- A Linux system with Tenderduty, Docker, and Docker-Compose installed
- A private repository for hosting the Tenderduty config
The first thing that needs to be done is to configure the private repository where the Tenderduty config will be hosted. If using a public repository, skip to the next section.
For this example, I'll be using GitHub. In order to be able to pull the config from the private repository, a Deploy key needs to be added to the repo. Go to the private repo -> Settings -> Deploy keys -> Add deploy key. Enter a title to identify the key based on personal preference.
On the Linux system that will be pulling the config, an SSH key will need to be generated to be used as the deploy key. Run the following command to generate the key:
ssh-keygen -t ed25519
When prompted, enter the path for the key. For ease of use, I've chosen to use the default keyname. When prompted for a password on the SSH key, this is an important choice for how this workflow will need to be set up. Because this SSH key will only have read access of the repo, I have not password protected the SSH key. As such, this SSH key should ONLY be used to read the private repo. Given more time, I plan on adding a password to the SSH key, but it will require more work to get setup.
Now that the key is generated, copy the contents of the PUBLIC key to the GitHub Deploy key window. Because this key is not password protected, DO NOT allow write access. Once completed, hit "Add key" to add this deploy key to the repo.
Now that the repo is configured, the Tenderduty server will need to be configured.
- Pull the public repo containing the scripts/services needed to update the config
git clone https://github.com/Crypto-Chemistry/tenderduty_config_updater.git
- Pull the private repo containing the Tenderduty config
- If
$HOME/.configdoes not exist, first create it withmkdir $HOME/.config cd $HOME/.config && git clone $repo_url tenderduty_config
- If
- Switch directories to the tenderduty_config_updater repo
cd $HOME/tenderduty_config_updater/
- Edit the
tenderduty_config_updater.shscript to use the proper TENDERDUTY_DIR (/home/user_name/tenderduty) and CONFIG_DIR (/home/user_name/.config/tenderduty_config) for your system. - Edit the
tenderduty_config_updater.servicescript:- Set the User and Group for the service to run as
- Set the path to the
tenderduty_config_updater.shscript inExecStart
- Set permissions on the
tenderduty_config_updater.shscriptchmod 700
- Copy the service and timer to systemd's service directory
sudo ln -s /home/user_name/tenderduty_config_updater/tenderduty_config_updater.service /etc/systemd/system/tenderduty_config_updater.servicesudo ln -s /home/user_name/tenderduty_config_updater/tenderduty_config_updater.timer /etc/systemd/system/tenderduty_config_updater.timer
- If the private tenderduty configuration uses an environment variable for the pagerduty API key, add it as a service override by doing the following
- Enable the timer and service
sudo systemctl enable tenderduty_config_updater.servicesudo systemctl enable tenderduty_config_updater.timersudo systemctl start tenderduty_config_updater.timer
Test the implementation by commiting a change to the Tenderduty config repo. Check the output of the updater with the following command:
sudo journalctl -f -u tenderduty_config_updater.service
Changes are checked every 5 minutes, so you may need to wait up to 5 minutes. Once the changes are seen by the script, you should see output of the Tenderduty docker-compose being brought down and stood back up with the new config. Once this occurs, you can check the contents of the docker-compose.yml file that contains the Tenderduty config to ensure your change was ingested properly.
cat $HOME/tenderduty/docker-compose.yml