Merge branch 'master' into 444-nextcloud-single-sign-on

.gitlab/ci_scripts/create_vps.sh

@@ -21,6 +21,7 @@ python3 -c "import greenhost_cloud; greenhost_cloud.terminate_droplets_by_name(\
 echo "Creating new machine"
 python3 -m openappstack $HOSTNAME create \
   --acme-staging \
+  --local-flux \
   --create-droplet $DOMAIN \
   --create-hostname $HOSTNAME \
   --ssh-key-id $SSH_KEY_ID \

ansible/group_vars/all/oas.yml

@@ -69,7 +69,12 @@ cert_manager:
 prometheus:
   crd_version: 'v0.34.0'
 
-# Let the auto-update mechanism (flux) follow a cluster-local git repo,
-# not one hosted on open.greenhost.net.
-# Currently needed in order to deploy OAS applications.
-local_flux: true
+# If true, let the auto-update mechanism (flux) follow a cluster-local git
+# repo, not one hosted on open.greenhost.net.
+local_flux: false
+
+# Specify which git repo and branch should be followed by the auto-update
+# mechanism (flux). Not used if local_flux is set to true.
+flux_source:
+  repo: "https://open.greenhost.net/openappstack/openappstack"
+  branch: "0.3"

ansible/roles/apps/tasks/flux.yml

@@ -4,6 +4,13 @@
 - name: Install flux
   tags:
     - flux
+  vars:
+    # The first url below points to the "local-flux" nginx pod that is running
+    # inside the cluster, and is serving the git repo with HelmRelease files
+    # over http.
+    git_url: "{{ 'http://local-flux.oas.svc.cluster.local/.git' if local_flux else flux_source.repo }}"
+    git_branch: "{{ 'master' if local_flux else flux_source.branch }}"
+    git_path: "{{ '.' if local_flux else 'flux' }}"
   # Commented version of below shell command:
   # helm upgrade
   #   # Install a new release if it doesn't yet exist.
@@ -11,10 +18,12 @@
   #   --repo "https://charts.fluxcd.io"
   #   --namespace oas
   #   --version 0.16.0
-  #   # This is the url to the "local-flux" nginx pod that is running
-  #   # inside the cluster, and is serving the git repo with HelmRelease
-  #   # files over http.
-  #   --set git.url="http://local-flux.oas.svc.cluster.local/.git"
+  #   # The git repo that flux listens to for changes.
+  #   --set git.url="{{ git_url }}"
+  #   # The branch of the git repo that flux listens to for changes.
+  #   --set git.branch="{{ git_branch }}"
+  #   # The directory within the git repo that flux listens to for changes.
+  #   --set git.path="{{ git_path }}"
   #   --set git.readonly=true
   #   # Do not do follow updates of upstream docker images automatically.
   #   --set registry.excludeImage='*'
@@ -27,7 +36,7 @@
   #   flux
   #   # Chart name
   #   flux
-  shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.16.0 --set git.url="http://local-flux.oas.svc.cluster.local/.git" --set git.readonly=true --set registry.excludeImage='*' --set sync.state="secret" --set syncGarbageCollection.enabled=true flux flux
+  shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.16.0 --set git.url="{{ git_url }}" --set git.branch="{{ git_branch }}" --set git.path="{{ git_path }}" --set git.readonly=true --set registry.excludeImage='*' --set sync.state="secret" --set syncGarbageCollection.enabled=true flux flux
 
 - name: Install helm-operator
   tags:

docs/installation_instructions.md

@@ -29,8 +29,8 @@ guide][https://openappstack.net/contact.html).
   * Current Debian stable "buster"
   * A public IP address
   * The ability to create DNS records for this IP
-  * 6GB of RAM
-  * At least 20GB of disk space for installation, plus more for application
+  * 8GB of RAM
+  * At least 25GB of disk space for installation, plus more for application
     data. We recommend starting with 30GB.
   * Root ssh access
   * Python3 installed

openappstack/__main__.py

@@ -121,6 +121,12 @@ def main():  # pylint: disable=too-many-statements,too-many-branches,too-many-lo
         help=("Use this for development clusters. Uses Let's Encrypt's "
               'staging environment'))
 
+    droplet_creation_group.add_argument(
+        '--local-flux',
+        action='store_true',
+        help=("Use this for development clusters. Uses an in-cluster "
+              'auto-update feed'))
+
     install_parser = subparsers.add_parser(
         'install',
         help=("Use this to run the ansible playbook that sets up your VPS to run "
@@ -247,6 +253,8 @@ def create(clus, args):  # pylint: disable=too-many-branches
     # Set acme_staging to False so we use Let's Encrypt's live environment
     if args.acme_staging:
         clus.acme_staging = True
+    if args.local_flux:
+        clus.local_flux = True
     if args.create_droplet:
         clus.create_droplet(ssh_key_id=args.ssh_key_id, hostname=args.create_hostname)
         if args.verbose:

openappstack/cluster.py

@@ -19,7 +19,7 @@ DEFAULT_REGION = 'ams1'
 """Default disk size"""
 DEFAULT_DISK_SIZE_GB = 25
 """Default amount of memory"""
-DEFAULT_MEMORY_SIZE_MB = 6144
+DEFAULT_MEMORY_SIZE_MB = 8192
 """Default "image" (operating system): 19  =  Debian buster-x64 """
 DEFAULT_IMAGE = 19
 
@@ -42,6 +42,9 @@ class Cluster:
         self.domain = None
         # By default, use Let's Encrypt's live environment
         self.acme_staging = False
+        # By default, let auto-update listen to the main OpenAppStack flux repo
+        # for updates.
+        self.local_flux = False
         # Set this to False if the data needs to be (re)loaded from file
         self.data_loaded = False
         # Load data from inventory.yml and settings.yml
@@ -148,6 +151,7 @@ class Cluster:
         settings['domain'] = self.domain
         settings['admin_email'] = 'admin@{0}'.format(self.domain)
         settings['acme_staging'] = self.acme_staging
+        settings['local_flux'] = self.local_flux
         settings['cluster_dir'] = self.cluster_dir
 
         file_contents = yaml.safe_dump(settings, default_flow_style=False)