You should definitely do a test run before your workshop. This document will guide you through the process of running the cluster before, during and after your workshop.
🔥 Make sure to have alternative cloud vendors available in case of unexpected downtime or maintenance!
Have accounts and the corresponding API keys for the cloud services ready you are going to use. Acquire API access tokens and place them as environment variables on your machine:
- Hetzner:
HCLOUD_TOKEN - Digital Ocean:
DIGITALOCEAN_TOKENandDO_AUTH_TOKEN
1. Configure the trainers and participants in inventors/group_vars/all/workshop.yml. Contact the participants prior and collect their SSH public keys.
workshop:
trainers:
- name: "Torsten Köster"
ssh_key: "ssh-rsa AAAAB3..."
- name: "Nikolaus Winter"
ssh_key: "ssh-rsa AAAAB3...."
participants:
- name: alice
ssh_key: "ssh-rsa AAAAB3...."
- name: bob
ssh_key: "ssh-rsa AAAAB3...."
- name: charlie
...Adjust the Terraform instance_count variable in variables.tf according to the workshop participants:
variable "instance_count" {
default = "1"
}2. Prepare your local machine for cluster setup:
brew install terraform@0.12 ansible figlet
brew link terraform@0.12 --force
3. Prepare remote shared state
If you're not the only trainer, it makes sense to share Terraform state via their free backend service. You could use your own backend (e.g. a Postgres database as well).
In order to use the backend, you need to sign up to their service and join (or share) a workspace. Configure access to the backend in your ~/.terraformrc:
credentials "app.terraform.io" {
token = "..."
}
4. Download the Terraform plugins needed to spin up the cloud infrastructure:
terraform init
Set up the server and certificate infrastructure. The Terraform plan task checks what infrastructure items are already existing and which needs to be created. The apply task executes the plan.
$ terraform plan
...
Plan: 9 to add, 0 to change, 0 to destroy.
$ terraform apply
Now a bunch of servers have spun up. They have been assigned random pet names as
hostnames. The corresponding Let's Encrypt TLS certificates are stored in
roles/boostrap/tls/files for direct access out of Ansible.
Now start provisioning the servers using Ansible. First, a general bootstrap is applied (base os, users, Docker), then the workshop specific roles are applied:
ansible-playbook bootstrap.yml
ansible-playbook workshop.yml
Assign each participant an individual server. Keys are distributed to all machines, so participants could switch (or share) servers.
ansible-playbook server-2-participant.yml
If you have some late arrivals, adjust the server count in the Terraform file and re-run the steps above. Only the one additional server will be created and provisioned.
If any instance is misbehaving, terminate and recreate it.
terraform taint <SERVERNAME>
terraform plan
terratorm apply
🐄 Think cattle not pets!
Shut down the whole infrastructure using Terraform:
terraform destroy