Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Deploying BrowserID on Amazon Web Services
This document will show you how to use the in-tree scripts to deploy
different versions of BrowserID onto Amazon's cloud infrastructure.
This is useful for testing changes in an environment similar to
production, or for sharing experimental changes with other people.
## Prerequisites
In order to use these deploy scripts, you need the following:
1. have built and locally run browserid
2. an ssh key in `~/.ssh/id_rsa.pub`
3. an AWS account that is "signed up" for EC2
4. the "DNS secret" that you get from lloyd
Once you have these things, you'll need to relay them to deployment
scripts via your environment. you might put something like this
in your .bashrc:
export AWS_ID=<your id>
export AWS_SECRET=<your secret>
export BROWSERID_DEPLOY_DNS_KEY=98...33
## test!
You can verify that your credentials are properly configured, try:
$ scripts/deploy.js test
Checking DNS management access: good
Checking AWS access: good
## Deploying your first VM
Let's get started. To deploy your first vm, all you have to do is pick a
hostname. This might be something like `feature385` or `issue1000`, or
you can use a different name that is short but meaningful to what you're
going to deploy. Once chosen, invoke deploy.js like this:
$ scripts/deploy.js deploy some_name_i_chose
attempting to set up some_name_i_chose.hacksign.in
... VM launched, waiting for startup (should take about 20s)
... Instance ready, setting up DNS
... DNS set up, setting human readable name in aws
... name set, waiting for ssh access and configuring
... nope. not yet. retrying.
... nope. not yet. retrying.
... nope. not yet. retrying.
... nope. not yet. retrying.
... nope. not yet. retrying.
... victory! server is accessible and configured
... and your git remote is all set up
Yay! You have your very own deployment. Here's the basics:
1. deploy your code: git push some_name_i_chose <mybranch>:master
2. visit your server on the web: https://some_name_i_chose.hacksign.in
3. test via a website: http://some_name_i_chose.myfavoritebeer.org
4. ssh in with sudo: ssh ec2-user@some_name_i_chose.hacksign.in
5. ssh as the deployment user: ssh app@some_name_i_chose.hacksign.in
enjoy! Here's your server details {
"instanceId": "i-8f4beeea",
"imageId": "ami-6900d100",
"instanceState": {
"code": "16",
"name": "running"
},
"dnsName": "ec2-184-73-84-132.compute-1.amazonaws.com",
"keyName": "browserid deploy key (4736caec113ccb53aa62bb165c58c17d)",
"instanceType": "t1.micro",
"ipAddress": "184.73.84.132"
}
The output contains instructions for use. Note that every occurance of
`some_name_i_chose` will be replaces with the name *YOU* chose.
## deploying code
The deployment process sets up a 'git remote', which just means it runs
the following command for you:
$ git remote add some_name_i_chose app@<ip>:git
This allows you to more conveniently push code to your server. Say
you wanted to now deploy code from `mybranch` on this new VM:
$ git push some_name_i_chose mybranch:master
IMPORTANT: you are pushing *from* the local `mybranch`, to the remote
`master` branch. The VM will always deploy what's on its master branch.
Say you want to go push new changes from mybranch:
$ git push some_name_i_chose mybranch:master
Yeah. Same thing.
Say you want to push changes to this server from a completely different
branch:
$ git push -f some_name_i_chose myotherbranch:master
## Seeing what VMs you have running
$ scripts/deploy.js list
...
## Destroying your first VM
These things cost money, not a lot, but money. So when you want to
decomission a VM and release your hold on the DNS name, simply:"
$ scripts/deploy.js destroy some_name_i_chose
trying to destroy VM for some_name_i_chose.hacksign.in: done
trying to remove DNS for some_name_i_chose.hacksign.in: done
## An overview of deployments
Deploying code in this fashion spins up a pre-configured VM template.
There are several things that are pre-configured for your pleasure:
1. ssh keys: your publick key is copied up to the server for passphraseless
ssh access.
2. Git support: an 'app' user is created with a repository under `~/git`
that you can push to
3. `post-update` hook: the code that runs after you push to update and
restart your servers
4. nginx with SSL and 503 support - you'll get SSL for free and will see
a reasonable message when your servers aren't running
5. a mysql database with a browserid user without any password
### User Accounts
VMs have two pre-configured users, both which you have passphraseless SSH
access to:
* `ec2-user` is an acct with full sudo access
* `app` is an acct that has no sudo and is the user who recieves and
builds code, and starts the servers.
Feel free to start a new server, and ssh in as `app` to explore all of the
configuration. An attempt has been made to isolate as much configuration
under this user's account as possible.