Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/userguide/drydock_hosts.diviner
- This file was added.
| @title Drydock Blueprints: Hosts | |||||
| @group userguide | |||||
| Guide to configuring Drydock host blueprints. | |||||
| Overview | |||||
| ======== | |||||
| IMPORTANT: Drydock is not a mature application and may be difficult to | |||||
| configure and use for now. | |||||
| To give Drydock access to machines so it can perform work, you'll configure | |||||
| **host blueprints**. These blueprints tell Drydock where to find machines (or | |||||
| how to build machines) and how to connect to them. | |||||
| Once Drydock has access to hosts it can use them to build more interesting and | |||||
| complex types of resources, like repository working copies. | |||||
| Drydock currently supports these kinds of host blueprints: | |||||
| - **Almanac Hosts**: Gives Drydock access to a predefined list of hosts. | |||||
| Drydock may support additional blueprints in the future. | |||||
| Security | |||||
| ======== | |||||
| Drydock can be used to run semi-trusted and untrusted code, and you may want | |||||
| to isolate specific processes or classes of processes from one another. See | |||||
| @{article:Drydock User Guide: Security} for discussion of security | |||||
| concerns and guidance on how to make isolation tradeoffs. | |||||
| General Considerations | |||||
| ====================== | |||||
| **You must install software on hosts.** Drydock does not currently handle | |||||
| installing software on hosts. You'll need to make sure any hosts are configured | |||||
| properly with any software you need, and have tools like `git`, `hg` or `svn` | |||||
| that may be required to interact with working copies. | |||||
| You do **not** need to install PHP, arcanist, libphutil or Phabricator on the | |||||
| hosts unless you are specifically running `arc` commands. | |||||
| **You must configure authentication.** Drydock also does not handle credentials | |||||
| for VCS operations. If you're interacting with repositories hosted on | |||||
| Phabricator, the simplest way to set this up is something like this: | |||||
| - Create a new bot user in Phabricator. | |||||
| - In {nav Settings > SSH Public Keys}, add a public key or generate a | |||||
| keypair. | |||||
| - Put the private key on your build hosts as `~/.ssh/id_rsa` for whatever | |||||
| user you're connecting with. | |||||
| This will let processes on the host access Phabricator as the bot user, and | |||||
| use the bot user's permissions to pull and push changes. | |||||
| If you're using hosted repositories from an external service, you can follow | |||||
| similar steps for that service. | |||||
| Note that any processes running under the given user account will have access | |||||
| to the private key, so you should give the bot the smallest acceptable level of | |||||
| permissions if you're running semi-trusted or untrusted code like unit tests. | |||||
| **You must create a `/var/drydock` directory.** This is hard-coded in Drydock | |||||
| for now, so you need to create it on the hosts. This can be a symlink to | |||||
| a different location if you prefer. | |||||
| Almanac Hosts | |||||
| ============= | |||||
| The **Almanac Hosts** blueprint type gives Drydock access to a predefined list | |||||
| of hosts which you configure in the Almanac application. This is the simplest | |||||
| type of blueprint to set up. | |||||
| For more information about Almanac, see @{article:Almanac User Guide}. | |||||
| For example, suppose you have `build001.mycompany.com` and | |||||
| `build002.mycompany.com`, and want to configure Drydock to be able to use these | |||||
| hosts. To do this: | |||||
| **Create Almanac Devices**: Create a device record in Almanac for each your | |||||
| hosts. | |||||
| {nav Almanac > Devices > Create Device} | |||||
| Enter the device names (like `build001.mycompany.com`). After creating the | |||||
| devices, use {nav Add Interface} to configure the ports and IP addresses that | |||||
| Drydock should connect to over SSH (normally, this is port `22`). | |||||
| **Create an Almanac Service**: In the Almanac application, create a new service | |||||
| to define the pool of devices you want to use. | |||||
| {nav Almanac > Services > Create Service} | |||||
| Choose the service type **Drydock: Resource Pool**. This will allow Drydock | |||||
| to use the devices that are bound to the service. | |||||
| Now, use {nav Add Binding} to bind all of the devices to the service. | |||||
| You can add more hosts to the pool later by binding additional devices, and | |||||
| Drydock will automatically start using them. Likewise, you can remove bindings | |||||
| to take hosts out of service. | |||||
| **Create a Drydock Blueprint**: Now, create a new blueprint in Drydock. | |||||
| {nav Drydock > Blueprints > New Blueprint} | |||||
| Choose the **Almanac Hosts** blueprint type. | |||||
| In **Almanac Services**, select the service you previously created. For | |||||
| **Credentials**, select an SSH private key you want Drydock to use to connect | |||||
| to the hosts. | |||||
| Drydock should now be able to build resources from these hosts. | |||||
| Next Steps | |||||
| ========== | |||||
| Continue by: | |||||
| - returning to @{article:Drydock Blueprints}. | |||||