updates for deployment to EC2

.gitignore

@@ -0,0 +1,4 @@
+.*.swp
+.*.swo
+*~
+pacosako.db

CHECKLIST.md

@@ -0,0 +1,44 @@
+# Checklist for New Staging Instances
+
+- Build and tag the Docker images:
+
+        docker-compose -f docker-compose.yml -f docker-compose.build.yml build
+
+- Create the instance from the template
+- Assign a public Elastic IP address
+- Update Route53 with the new IP address for `pacosako-staging.jessemcdonald.info`
+- Create the DB volume from a snapshot
+- Attach the DB volume to the instance
+- Clear out old SSH host key information
+
+        ssh-keygen -f "$HOME/.ssh/known_hosts" -R "pacosako-staging.jessemcdonald.info"
+        ssh-keygen -f "$HOME/.ssh/known_hosts" -R "1.2.3.4"
+
+- Run the scripts:
+
+        ./scripts/setup_instance.sh ec2-user@pacosako-staging.jessemcdonald.info
+        ./scripts/copy_images.sh ec2-user@pacosako-staging.jessemcdonald.info
+        ./scripts/copy_compose.sh ec2-user@pacosako-staging.jessemcdonald.info
+
+- Start the containers:
+
+        ssh ec2-user@pacosako-staging.jessemcdonald.info \
+            docker-compose \
+                -f paco_sako_docker/docker-compose.yml \
+                -f paco_sako_docker/docker-compose.staging.yml \
+                up -d
+
+- After a few seconds, restart Apache2 to complete `mod_md` setup:
+
+        ssh ec2-user@pacosako-staging.jessemcdonald.info \
+            docker exec paco_sako_docker_httpd_1 \
+                /usr/local/apache2/bin/apachectl -k graceful
+
+## Instructions for Production Instances
+
+The process for creating a production instance is similar,
+with the following changes:
+
+- Replace `pacosako-staging` with `pacosako`
+- Use `docker-compose.prod.yml` instead of `docker-compose.staging.yml`
+- Create Cloudwatch alarms to avoid runaway billing

docker-compose.build.yml

@@ -0,0 +1,10 @@
+services:
+  httpd:
+    build:
+      context: httpd
+      network: host
+
+  app:
+    build:
+      context: app
+      network: host

docker-compose.dev.yml

@@ -0,0 +1,3 @@
+volumes:
+  pacosako-db:
+    external: true

docker-compose.prod.yml

@@ -9,3 +9,11 @@ services:
       MD_CERTIFICATE_KEY_FILE: ""
       SERVER_NAME: "pacosako.jessemcdonald.info"
     command: [ "httpd", "-D", "FOREGROUND" ]
+
+volumes:
+  pacosako-db:
+    driver: local
+    driver_opts:
+      type: 'none'
+      o: 'bind'
+      device: '/mnt/db'

docker-compose.staging.yml

@@ -9,3 +9,11 @@ services:
       MD_CERTIFICATE_KEY_FILE: ""
       SERVER_NAME: "pacosako-staging.jessemcdonald.info"
     command: [ "httpd", "-D", "FOREGROUND" ]
+
+volumes:
+  pacosako-db:
+    driver: local
+    driver_opts:
+      type: 'none'
+      o: 'bind'
+      device: '/mnt/db'

docker-compose.yml

@@ -1,15 +1,15 @@
 services:
   httpd:
     image: paco_sako_httpd
-    build:
+    restart: unless-stopped
-      context: httpd
-      network: host
     ports:
       - "${HTTP_PORT:-8088}:80"
       - "${HTTPS_PORT:-8043}:443"
     networks:
       - front-tier
       - back-tier
+    volumes:
+      - "httpd-md:/usr/local/apache2/md"
     environment:
       MD_CERTIFICATE_AUTHORITY: "https://acme-staging-v02.api.letsencrypt.org/directory"
       MD_CERTIFICATE_FILE: "/usr/local/apache2/conf/testing.crt"
@@ -20,9 +20,7 @@ services:
 
   app:
     image: paco_sako_app
-    build:
+    restart: unless-stopped
-      context: app
-      network: host
     networks:
       - back-tier
     environment:
@@ -36,4 +34,5 @@ networks:
   back-tier: {}
 
 volumes:
+  httpd-md: {}
   pacosako-db: {}

scripts/copy_compose.sh

@@ -0,0 +1,8 @@
+#! /bin/bash
+
+SOURCE="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TARGET="${1:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+ssh "$TARGET" mkdir -p paco_sako_docker/
+
+scp "$SOURCE"/docker-compose*.yml "$TARGET":paco_sako_docker/

scripts/copy_images.sh

@@ -0,0 +1,8 @@
+#! /bin/bash
+
+TARGET="${1:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+docker save paco_sako_httpd:latest paco_sako_app:latest | \
+   pv | \
+   xz -c | \
+   ssh "$TARGET" docker load

scripts/download_db.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+DBFILE="${1:-pacosako.db}"
+SOURCE="${2:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+scp "$SOURCE":/mnt/db/pacosako.db "$DBFILE"

scripts/setup_instance.sh

@@ -0,0 +1,18 @@
+#! /bin/bash
+
+TARGET="${1:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+ssh "$TARGET" sudo /bin/bash <<EOF
+set -x -e
+yum update -y
+yum install -y tmux
+amazon-linux-extras install -y docker
+systemctl enable docker
+systemctl start docker
+usermod -a -G docker ec2-user
+sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
+sudo chmod +x /usr/local/bin/docker-compose
+mkdir -p /mnt/db
+echo 'LABEL="/mnt/db"  /mnt/db  xfs  defaults,noatime  1  1' >> /etc/fstab
+systemctl reboot
+EOF

scripts/upload_db.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+DBFILE="${1:-pacosako.db}"
+TARGET="${2:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+scp "$DBFILE" "$TARGET":/mnt/db/pacosako.db