Enough CLI and API, for DNS and host creation


#1

During bootstrap, Enough needs to create hosts and delegate a domain name to a newly created DNS server. This is done every time molecule test runs but it is not convenient to use the same logic when creating an entirely new infrastructure based on Enough. But that’s what Enough is about: allowing the users to break free and duplicate the instance on their own resources, to self-host and remove intermediaries.

It should be possible to implement the following user stories with a) the creation of a ~/.enough/config with credentials, b) running a single command with the CLI. The user stories are:

  • As a user of http://enough.community I want my own infrastructure for free at http://mydomain.enough.community so I can be admin of the hosts and gain more control. I want to do that by a) adding the user and password of the enough.community forum in the ~/.enough/config file, b) runing one command with the CLI.

  • As a devops I want to set an entirely new infrastructure and pay for it using my existing OVH and Gandi credentials and a chosen domain name. I want to do that by a) adding the Gandi and OpenStack credentials I have in the ~/.enough/config file, b) runing one command with the CLI.

The proposed architecture of the Enough DNS and host creation services implementing these user stories ( in the enough python module) could be as follows:

                             /-------------\
                             | /etc/enough |
               +-------------+ ~/.enough   |
               |             \-------------/
               |
               v  Container
+------------------------------------------+
|                +--------+                |
|      +---------| Enough |---------+      |
|      |         +--------+         |      |
|      |             ^              |      |
|      |      (1)    |              |      |
|      |      Enough | API          |      |
|      |          +--+---+          |      |
|      |          | CLI  |          |      |
|      |          +--+---+          |      |
|      |             |              |      |
+------+-------------+--------------+------+
   OVH | API         |        Gandi | API
       v             | (1)          v
   +-------+         |          +-------+
   |  OVH  |<-+      v          | Gandi |
   +-------+  |  +-------+      +-------+
   OpenStack  |  |Enough |      Registrar
              |  +-------+
              +--OpenStack API

The enough CLI would be the entry point in both cases but:

  • to create the infrastructure as a subdomain of an existing Enough instance (http://enough.community for instance), it would rely on the API provided by https://api.enough.community to create the subdomain and the hosts on its behalf (authenication would be provided by the Discourse OAuth provider). In this case there is no need to call the Gandi or OVH API, the machines are created using an existing OVH project (the OVH parlance for a paying customer) and using a subdomain of the existing domain (in the same way it is done by molecule tests)
  • to create a new infrastructure it would rely on the same API but running on the same container as the CLI. The server running the API has access to the credentials stored in ~/.enough/config and would then call the OpenStack / Gandi API to create all the hosts and bind the DNS host to the Gandi domain name via a glue record.

#2

As a first step I propose the API server implements a POST action to create a subdomain under test.enough.community. The current process for that to happen for a new contributor is:

  • create a merge request with the contributor ssh key in the right place
  • ask someone to merge
  • ask someone to apply the bind playbook that will pull the ssh key

With the API, the contributor would need to provide a lab.enough.community application token obtained from their account. Anyone with an account on lab.enough.community would be allowed to create this test subdomain.

The create.yml playbook would then call the API server instead of the custom script called via ssh.