diff --git a/k8s/README.md b/k8s/README.md index 8f7cdd4..1e5d49d 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -6,7 +6,7 @@ - [Install on a working raspiblitz system: install.microk8s.sh](#install-on-a-working-raspiblitz-system-installmicrok8ssh) - [install on pure Debian 11 (eg Digital Ocean)](#install-on-pure-debian-11-eg-digital-ocean) - [Using the Galoy Helm charts](#using-the-galoy-helm-charts) - - [install the chart repo](#install-the-chart-repo) + - [install the Galoy charts repo](#install-the-galoy-charts-repo) - [Bitcoind in kubernetes helm](#bitcoind-in-kubernetes-helm) - [install](#install) - [monitor](#monitor) @@ -51,17 +51,19 @@ - [External Service ports](#external-service-ports) - [check local tbitcoind](#check-local-tbitcoind) - [Testnet LND connected to the bitcoin node on the host](#testnet-lnd-connected-to-the-bitcoin-node-on-the-host) - - [install](#install-1) - [save seed and unlock password](#save-seed-and-unlock-password) - [change the wallet unlock password](#change-the-wallet-unlock-password) + - [restart](#restart) - [logs](#logs) - [cli](#cli-1) - - [remove pods and data](#remove-pods-and-data) - [testnet Galoy](#testnet-galoy) - - [Install](#install-2) -- [monitor](#monitor-3) + - [Install](#install-1) + - [monitor](#monitor-3) - [remove](#remove) - [Galoy with bitcoin and lnd on mainnet](#galoy-with-bitcoin-and-lnd-on-mainnet) +- [Galoy with bitcoin and lnd on mainnet](#galoy-with-bitcoin-and-lnd-on-mainnet-1) +- [Configure with terraform](#configure-with-terraform) +- [install terraform](#install-terraform) # kubectl cheat sheet * https://kubernetes.io/docs/reference/kubectl/cheatsheet/ @@ -130,9 +132,13 @@ sudo snap install helm --classic # Using the Galoy Helm charts -## install the chart repo +## install the Galoy charts repo ``` helm repo add galoy-repo https://github.com/GaloyMoney/charts + +# add the bitnami charts https://charts.bitnami.com/ +helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update ``` @@ -583,42 +589,7 @@ k8stunnel tlnd-0 lnd 21333 21333 ``` # Testnet LND connected to the bitcoin node on the host - -* bitcoind on the raspiblitz node needs: -``` -localip=$(hostname -I | awk '{print $1}') - -echo "\ -test.rpcbind=${localip}:18332 -test.zmqpubrawblock=tcp://${localip}:21332 -test.zmqpubrawtx=tcp://${localip}:21333 -" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf - -sudo systemctl restart tbitcoind -``` - -## install -``` -localip=$(hostname -I | awk '{print $1}') -rpcpass=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-) - -echo "\ -configmap: - customValues: - - bitcoin.testnet=true - - bitcoind.rpchost=${localip}:18332 - - bitcoind.zmqpubrawblock=tcp://${localip}:21332 - - bitcoind.zmqpubrawtx=tcp://${localip}:21333 - - db.bolt.auto-compact=true - - bitcoind.rpcuser=raspibolt - - bitcoind.rpcpassword=${rpcpass} -autoGenerateSeed: - enabled: true -" | tee tlndvalues.yaml - -helm install tlnd -f tlndvalues.yaml galoy-repo/lnd -``` - +* [galoy.testnet.sh](galoy.testnet.sh) ## save seed and unlock password ``` kubectl -n default logs tlnd-0 -c init-wallet @@ -629,30 +600,27 @@ kubectl get secret tlnd-pass -o jsonpath='{.data.password}' | base64 -d, echo * semi-automatic method: ``` NewPassword="NEW_PASSWORD_HERE" -kubectl get secret tlnd-pass -o json | jq --arg password "$(echo $NewPassword | base64)" '.data["password"]=$password' | kubectl apply -f - +kubectl -n test get secret lnd1-pass -o json | jq --arg password "$(echo $NewPassword | base64)" '.data["password"]=$password' | kubectl -n test apply -f - +``` +## restart +``` +kubectl delete pod lnd1-0 --wait=false --grace-period=0 -n test ``` ## logs ``` -kubectl -n default logs tlnd-0 -c lnd -f +kubectl logs lnd1-0 -n test -c lnd -f -sudo tail -f /var/snap/microk8s/common/default-storage/default-tlnd-pvc-*/logs/bitcoin/mainnet/lnd.log +sudo tail -f /var/snap/microk8s/common/default-storage/test-lnd1-pvc-[TAB]/logs/bitcoin/testnet/lnd.log ``` - ## cli ``` -kubectl -n default exec -it tlnd-0 -c lnd -- bash +kubectl exec lnd1-0 -n test -c lnd -- sh lncli -n testnet getinfo ``` -## remove pods and data -``` -helm uninstall tlnd -sudo rm -r /var/snap/microk8s/common/default-storage/default-tlnd-* -``` # testnet Galoy - ## Install * create custom values ``` @@ -660,19 +628,20 @@ echo "\ global: network: testnet galoy: - name: "Testnet Galoy Wallet" + name: 'Testnet Galoy Wallet' bitcoind: port: 18332 needFirebaseServiceAccount: false twilio: false +devDisableMongoBackup: true " | tee tgaloyvalues.yaml ``` * install ``` -helm install tgaloy -f tgaloyvalues.yaml galoy-repo/galoy +helm install galoy -f tgaloyvalues.yaml -n test galoy-repo/galoy ``` -# monitor +## monitor ``` kubectl get pod -n galoy -w @@ -686,7 +655,7 @@ helm uninstall galoy kubectl get pvc ## CAREFUL HERE -# delete all pending +# delete all pending storage for i in $(kubectl get pvc | grep Pending | awk '{print $1}' ); do kubectl delete pvc ${i}; done # delete galoy storage @@ -738,12 +707,14 @@ kubectl create secret generic galoy-mongodb \ mkdir -p ~/test-secrets/galoy-price-history-postgres-creds cd ~/test-secrets/galoy-price-history-postgres-creds echo -n "$(openssl rand -hex 48)" > ./password -echo -n 'price-history' > ./username -echo -n 'price-history' > ./database + kubectl create secret generic galoy-price-history-postgres-creds \ --from-file=./password \ - --from-file=./username \ - --from-file=./database + --from-literal=username=price-history \ + --from-file=database=price-history + +kubectl create secret generic dropbox-access-token \ + --from-literal=token='' kubectl create secret generic gcs-sa-key @@ -751,8 +722,6 @@ kubectl create secret generic geetest-key --from-literal=key='dummy' \ --from-literal=id='dummy' -kubectl create secret generic dropbox-access-token \ - --from-literal=token='' cd @@ -763,7 +732,24 @@ bitcoind: port: 8332 needFirebaseServiceAccount: false twilio: false +devDisableMongoBackup: true " | tee galoyvalues.yaml helm install galoy -f galoyvalues.yaml galoy-repo/galoy +``` + + +https://learnk8s.io/a/a-visual-guide-on-troubleshooting-kubernetes-deployments/troubleshooting-kubernetes.en_en.v2.pdf + + + +# Galoy with bitcoin and lnd on mainnet +* [galoy.testnet.sh](galoy.testnet.sh) + +# Configure with terraform + +# install terraform +curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - +sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" +sudo apt-get update && sudo apt-get install terraform ``` \ No newline at end of file diff --git a/k8s/galoy.mainnet.sh b/k8s/galoy.mainnet.sh new file mode 100644 index 0000000..1a69655 --- /dev/null +++ b/k8s/galoy.mainnet.sh @@ -0,0 +1,71 @@ +# charts +helm repo add galoy-repo https://github.com/GaloyMoney/charts + +# add the bitnami charts https://charts.bitnami.com/ +helm repo add bitnami https://charts.bitnami.com/bitnami + +helm repo update + +# bitcoind +helm install bitcoind galoy-repo/bitcoin + +# lnd +echo "\ +configmap: + customValues: + - bitcoin.mainnet=true + - bitcoind.rpchost=bitcoind:8332 + - bitcoind.zmqpubrawblock=tcp://bitcoind:28332 + - bitcoind.zmqpubrawtx=tcp://bitcoind:28333 + - minchansize=200000 + - db.bolt.auto-compact=true +autoGenerateSeed: + enabled: true +" | tee -a lndvalues.yaml + +helm install lnd -f lndvalues.yaml galoy-repo/lnd + +# galoy +# secrets +mkdir -p ~/test-secrets/galoy-mongodb +cd ~/test-secrets/galoy-mongodb +echo -n "$(openssl rand -hex 64)" > ./mongodb-password +echo -n "$(openssl rand -hex 64)" > ./mongodb-root-password +echo -n "$(openssl rand -hex 64)" > ./mongodb-replica-set-key +kubectl create secret generic galoy-mongodb \ + --from-file=./mongodb-password \ + --from-file=./mongodb-root-password \ + --from-file=./mongodb-replica-set-key + +mkdir -p ~/test-secrets/galoy-price-history-postgres-creds +cd ~/test-secrets/galoy-price-history-postgres-creds +echo -n "$(openssl rand -hex 48)" > ./password + +kubectl create secret generic galoy-price-history-postgres-creds \ + --from-file=./password \ + --from-literal=username=price-history \ + --from-file=database=price-history + +kubectl create secret generic dropbox-access-token \ + --from-literal=token='' + +kubectl create secret generic gcs-sa-key + +kubectl create secret generic geetest-key + --from-literal=key='dummy' \ + --from-literal=id='dummy' + + +cd + +echo "\ +global: + network: mainnet +bitcoind: + port: 8332 +needFirebaseServiceAccount: false +twilio: false +devDisableMongoBackup: true +" | tee galoyvalues.yaml + +helm install galoy -f galoyvalues.yaml galoy-repo/galoy diff --git a/k8s/galoy.testnet.sh b/k8s/galoy.testnet.sh new file mode 100644 index 0000000..1bf90c5 --- /dev/null +++ b/k8s/galoy.testnet.sh @@ -0,0 +1,138 @@ +# Testnet LND connected to the bitcoin node on the host + +# vars +localip=$(hostname -I | awk '{print $1}') +rpcpass=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-) + +#TODO check for LAN RPC connection +## bitcoind on the raspiblitz node needs: +localip=$(hostname -I | awk '{print $1}') +echo "\ +test.rpcbind=${localip}:18332 +test.zmqpubrawblock=tcp://${localip}:21332 +test.zmqpubrawtx=tcp://${localip}:21333 +" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf +sudo systemctl restart tbitcoind +############ + +## charts +helm repo add galoy-repo https://github.com/GaloyMoney/charts +## add the bitnami charts https://charts.bitnami.com/ +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo update + +## bitcoind - on the host +#helm install bitcoind galoy-repo/bitcoin +## create secrets instead of bitcoind +rpcpass=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-) +kubectl create secret generic network -n test \ + --from-literal=network=testnet +kubectl create secret generic bitcoind-rpcpassword -n test \ + --from-literal=password="${rpcpass}" + +## lnd +## values +localip=$(hostname -I | awk '{print $1}') +echo "\ +configmap: + customValues: + - bitcoin.testnet=true + - bitcoind.rpchost=${localip}:18332 + - bitcoind.zmqpubrawblock=tcp://${localip}:21332 + - bitcoind.zmqpubrawtx=tcp://${localip}:21333 + - db.bolt.auto-compact=true + - bitcoind.rpcuser=raspibolt +autoGenerateSeed: + enabled: true +loop: + enabled: false +lndmon: + enabled: false +" | tee tlndvalues.yaml +## install +helm install lnd1 -f tlndvalues.yaml --namespace test galoy-repo/lnd --create-namespace + +## save seed and unlock password +mkdir -p ~/test-secrets/lnd +kubectl -n test logs lnd1-0 -c init-wallet >> ~/test-secrets/lnd/tlnd1seed.txt +cat ~/test-secrets/lnd/tlnd1seed.txt +kubectl -n test get secret lnd1-pass -o jsonpath='{.data.password}' | base64 -d >> ~/test-secrets/lnd/tlnd1walletpassword.txt +cat ~/test-secrets/lnd/tlnd1walletpassword.txt + +## galoy +## secrets +mkdir -p ~/test-secrets/tgaloy-mongodb +cd ~/test-secrets/tgaloy-mongodb +echo -n "$(openssl rand -hex 64)" > ./mongodb-password +echo -n "$(openssl rand -hex 64)" > ./mongodb-root-password +echo -n "$(openssl rand -hex 64)" > ./mongodb-replica-set-key +kubectl -n test create secret generic galoy-mongodb \ + --from-file=./mongodb-password \ + --from-file=./mongodb-root-password \ + --from-file=./mongodb-replica-set-key + +mkdir -p ~/test-secrets/tgaloy-price-history-postgres-creds +cd ~/test-secrets/tgaloy-price-history-postgres-creds +echo -n "$(openssl rand -hex 48)" > ./password +kubectl -n test create secret generic galoy-price-history-postgres-creds \ + --from-file=./password \ + --from-literal=username=price-history \ + --from-literal=database=price-history + +# for trigger +kubectl -n test create secret generic gcs-sa-key + +# for galoy-pre-migration-backup-1 +kubectl -n test create secret generic dropbox-access-token \ + --from-literal=token='' +# kubectl create secret generic geetest-key +# --from-literal=key='dummy' \ +# --from-literal=id='dummy' + +cd + +# galoy +echo "\ +global: + network: testnet +galoy: + name: 'Testnet Wallet' +bitcoind: + port: 18332 +needFirebaseServiceAccount: false +twilio: false +devDisableMongoBackup: true +" | tee tgaloyvalues.yaml + +helm install galoy -f tgaloyvalues.yaml -n test galoy-repo/galoy + + +if [ "$1" = off ]; then + stop_terminated_pods() { + # Define namespace + namespace="test" + # Get all pods in Terminated / Evicted State + epods=$(kubectl get pods -n ${namespace} | egrep -i 'Terminating|Terminated|Evicted' | awk '{print $1 }') + # Force deletion of the pods + for i in ${epods[@]}; do + kubectl delete pod --force=true --wait=false --grace-period=0 $i -n ${namespace} + done + } + + # LND + helm uninstall lnd1 --wait=false + stop_terminated_pods + +# delete galoy storage +for i in $(kubectl -n test get pvc | grep galoy | awk '{print $1}' ); do kubectl -n test delete pvc ${i}; done + +# in filesystem (skip lnd) +for i in $(sudo ls /var/snap/microk8s/common/default-storage/ | grep test | grep -v lnd ); do sudo rm -rf /var/snap/microk8s/common/default-storage/${i}; done + +# delete the manually generated secrets +kubectl -n test delete secret galoy-mongodb + + +fi + +