metrics/cloud: oops

d7bb11e7 · irl · 1b880799 · d7bb11e7
Commit d7bb11e7 authored 4 years ago by irl
--- a/metrics/ops/metrics-cloud.html
+++ b/metrics/ops/metrics-cloud.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2020-04-01 Wed 11:05 -->
+<!-- 2020-04-01 Wed 11:07 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>metrics-cloud: Scripts for orchestrating Tor Metrics services</title>
@@ -234,42 +234,241 @@ for the JavaScript code in this tag.
 <h2>Table of Contents</h2>
 <div id="text-table-of-contents">
 <ul>
-<li><a href="#orgac2276e">1. <span class="todo TODO">TODO</span> Ansible Playbooks</a>
+<li><a href="#org185431b">1. <span class="done DONE">DONE</span> Synopsis</a></li>
+<li><a href="#org2fff687">2. <span class="done DONE">DONE</span> Usage of AWS for Tor Metrics Development</a>
 <ul>
-<li><a href="#org85cb078">1.1. <span class="todo TODO">TODO</span> Inventory and site.yml</a></li>
-<li><a href="#org993589a">1.2. <span class="todo TODO">TODO</span> <code>metrics-common</code></a></li>
-<li><a href="#org51a4153">1.3. <span class="todo TODO">TODO</span> <code>*-sys</code> roles</a></li>
-<li><a href="#org98c3d79">1.4. <span class="todo TODO">TODO</span> service roles</a></li>
+<li><a href="#orgf211360">2.1. <span class="done DONE">DONE</span> CloudFormation Templates</a>
+<ul>
+<li><a href="#org60761d6">2.1.1. <span class="done DONE">DONE</span> Quickstart: Deploying a template</a></li>
+<li><a href="#org90ac834">2.1.2. <span class="done DONE">DONE</span> SSH Key Selection</a></li>
+</ul>
+</li>
+<li><a href="#org393c195">2.2. <span class="done DONE">DONE</span> Development DNS</a></li>
+<li><a href="#org240eb03">2.3. <span class="todo TODO">TODO</span> The Templates</a>
+<ul>
+<li><a href="#org6696453">2.3.1. <span class="done DONE">DONE</span> <code>billing-alerts</code></a></li>
+<li><a href="#orgfb7a921">2.3.2. <span class="todo TODO">TODO</span> <code>metrics-vpc</code></a></li>
+<li><a href="#org8f84302">2.3.3. <span class="todo TODO">TODO</span> Typical Dev/Testing Stacks</a></li>
+</ul>
+</li>
+<li><a href="#org132a620">2.4. <span class="todo TODO">TODO</span> Linting</a></li>
+</ul>
+</li>
+<li><a href="#orgf3e8342">3. <span class="todo TODO">TODO</span> Ansible Playbooks</a>
+<ul>
+<li><a href="#orgb759208">3.1. <span class="todo TODO">TODO</span> Inventory and site.yml</a></li>
+<li><a href="#org83b55cb">3.2. <span class="todo TODO">TODO</span> <code>metrics-common</code></a></li>
+<li><a href="#orgf142a79">3.3. <span class="todo TODO">TODO</span> <code>*-sys</code> roles</a></li>
+<li><a href="#orgaf323c9">3.4. <span class="todo TODO">TODO</span> service roles</a></li>
 </ul>
 </li>
 </ul>
 </div>
 </div>

-<div id="outline-container-orgac2276e" class="outline-2">
-<h2 id="orgac2276e"><span class="section-number-2">1</span> <span class="todo TODO">TODO</span> Ansible Playbooks</h2>
+<div id="outline-container-org185431b" class="outline-2">
+<h2 id="org185431b"><span class="section-number-2">1</span> <span class="done DONE">DONE</span> Synopsis</h2>
 <div class="outline-text-2" id="text-1">
+<p>
+The metrics-cloud framework aims to enable:
+</p>
+
+<ul class="org-ul">
+<li>reproducible deployments of software</li>
+<li>consistency between those software deployments</li>
+</ul>
+
+<p>
+Side-effects of these goals are:
+</p>
+
+<ul class="org-ul">
+<li>reproducible experiments (good science)</li>
+<li>reduced maintainence costs</li>
+<li>reduced human error</li>
+</ul>
+
+<p>
+There are currently two components to the metrics-cloud framework: CloudFormation templates and Ansible playbooks.
+The CloudFormation templates are relevant only to testing and development, while the Ansible playbooks are applicable
+to both environments.
+</p>
+</div>
+</div>
+
+<div id="outline-container-org2fff687" class="outline-2">
+<h2 id="org2fff687"><span class="section-number-2">2</span> <span class="done DONE">DONE</span> Usage of AWS for Tor Metrics Development</h2>
+<div class="outline-text-2" id="text-2">
+<p>
+Each member of the Tor Metrics team has a standing allowance of 100USD/month for development using AWS. In practice,
+we have not used more than 50USD/month for the team in any one month and generally sit around 25USD/month. It is
+still important to minimize costs when using AWS and the use of CloudFormation templates and Ansible playbooks for
+rapid creation, provisioning and destruction should help with this.
+</p>
+</div>
+
+<div id="outline-container-orgf211360" class="outline-3">
+<h3 id="orgf211360"><span class="section-number-3">2.1</span> <span class="done DONE">DONE</span> CloudFormation Templates</h3>
+<div class="outline-text-3" id="text-2-1">
+<p>
+CloudFormation is an AWS service allowing the definition of <i>stacks</i>. These stacks describe a series of AWS services
+using a domain-specific language and allow for the easy creation of a number of interconnected resources. All resources
+in a stack are tagged with the stack name which allows for tracking of costs per project. Each stack can also have all
+resources terminated together easily, allowing stacks to exist for only as long as they are needed.
+</p>
+
+<p>
+The CloudFormation templates used in the framework can be found in the <a href="https://gitweb.torproject.org/metrics-cloud.git/tree/cloudformation">cloudformation</a> folder of the repository.
+</p>
+
+<p>
+It may be that for some services the templates are very simple, and others may be more complex. No matter the level of
+complexity we still want to use the templates to ensure we are meeting the key goals of the framework and also to simplify
+tracking of spending in the billing portal through the tags.
+</p>
+
+<p>
+Documentation for CloudFormation, including an API reference, can be found at: <a href="https://docs.aws.amazon.com/cloudformation/">https://docs.aws.amazon.com/cloudformation/</a>.
+</p>
+</div>
+
+<div id="outline-container-org60761d6" class="outline-4">
+<h4 id="org60761d6"><span class="section-number-4">2.1.1</span> <span class="done DONE">DONE</span> Quickstart: Deploying a template</h4>
+<div class="outline-text-4" id="text-2-1-1">
+<p>
+Each template begins with comments with any relevant notes about the template, and a deployment command that will upload
+and deploy the template on AWS. The commands will look something like:
+</p>
+
+<div class="org-src-container">
+<pre class="src src-shell">aws cloudformation deploy --region us-east-1 --stack-name <span style="color: #ff00ff;">`whoami`</span>-exit-scanner-dev --template-file exit-scanner-dev.yml --parameter-overrides <span style="color: #a0522d;">myKeyPair</span>=<span style="color: #8b2252;">"$(./identify_user.sh)"</span>
+</pre>
+</div>
+
+<p>
+You'll notice that the command includes a call to <code>whoami</code> to prefix the stack name with your current username, and also
+that the <code>identify_user.sh</code> script is used to determine which SSH key to use for new instances.
+You do not need to modify this command line before running it.
+</p>
+
+<p>
+Once the stack has been deployed from the template, you can view its resources and delete it through
+the <a href="https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks?filteringText=&amp;filteringStatus=active&amp;viewNested=true&amp;hideStacks=false">CloudFormation management console</a>.
+</p>
+</div>
+</div>
+
+<div id="outline-container-org90ac834" class="outline-4">
+<h4 id="org90ac834"><span class="section-number-4">2.1.2</span> <span class="done DONE">DONE</span> SSH Key Selection</h4>
+<div class="outline-text-4" id="text-2-1-2">
+<p>
+The <a href="https://gitweb.torproject.org/metrics-cloud.git/tree/cloudformation/identify_user.sh">identify_user.sh</a> script prints out the name of the SSH public key to be used based on either:
+</p>
+
+<ul class="org-ul">
+<li>the <code>TOR_METRICS_SSH_KEY</code> environment variable, or</li>
+<li>the current user name.</li>
+</ul>
+
+<p>
+The environment variable takes precedence over the username to key mapping.
+</p>
+
+<p>
+If you change the default key you would like to use, update the mapping in this shell script.
+</p>
+
+<p>
+SSH keys are managed through the <a href="https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:">EC2 management console</a> and are not (currently) managed by a CloudFormation template.
+</p>
+</div>
+</div>
+</div>
+
+<div id="outline-container-org393c195" class="outline-3">
+<h3 id="org393c195"><span class="section-number-3">2.2</span> <span class="done DONE">DONE</span> Development DNS</h3>
+<div class="outline-text-3" id="text-2-2">
+<p>
+Often services require TLS certificates, or require DNS names for other reasons. To facilitate this, a zone is hosted
+using Route53 allowing for DNS records to be created in CloudFormation templates. This zone is:
+<code>tm-dev-aws.safemetrics.org</code>.
+</p>
+
+<p>
+As an example, creating an A record for an EC2 instance with the subdomain of the stack name:
+</p>
+
+<div class="org-src-container">
+<pre class="src src-yaml">DNSName:
+  Type: AWS::Route53::RecordSet
+  Properties:
+    HostedZoneName: tm-dev-aws.safemetrics.org.
+    Name: !Join ['', [!Ref 'AWS::StackName', .tm-dev-aws.safemetrics.org.]]
+    Type: A
+    TTL: '300'
+    ResourceRecords:
+    - !GetAtt Instance.PublicIp
+</pre>
+</div>
+
+<p>
+These domain names should <b>never</b> appear on anything user facing and are for <b>development purposes only</b>.
+</p>
+</div>
+</div>
+
+<div id="outline-container-org240eb03" class="outline-3">
+<h3 id="org240eb03"><span class="section-number-3">2.3</span> <span class="todo TODO">TODO</span> The Templates</h3>
+<div class="outline-text-3" id="text-2-3">
+</div>
+<div id="outline-container-org6696453" class="outline-4">
+<h4 id="org6696453"><span class="section-number-4">2.3.1</span> <span class="done DONE">DONE</span> <code>billing-alerts</code></h4>
+<div class="outline-text-4" id="text-2-3-1">
+<p>
+This template sends notifications to the subscribed individuals whenever the predicted spend for the month will be
+over 50USD. Email addresses can be added here if other people should be notified too.
+</p>
+</div>
+</div>
+
+<div id="outline-container-orgfb7a921" class="outline-4">
+<h4 id="orgfb7a921"><span class="section-number-4">2.3.2</span> <span class="todo TODO">TODO</span> <code>metrics-vpc</code></h4>
+</div>
+
+<div id="outline-container-org8f84302" class="outline-4">
+<h4 id="org8f84302"><span class="section-number-4">2.3.3</span> <span class="todo TODO">TODO</span> Typical Dev/Testing Stacks</h4>
+</div>
+</div>
+
+<div id="outline-container-org132a620" class="outline-3">
+<h3 id="org132a620"><span class="section-number-3">2.4</span> <span class="todo TODO">TODO</span> Linting</h3>
+</div>
+</div>
+
+<div id="outline-container-orgf3e8342" class="outline-2">
+<h2 id="orgf3e8342"><span class="section-number-2">3</span> <span class="todo TODO">TODO</span> Ansible Playbooks</h2>
+<div class="outline-text-2" id="text-3">
 </div>
-<div id="outline-container-org85cb078" class="outline-3">
-<h3 id="org85cb078"><span class="section-number-3">1.1</span> <span class="todo TODO">TODO</span> Inventory and site.yml</h3>
+<div id="outline-container-orgb759208" class="outline-3">
+<h3 id="orgb759208"><span class="section-number-3">3.1</span> <span class="todo TODO">TODO</span> Inventory and site.yml</h3>
 </div>

-<div id="outline-container-org993589a" class="outline-3">
-<h3 id="org993589a"><span class="section-number-3">1.2</span> <span class="todo TODO">TODO</span> <code>metrics-common</code></h3>
+<div id="outline-container-org83b55cb" class="outline-3">
+<h3 id="org83b55cb"><span class="section-number-3">3.2</span> <span class="todo TODO">TODO</span> <code>metrics-common</code></h3>
 </div>

-<div id="outline-container-org51a4153" class="outline-3">
-<h3 id="org51a4153"><span class="section-number-3">1.3</span> <span class="todo TODO">TODO</span> <code>*-sys</code> roles</h3>
+<div id="outline-container-orgf142a79" class="outline-3">
+<h3 id="orgf142a79"><span class="section-number-3">3.3</span> <span class="todo TODO">TODO</span> <code>*-sys</code> roles</h3>
 </div>

-<div id="outline-container-org98c3d79" class="outline-3">
-<h3 id="org98c3d79"><span class="section-number-3">1.4</span> <span class="todo TODO">TODO</span> service roles</h3>
+<div id="outline-container-orgaf323c9" class="outline-3">
+<h3 id="orgaf323c9"><span class="section-number-3">3.4</span> <span class="todo TODO">TODO</span> service roles</h3>
 </div>
 </div>
 </div>
 <div id="postamble" class="status">
 <p class="author">Author: Iain Learmonth</p>
-<p class="date">Created: 2020-04-01 Wed 11:05</p>
+<p class="date">Created: 2020-04-01 Wed 11:07</p>
 <p class="validation"><a href="http://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>