Skip to content
Snippets Groups Projects
Commit 6e6ce48c authored by irl's avatar irl :keyboard:
Browse files

metrics/cloud: ssh keys

parent 3c678f6d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
metrics/ops/metrics-cloud.html
+ 83
56
View file @ 6e6ce48c
......@@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2020-04-01 Wed 10:42 -->
<!-- 2020-04-01 Wed 10:54 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>metrics-cloud: Scripts for orchestrating Tor Metrics services</title>
......@@ -234,39 +234,41 @@ for the JavaScript code in this tag.
<h2>Table of Contents</h2>
<div id="text-table-of-contents">
<ul>
<li><a href="#org24f0196">1. <span class="todo TODO">TODO</span> Synopsis</a></li>
<li><a href="#orgb8749fe">2. Usage of AWS for Tor Metrics Development</a>
<li><a href="#org088a045">1. <span class="todo TODO">TODO</span> Synopsis</a></li>
<li><a href="#orgfddfd62">2. Usage of AWS for Tor Metrics Development</a>
<ul>
<li>
<li><a href="#orgb62bb1e">2.1. CloudFormation Templates</a>
<ul>
<li><a href="#orga3489a0">2.0.1. CloudFormation Templates</a></li>
<li><a href="#orgee79336">2.1.1. Quickstart: Deploying a template</a></li>
<li><a href="#org1f8a212">2.1.2. SSH Key Selection</a></li>
</ul>
</li>
<li><a href="#org2f3c0b0">2.2. Development DNS</a></li>
</ul>
</li>
<li><a href="#orgcdb95df">3. <span class="todo TODO">TODO</span> Using CloudFormation templates</a>
<li><a href="#org862441c">3. <span class="todo TODO">TODO</span> Using CloudFormation templates</a>
<ul>
<li><a href="#orgcd4f56e">3.1. <span class="todo TODO">TODO</span> <code>billing-alerts</code></a></li>
<li><a href="#orgf6de1ad">3.2. <span class="todo TODO">TODO</span> <code>metrics-vpc</code></a></li>
<li><a href="#org040ce76">3.3. <span class="todo TODO">TODO</span> Initial SSH key selection</a></li>
<li><a href="#orgcc0216d">3.4. <span class="todo TODO">TODO</span> Deploying a development stack</a></li>
<li><a href="#org3ab573e">3.5. <span class="todo TODO">TODO</span> Deleting a development stack</a></li>
<li><a href="#orgf2e41bc">3.1. <span class="todo TODO">TODO</span> <code>billing-alerts</code></a></li>
<li><a href="#orgdefe092">3.2. <span class="todo TODO">TODO</span> <code>metrics-vpc</code></a></li>
<li><a href="#orgbaaee5f">3.3. <span class="todo TODO">TODO</span> Initial SSH key selection</a></li>
<li><a href="#org0544df3">3.4. <span class="todo TODO">TODO</span> Deploying a development stack</a></li>
<li><a href="#org97ca494">3.5. <span class="todo TODO">TODO</span> Deleting a development stack</a></li>
</ul>
</li>
<li><a href="#org502de5e">4. <span class="todo TODO">TODO</span> Ansible Playbook Organisation</a>
<li><a href="#orgb529626">4. <span class="todo TODO">TODO</span> Ansible Playbook Organisation</a>
<ul>
<li><a href="#org5c29dba">4.1. <span class="todo TODO">TODO</span> Inventory and site.yml</a></li>
<li><a href="#org407563f">4.2. <span class="todo TODO">TODO</span> <code>metrics-common</code></a></li>
<li><a href="#orgc09d731">4.3. <span class="todo TODO">TODO</span> <code>*-sys</code> roles</a></li>
<li><a href="#orga8b67d9">4.4. <span class="todo TODO">TODO</span> service roles</a></li>
<li><a href="#orgcf500f7">4.1. <span class="todo TODO">TODO</span> Inventory and site.yml</a></li>
<li><a href="#orgd09f090">4.2. <span class="todo TODO">TODO</span> <code>metrics-common</code></a></li>
<li><a href="#orgdef8392">4.3. <span class="todo TODO">TODO</span> <code>*-sys</code> roles</a></li>
<li><a href="#org8fddb5b">4.4. <span class="todo TODO">TODO</span> service roles</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div id="outline-container-org24f0196" class="outline-2">
<h2 id="org24f0196"><span class="section-number-2">1</span> <span class="todo TODO">TODO</span> Synopsis</h2>
<div id="outline-container-org088a045" class="outline-2">
<h2 id="org088a045"><span class="section-number-2">1</span> <span class="todo TODO">TODO</span> Synopsis</h2>
<div class="outline-text-2" id="text-1">
<p>
The metrics-cloud framework aims to enable:
......@@ -295,8 +297,8 @@ to both environments.
</div>
</div>
<div id="outline-container-orgb8749fe" class="outline-2">
<h2 id="orgb8749fe"><span class="section-number-2">2</span> Usage of AWS for Tor Metrics Development</h2>
<div id="outline-container-orgfddfd62" class="outline-2">
<h2 id="orgfddfd62"><span class="section-number-2">2</span> Usage of AWS for Tor Metrics Development</h2>
<div class="outline-text-2" id="text-2">
<p>
Each member of the Tor Metrics team has a standing allowance of 100USD/month for development using AWS. In practice,
......@@ -306,9 +308,9 @@ rapid creation, provisioning and destruction should help with this.
</p>
</div>
<div id="outline-container-orga3489a0" class="outline-4">
<h4 id="orga3489a0"><span class="section-number-4">2.0.1</span> CloudFormation Templates</h4>
<div class="outline-text-4" id="text-2-0-1">
<div id="outline-container-orgb62bb1e" class="outline-3">
<h3 id="orgb62bb1e"><span class="section-number-3">2.1</span> CloudFormation Templates</h3>
<div class="outline-text-3" id="text-2-1">
<p>
CloudFormation is an AWS service allowing the definition of <i>stacks</i>. These stacks describe a series of AWS services
using a domain-specific language and allow for the easy creation of a number of interconnected resources. All resources
......@@ -327,9 +329,9 @@ tracking of spending in the billing portal through the tags.
</p>
</div>
<ol class="org-ol">
<li><a id="org4fd1af6"></a>Quickstart: Deploying a template<br />
<div class="outline-text-5" id="text-2-0-1-1">
<div id="outline-container-orgee79336" class="outline-4">
<h4 id="orgee79336"><span class="section-number-4">2.1.1</span> Quickstart: Deploying a template</h4>
<div class="outline-text-4" id="text-2-1-1">
<p>
Each template begins with comments with any relevant notes about the template, and a deployment command that will upload
and deploy the template on AWS. The commands will look something like:
......@@ -343,14 +345,41 @@ and deploy the template on AWS. The commands will look something like:
<p>
You'll notice that the command includes a call to <code>whoami</code> to prefix the stack name with your current username, and also
that the <code>identify_user.sh</code> script is used to determine which SSH key to use for new instances. You do not need to modify
this command line before running it. If you need to change the SSH key used, refer to the section on SSH key selection
below.
this command line before running it.
</p>
</div>
</li>
</div>
<div id="outline-container-org1f8a212" class="outline-4">
<h4 id="org1f8a212"><span class="section-number-4">2.1.2</span> SSH Key Selection</h4>
<div class="outline-text-4" id="text-2-1-2">
<p>
The <a href="https://gitweb.torproject.org/metrics-cloud.git/tree/cloudformation/identify_user.sh">identify<sub>user.sh</sub></a> script prints out the name of the SSH public key to be used based on either:
</p>
<ul class="org-ul">
<li>the <code>TOR_METRICS_SSH_KEY</code> environment variable, or</li>
<li>the current user name.</li>
</ul>
<p>
The environment variable takes precedence over the username to key mapping.
</p>
<li><a id="org722cbfe"></a>Development DNS<br />
<div class="outline-text-5" id="text-2-0-1-2">
<p>
If you change the default key you would like to use, update the mapping in this shell script.
</p>
<p>
SSH keys are managed through the <a href="https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:">EC2 management console</a> and are not (currently) managed by a CloudFormation template.
</p>
</div>
</div>
</div>
<div id="outline-container-org2f3c0b0" class="outline-3">
<h3 id="org2f3c0b0"><span class="section-number-3">2.2</span> Development DNS</h3>
<div class="outline-text-3" id="text-2-2">
<p>
Often services require TLS certificates, or require DNS names for other reasons. To facilitate this, a zone is hosted
using Route53 allowing for DNS records to be created in CloudFormation templates. This zone is:
......@@ -378,60 +407,58 @@ As an example, creating an A record for an EC2 instance with the subdomain of th
These domain names should <b>never</b> appear on anything user facing and are for <b>development purposes only</b>.
</p>
</div>
</li>
</ol>
</div>
</div>
<div id="outline-container-orgcdb95df" class="outline-2">
<h2 id="orgcdb95df"><span class="section-number-2">3</span> <span class="todo TODO">TODO</span> Using CloudFormation templates</h2>
<div id="outline-container-org862441c" class="outline-2">
<h2 id="org862441c"><span class="section-number-2">3</span> <span class="todo TODO">TODO</span> Using CloudFormation templates</h2>
<div class="outline-text-2" id="text-3">
</div>
<div id="outline-container-orgcd4f56e" class="outline-3">
<h3 id="orgcd4f56e"><span class="section-number-3">3.1</span> <span class="todo TODO">TODO</span> <code>billing-alerts</code></h3>
<div id="outline-container-orgf2e41bc" class="outline-3">
<h3 id="orgf2e41bc"><span class="section-number-3">3.1</span> <span class="todo TODO">TODO</span> <code>billing-alerts</code></h3>
</div>
<div id="outline-container-orgf6de1ad" class="outline-3">
<h3 id="orgf6de1ad"><span class="section-number-3">3.2</span> <span class="todo TODO">TODO</span> <code>metrics-vpc</code></h3>
<div id="outline-container-orgdefe092" class="outline-3">
<h3 id="orgdefe092"><span class="section-number-3">3.2</span> <span class="todo TODO">TODO</span> <code>metrics-vpc</code></h3>
</div>
<div id="outline-container-org040ce76" class="outline-3">
<h3 id="org040ce76"><span class="section-number-3">3.3</span> <span class="todo TODO">TODO</span> Initial SSH key selection</h3>
<div id="outline-container-orgbaaee5f" class="outline-3">
<h3 id="orgbaaee5f"><span class="section-number-3">3.3</span> <span class="todo TODO">TODO</span> Initial SSH key selection</h3>
</div>
<div id="outline-container-orgcc0216d" class="outline-3">
<h3 id="orgcc0216d"><span class="section-number-3">3.4</span> <span class="todo TODO">TODO</span> Deploying a development stack</h3>
<div id="outline-container-org0544df3" class="outline-3">
<h3 id="org0544df3"><span class="section-number-3">3.4</span> <span class="todo TODO">TODO</span> Deploying a development stack</h3>
</div>
<div id="outline-container-org3ab573e" class="outline-3">
<h3 id="org3ab573e"><span class="section-number-3">3.5</span> <span class="todo TODO">TODO</span> Deleting a development stack</h3>
<div id="outline-container-org97ca494" class="outline-3">
<h3 id="org97ca494"><span class="section-number-3">3.5</span> <span class="todo TODO">TODO</span> Deleting a development stack</h3>
</div>
</div>
<div id="outline-container-org502de5e" class="outline-2">
<h2 id="org502de5e"><span class="section-number-2">4</span> <span class="todo TODO">TODO</span> Ansible Playbook Organisation</h2>
<div id="outline-container-orgb529626" class="outline-2">
<h2 id="orgb529626"><span class="section-number-2">4</span> <span class="todo TODO">TODO</span> Ansible Playbook Organisation</h2>
<div class="outline-text-2" id="text-4">
</div>
<div id="outline-container-org5c29dba" class="outline-3">
<h3 id="org5c29dba"><span class="section-number-3">4.1</span> <span class="todo TODO">TODO</span> Inventory and site.yml</h3>
<div id="outline-container-orgcf500f7" class="outline-3">
<h3 id="orgcf500f7"><span class="section-number-3">4.1</span> <span class="todo TODO">TODO</span> Inventory and site.yml</h3>
</div>
<div id="outline-container-org407563f" class="outline-3">
<h3 id="org407563f"><span class="section-number-3">4.2</span> <span class="todo TODO">TODO</span> <code>metrics-common</code></h3>
<div id="outline-container-orgd09f090" class="outline-3">
<h3 id="orgd09f090"><span class="section-number-3">4.2</span> <span class="todo TODO">TODO</span> <code>metrics-common</code></h3>
</div>
<div id="outline-container-orgc09d731" class="outline-3">
<h3 id="orgc09d731"><span class="section-number-3">4.3</span> <span class="todo TODO">TODO</span> <code>*-sys</code> roles</h3>
<div id="outline-container-orgdef8392" class="outline-3">
<h3 id="orgdef8392"><span class="section-number-3">4.3</span> <span class="todo TODO">TODO</span> <code>*-sys</code> roles</h3>
</div>
<div id="outline-container-orga8b67d9" class="outline-3">
<h3 id="orga8b67d9"><span class="section-number-3">4.4</span> <span class="todo TODO">TODO</span> service roles</h3>
<div id="outline-container-org8fddb5b" class="outline-3">
<h3 id="org8fddb5b"><span class="section-number-3">4.4</span> <span class="todo TODO">TODO</span> service roles</h3>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="author">Author: Iain Learmonth</p>
<p class="date">Created: 2020-04-01 Wed 10:42</p>
<p class="date">Created: 2020-04-01 Wed 10:54</p>
<p class="validation"><a href="http://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment