluous ;
2017-03-10 09:54:27 +01:00
2_buildpy
Upgrade Python 3.6.1 → 3.6.2
2017-09-18 12:17:50 +02:00
3_buildwheels
Switch from id --group id -g
2017-04-11 12:34:07 +02:00
4_run
Bumped thread count to 32, lowered proc count to 2
2017-09-14 17:17:45 +02:00
elastic
Build custom images for ElasticSearch & Kibana
2017-09-21 11:28:16 +02:00
build.sh
WIP: more work on the docker structure, still not finished with 4_run
2017-03-07 22:41:05 +01:00
docker-compose.yml
Build custom images for ElasticSearch & Kibana
2017-09-21 11:28:16 +02:00
README.md
Build custom images for ElasticSearch & Kibana
2017-09-21 11:28:16 +02:00
renew-letsencrypt.sh
Made script executable
2017-07-07 12:03:18 +02:00

README.md

Setting up a production machine

To get the docker stack up and running, we use the following, on an Ubuntu 16.10 machine.

0. Basic stuff

Install the machine, use locale-gen nl_NL.UTF-8 or similar commands to generate locale definitions. Set up automatic security updates and backups, the usual.

1. Install Docker

Install Docker itself, as described in the Docker CE for Ubuntu manual:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce

2. Configure Docker to use "overlay"

Configure Docker to use "overlay" instead of "aufs" for the images. This prevents segfaults in auplink.

  1. Set DOCKER_OPTS="-s overlay" in /etc/defaults/docker
  2. Copy /lib/systemd/system/docker.service to /etc/systemd/system/docker.service. This allows later upgrading of docker without overwriting the changes we're about to do.
  3. Edit the [Service] section of /etc/systemd/system/docker.service:
    1. Add EnvironmentFile=/etc/default/docker
    2. Append $DOCKER_OPTS to the ExecStart line
  4. Run systemctl daemon-reload
  5. Remove all your containers and images.
  6. Restart Docker: systemctl restart docker

3. Pull the Blender Cloud docker image

docker pull armadillica/blender_cloud:latest

4. Get docker-compose + our repositories

See the Quick setup on how to get those. Then run:

cd /data/git/blender-cloud/docker
docker-compose up -d

Set up permissions for Docker volumes; the following should be writable by

  • /data/storage/pillar: writable by www-data and root (do a chown root:www-data and chmod 2770).
  • /data/storage/db: writable by uid 999.

5. Set up TLS

Place TLS certificates in /data/certs/{cloud,cloudapi}.blender.org.pem. They should contain (in order) the private key, the host certificate, and the CA certificate.

6. Create a local config

Blender Cloud expects the following files to exist:

  • /data/git/blender_cloud/config_local.py with machine-local configuration overrides
  • /data/config/google_app.json with Google Cloud Storage credentials.

7. ElasticSearch & kibana

ElasticSearch and Kibana run in our self-rolled images. This is needed because by default

  • ElasticSearch uses up to 2 GB of RAM, which is too much for our droplet, and
  • the Docker images contain the proprietary X-Pack plugin, which we don't want.

This also gives us the opportunity to let Kibana do its optimization when we build the image, rather than every time the container is recreated.

Production Kibana should be placed in read-only mode:

curl -XPUT 'localhost:9200/.kibana/_settings' -d '{ "index.blocks.read_only" : true }'

If editing is desired, temporarily turn off read-only mode:

curl -XPUT 'localhost:9200/.kibana/_settings' -d '{ "index.blocks.read_only" : false }'