-
Notifications
You must be signed in to change notification settings - Fork 10
Deploying the MS
You can run the MS in one of two ways: as a Google AppEngine Python app, or as an AppScale Python app. You can also run it locally (i.e. in a test environment) with the Google AppEngine SDK.
Before you set up your MS, you will need to set up an administrator account, and choose an OpenID server to authenticate users (right now, the MS is hardwired to use the VICCI OpenID server, but this will be fixed soon. -jude). First, you'll need an RSA 4096-bit key. You can generate an RSA 4096-bit key pair with these commands:
$ # Make sure the key is readable ONLY to you
$ touch /path/to/your/admin/key.pem
$ chmod 0600 /path/to/your/admin/key.pem
$ openssl genrsa -out /path/to/your/admin/key.pem 4096
$ openssl rsa -in /path/to/your/admin/key.pem -pubout > /path/to/your/admin/public/key.pub
Then, you can build and set up the MS with the following command. It will compile the MS and install the admin account information.
$ scons MS user_id=YOUR.EMAIL@EXAMPLE.COM \
pubkey=/path/to/your/admin/public/key.pub \
openid_url=http://OPENID.PROVIDER/ID/PATH \
appname=YOUR-APP-NAME
- user_id must be an email address, and will be the name of the admin account.
- pubkey must be an absolute path to your PEM-encoded public key.
- openid_url is optional--it refers to your public OpenID identity page.
- appname is the application name that goes into the app.yaml file.
Now you can deploy the MS. For example, to deploy to Google AppEngine, you simply use Google's appcfg.py script to upload the MS you just built to the AppEngine PaaS:
$ appcfg.py update build/out/ms
Once the MS is up and running, you need to set up the Syndicate management tool syntool.py, so you can go on to create users, Volumes, and Gateways. You'll need to give it your administrator's email address and public key, as well as the URL to the MS's API (usually, this is the MS's hostname, followed by /api). To do so, simply run:
$ syntool.py --user_id YOUR.EMAIL@EXAMPLE.COM \
--MSAPI https://YOUR.RUNNING.MS/api \
--privkey /path/to/your/admin/key.pem \
setup
- user_id is the same email address you provided to the MS admin account.
- MSAPI is the URL to the MS's API handler (by default, the path is /api).
- privkey is the absolute path to the PEM-encoded private key that matches the public key given during the build process.
If you generated a private key file after this step, you can safely remove it, since syntool.py makes a copy of it and puts it into its configuration directory (by default, this is $HOME/.syndicate/). Just be sure to safely erase it first, by overwriting it several times with random data before removing it.
From start to finish, here's a simple recipe that builds, sets up, and deploys the MS on Google AppEngine.
$ # Generate key with OpenSSL (make it unreadable except by you!)
$ touch ~/syndicate_admin.pem
$ chmod 0600 ~/syndicate_admin.pem
$ openssl genrsa -out ~/syndicate_admin.pem 4096
$ openssl rsa -in ~/syndicate_admin.pem -pubout > ~/syndicate_admin.pub
$ # Build and deploy the MS
$ scons MS user_id=YOUR.EMAIL@EXAMPLE.COM \
pubkey=/path/to/your/admin/public/key.pub \
openid_url=http://OPENID.PROVIDER/ID/PATH \
appname=YOUR-APP-NAME
$ appcfg.py update build/out/ms
$ syntool.py --user_id admin@syndicatedrive.com \
--MSAPI https://syndicate-drive-ms.appspot.com/api \
--privkey ~/syndicate_admin.pem \
setup
$ # Safely erase the private key, since syntool.py makes a copy for itself.
$ for i in $(seq 1 10); do dd if=/dev/urandom of=~/syndicate_admin.pem bs=10240 count=1; done
$ rm ~/syndicate_admin.pem