Getting Started¶

Installation¶

Keys¶

All your pgp and ssh keys have to be stored inside the keys/ folder at the root of the working directory.

• pgp keys are used to manage the secrets
• ssh keys are used to access the node through ssh

Here is an example of the structure with one pgp key for email webteam@leitwert.ch and one ssh key for connect to node name.node.leitwert.ch with user username.

1
2
3
4
5
6

<working_directory>
└── keys
    ├── webteam@leitwert.ch.pgp
    ├── webteam@leitwert.ch.pgp.pub
    ├── username@name.node.leitwert.ch.rsa
    └── username@name.node.leitwert.ch.rsa.pub

Docker (recommended)¶

1. Log in to the docker registry using the provided credentials:

   1 2 3 4

   $ docker login git.dev.leitwert.ch:22443 Username: <username> Password: <password> Login Succeeded

2. Configure the alias that will run dhops inside a docker container:

   1	$ alias dhops='docker run --rm -v $PWD:/app -it git.dev.leitwert.ch:22443/dms/devicehub-infrastructure/devicehub-operations:2022.1.1 dhops'

   If you prefer nano over vim as a text editor, you can use the following alias:

   1	$ alias dhops='docker run --rm -v $PWD:/app -it -e EDITOR=nano git.dev.leitwert.ch:22443/dms/devicehub-infrastructure/devicehub-operations:2022.1.1 dhops'

3. Test the application using

   1 2 3 4 5 6 7 8 9 10 11

   $ dhops version gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key XXXXXXXXXXXXXXXX: public key "WebTeam <webteam@leitwert.ch>" imported gpg: key XXXXXXXXXXXXXXXX: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 dhops: 2022.1.1

In the event your workspace has already been initialized, all ssh and pgp keys can be found inside the keys/ folder. Otherwise, please continue with the tutorials.

Manual¶

1

$ pip install dhops-?.?.?.tar.gz

Dependency¶

• gomplate - https://gomplate.ca/
• sops - https://github.com/mozilla/sops
• htpasswd - https://httpd.apache.org/docs/current/programs/htpasswd.html
• gpg - https://gnupg.org/

Usage¶

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

$ dhops --help
Usage: dhops [OPTIONS] COMMAND [ARGS]...

  The tool to configure, deploy and manage a fleet of DeviceHub instances.

Options:
  -v, --verbose           [default: 0]
  -w, --working-dir PATH  [env var: DHOPS_WORKING_DIR]
  --install-completion    Install completion for the current shell.
  --show-completion       Show completion for the current shell, to copy it or
                          customize the installation.

  -h, --help              Show this message and exit.

Commands:
  backup    Create a backup and download it locally
  config    Modify the configuration of the item.
  create    Create a new item (e.g.: node, dms, devicehub, ...)
  deploy    Deploy the service defined in an item to its node
  init      Initialize the current folder as a workspace
  restore   Restore a local backup
  secrets   Modify the secrets of the item.
  template  Template an item into the output folder
  version   Show the version

When dhops is executed using docker, each command needs to be executed from the working directory using the full path to the instance (e.g. dhops config node1/dms1).

Tools¶

To have a better understanding of the tools used by dhops, feel free to read the official documentation.

Gomplate - Templating engine¶

We are using gomplate underneath to perform all templating tasks.

Please have a look at its documentation to understand better what is templating.

Sops - Secrets Management¶

We are using sops underneath to manage the secrets. This will be done using the PGP key which is used to encrypt and decrypt the secrets.

Please have a look at its documentation to understand better secrets management as dhops is following GitOps practice by doing so the secrets are encrypted and stored inside secrets file (secrets.json, secrets.yaml, secrets.env or binary file ending with .secret).