This is the production setup of the future foodcoops.net. If you want to run it for yourself, see setup, or if you'd like to modify the configuration, please proceed to common tasks.
To get it running yourself, you need to provide the private information via environment variables to
docker-compose
. Here is an example to build and start the project:
export DOMAIN=foodcoops.test
export FOODSOFT_DB_PASSWORD=secret_fs
export FOODSOFT_SECRET_KEY_BASE=1234567890abcdefghijklmnoprstuvwxyz
export MYSQL_ROOT_PASSWORD=mysql
export SHAREDLISTS_DB_PASSWORD=sharedlists
export SHAREDLISTS_SECRET_KEY_BASE=abcdefghijklmnopqrstuvwxyz1234567890
docker-compose build --pull
docker-compose pull
docker-compose up -d
You can also store the variables in .env
instead.
On first time run, you'll need to setup the database. Start and connect to it as root:
docker-compose up -d mariadb redis
docker exec -it foodcoopsnet_mariadb_1 mysql -u root -p
Then run the following SQL commands:
CREATE DATABASE foodsoft_demo CHARACTER SET utf8 COLLATE utf8mb4_unicode_520_ci;
GRANT ALL ON foodsoft.* TO foodsoft@'%' IDENTIFIED BY 'secret_fs';
-- setup sharedlists database
CREATE DATABASE sharedlists CHARACTER SET utf8 COLLATE utf8mb4_unicode_520_ci;
GRANT ALL ON sharedlists.* TO sharedlists@'%' IDENTIFIED BY 'secret_sl';
GRANT SELECT ON sharedlists.* TO foodsoft@'%';
Subsequently you need to populate the databases:
docker-compose run --rm foodsoft bundle exec rake db:setup
docker-compose run --rm sharedlists bundle exec rake db:setup
Finally setup the demo database. Since we specify the database via environment variables multicoops:run_single
doesn't work with db
-setup tasks, so we need to do this differently
right now.
docker-compose run --rm \
-e 'DATABASE_URL=mysql2://foodsoft:${FOODSOFT_DB_PASSWORD}@mariadb/fs_demo?encoding=utf8mb4' \
foodsoft bundle exec rake db:schema:load db:seed:small.en
By default, a dummy SSL certificate will be generated (for localhost
). This is useful for
development, and to bootstrap easily.
For production, you need proper SSL certificates. These are provided by
letsencrypt. Set DOMAIN
and make sure the DNS is setup correctly.
Deployment happens by running a script on the server, which pulls the latest changes from the remote repository, rebuilds the docker images and runs them when needed.
You need to clone the repository and configure it for group access:
git clone --config core.sharedRepository=true https://github.com/foodcoops/foodcoops.net
chgrp -R docker foodcoops.net
chmod -R g+sw foodcoops.net
Finally, setup a daily cronjob to ensure security updates for the docker images:
echo `readlink -f deploy.sh` > /etc/cron.daily/deploy.sh
chmod u+x /etc/cron.daily/deploy.sh
- Deploying
- Upgrading Foodsoft
- Adding a new foodcoop
- Giving a foodcoop its own subdomain
- Adding a member to the operations team
- Troubleshooting
When you've made a change to this repository, you'll likely want to deploy it to production.
First push the changes to the Github repository,
then run deploy.sh
on the server.
Note: this section has not been tested yet!
To update Foodsoft to a new version:
- Update version in number in
foodsoft/Dockerfile
- Look at the changelog to see if anything is required for migrating, and prepare it.
- Deploy
- Without delay, run database migrations and restart the foodsoft images.
cd /home/git/foodcoops.net
docker-compose run --rm bundle exec foodsoft rake multicoops:run TASK=db:migrate
docker-compose restart foodsoft foodsoft_worker # foodsoft_mail
What do we need to know?
- Foodcoop identifier, will become part of the url. If the identifier is
my-foodcoop
, then their url will behttps://app.${DOMAIN}/my-foodcoop
. - Foodcoop name (so that we can recognize it better).
- Name and address of two contact persons within the food cooperative (we keep it in a private document).
Make sure to have this information before adding it to our configuration.
-
Add a new section to
foodsoft/app_config.yml
. You could copy thedemo
instance. Make sure that each foodcoop has a unique identifier, and doesn't contain any 'weird' characters. You may set the name as well. The database should be lowercase alphabet, prefixed withfoodsoft_
(in this example that isfoodsoft_myfoodcoop
). Make sure to set it in the configuration. -
Commit the changes, push and deploy.
-
Create the database. Open a MySQL shell, and run:
CREATE DATABASE foodsoft_myfoodcoop CHARACTER SET utf8 COLLATE utf8mb4_unicode_520_ci; GRANT ALL ON foodsoft_myfoodcoop.* TO foodsoft@'%';
-
Initialize the database (substituting
${FOODSOFT_DB_PASSWORD}
):docker-compose run --rm \ -e 'DATABASE_URL=mysql2://foodsoft:${FOODSOFT_DB_PASSWORD}@mariadb/foodsoft_myfoodcoop?encoding=utf8mb4' \ foodsoft bundle exec rake db:setup
-
Immediately login with
admin
/secret
and change the user details and password. -
You may want to pre-set some configuration if you know a bit more about the foodcoop. It's always helpful for new foodcoops to have a setup that already reflects their intended use a bit.
-
Mail the foodcoop contact persons with the url and admin account details, along with what they'd need to get started. I hope we'll get some more documentation and an email template for this.
Please also communicate that this platform is run by volunteers from participating food cooperatives and depends on donations.
(please expand this section)
- Add to Github operations team
- Add to relevant mailing lists (nabble ops group, ops list, systemausfall announce and support)
- Add user account to server with garbage password (see issue #8)
- Add user to the servers
docker
group - Obtain user's SSH key and verify it from a Github gist, Keybase or a video call.
- Add SSH key to user account
- (maybe more, pending #8)