~qeef/damn-deploy

Deploy the damn project.
Upgrade server
Upgrade server
Limit finished and snapshot services

refs

master
browse  log 
v0.30.0
release notes 

clone

read-only
https://git.sr.ht/~qeef/damn-deploy
read/write
git@git.sr.ht:~qeef/damn-deploy

You can also use your local clone with git send-email.

Divide and map. Now. -- the damn project -- helps mappers by dividing a big area into smaller squares that people can map together.

damn-deploy contains docker-compose-based deployment, including this deployment guide. It is published under MIT License.

Report security issues. Send patches to:

git config format.subjectPrefix 'PATCH damn-deploy'
git config sendemail.to '~qeef/damn-dev@lists.sr.ht'

#How to deploy

This is step-by-step guide to deploy the damn project on your domain. We expect you to have:

  • Some domain and its subdomains redirected to your server,
  • 1 GB RAM and 20 GB free space on that server,
  • Debian with systemd on that server,
    • apt-get update ; apt-get -y upgrade
  • root account on that server,
  • git, docker and docker-compose installed (on that server),
    • apt-get update ; apt-get -y install git docker.io docker-compose
  • some free time.

The following commands are run from /root directory, i.e. home directory of the root user, as root.

  1. Clone the damn deploy repository:

     git clone https://git.sr.ht/~qeef/damn-deploy ; cd damn-deploy
    
  2. Set the environment variables in the .env file accordingly:

    • POSTGRES_PASSWORD: Password to PostgreSQL database.
    • JWT_SECRET: Secret for using JSON Web Tokens.
    • SESSION_SECRET: Secret for cookies (I think).
    • OAUTH_CONSUMER_KEY: API key, get from osm.org.
    • OAUTH_CONSUMER_SECRET: API secret, get from osm.org.
    • DOMAIN_NAME: Use your domain name.
    • WWW_REPO: Link to a docker git repository with web pages.
  3. Set the correct email address in the traefik.yml file.

  4. Create the file acme.json and set its permissions to 600:

     touch acme.json ; chmod 600 acme.json
    
  5. Commit your changes and set git to always pull --rebase:

     git config user.email 'you@example.com'
     git config user.name 'Your Name'
     git add .env traefik.yml
     git commit -m'DEPLOYEMENT CHANGES, DO NOT PUSH!'
     git config pull.rebase true
    

    Please, note that you cannot push the changes because you do not have the appropriate access rights.

  6. Enable and start the damn services:

     cd systemd
     for i in `ls` ; do systemctl link `pwd`/$i ; done
     cd
     systemctl start damn-rebuild-client-js.service
    

    NOTE: You may find interesting to see how the damn-http.service is doing by typing journalctl -u damn-http.service -f in separate terminal.

    NOTE: In /etc/systemd/journald.conf, you may need to set the Storage=persistent and then systemctl restart systemd-journald to see journalctl -u damn-http.service -f.

    Wait for the DNS records to settle up and start the damn services:

     systemctl start damn.target
    

NOTE: Feel free to tune db's command in http.yml, see PostgreSQL documentation Resource Consumption and Write Ahead Log.

#How to upgrade

There are three reasons to upgrade the damn deploy:

  1. When the web page at WWW_REPO is upgraded, rebuild the www service:

     systemctl start damn-rebuild-www.service
    
  2. Or, when the damn (JavaScript) clients are upgraded, rebuild them:

     systemctl start damn-rebuild-client-js.service
    
  3. Or, when the damn server is upgraded, rebuild the server:

     git pull
     systemctl start damn-rebuild-api.service
     docker image prune
     systemctl start damn.target
    

    Please, note that all the damn services are restarted in this case.

NOTE: To backup the database, run the following command from the damn-deploy directory:

pg_dump -a "postgresql://damnuser:$(cat .env | sed -n 's/^POSTGRES_PASSWORD=\(.\+\)$/\1/p')@$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' damndb)/damndb" > ../damndb-backup-$(date --iso-8601).sql

NOTE: To restore the database, run the following command from the damn-deploy directory:

psql "postgresql://damnuser:$(cat .env | sed -n 's/^POSTGRES_PASSWORD=\(.\+\)$/\1/p')@$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' damndb)/damndb" < ../damndb-backup-YEAR-MONTH-DAY.sql

NOTE: To run the commands above, you need postgresql-client-?? installed, where ?? stands for some version given by your Debian.

#Subdomains

The main domain, DOMAIN_NAME, serves the wep application of WWW_REPO. The subdomain www. is redirected to the main domain.

There are two subdomains that provide areas in JSON format: current. serves the areas that are currently being worked on, and finished. serves the read-only areas.

There are three subdomains serving JavaScript clients: manager. is the interface for creating and managing areas, mapper. is for mapping beginners, and qa. is for advanced mappers and reviewers.

JOSM mappers wanting to connect to your custom deployement are expected to set the damn.server_url in the Advanced Settings of the JOSM to https://current.DOMAIN_NAME.