Como criar ambientes de staging e testing do VPNFLEX

Os ambientes de staging do VPNFLEX são criados sobre VMs com CentOS 7.

Este procedimento irá contemplar:

1. Criar ambiente a partir do zero (nova instalação)
2. Preparar ambiente para deploy do bot / CI

Criar ambiente a partir do zero (nova instalação)

1. Instalar nova VM com CentOS 7.
2. Desativar firewalld.

systemctl stop firewalld
systemctl disable firewalld

3. Instalar docker e docker-compose seguindo recomendações:
   • Docker via repo CentOS https://docs.docker.com/engine/install/centos/
   • Docker compose via pip https://docs.docker.com/compose/install/#install-using-pip
4. Realizar login no Docker da iTFLEX / Portus (consultar a senha no Passbolt)

[root@vpnflex-staging1 ~]# docker login docker.itflex.com.br
Username: vpnflex-staging
Password: 

5. Criar usuário deploy e adicionar no grupo docker

adduser deploy
usermod -a -G docker deploy

6. Adicionar no /home/deploy/.ssh/authorized_keys as chaves públicas do deploy e do gitlab-ci

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX9Ijfv/DEzYEaF1TLEKgsXmFbIHeWsl664oDswgFT5S+mY+E/s9OcRUJhcr1Gu8PuNYh2q+PPHa6qEbXFtQcN3j5Fp00RoFpm5L22I4HEEKgChYWhzsRoKtNoFj3AAQXLdGAZemDQJWeeJ1LQcZwGFEQaq/SA3k+2deHLZUL3YWGEtLr/HoEql4bt6MK9nX660wudAYfrrX7DhYwaPtRfRC+gonOx1U5DiqWuidb1yDh4HMsKO0tein9GIV7z64rRejTF+TBMuhxtVawsxJ4MtmvqCO1zBxdwdnu0qWnNDhmMNGWkvpC0u15glzhmYDnmZ/HiYJzW4sLy3PAy9SKZD10T8NQlZr7HpbbCObsyWvkv02bHApFoO82hCUE7k8cfq13EN3drS3sMUxEVgum6qVG69Qt0jVCENE440vBdrNwlwIue6FylkUrPAULsC0SuN+aDZ3PxloDXdD+Y6S4BCi9A03SPKnSUB9zclEpxLaNGLeEVMU50/UBXqfvhtqFnhlNj01SJMaA0OWjS2wNuOx+IBkrs4du2mNK4mTwTbAUTPduz3NZT/FKQ4mdcorNgRvE9wJKnMD3DO2go+k3QM9bvyHp7AfnqNns5hp3vagIifKRuYFBS8DsugKJuLXf+GLBx6H1we/f2AHfFZ3vd0jagQX5ijHqKZVG7ZT4+9w== gitlab-ci
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjzUaZRD+xwoLGrpnx+aGCJ4ubQaybL9eyhv73rgnrVpusj7S5yb+bbxv9I0Ee8Cpj6dhLmNeL4W2NwiLl/v1tWJ59/992cPHvAjgyWx01CBLw+KC3x+NMyLmexFRZvp0ZeZtPpHJUO9xtt070aWEZQmQd/xacqhIXfmvZODmiVGDLGJvLQ6Fwwxx2+pJDrkrioKwYku2KqEJTtZ42QDaO54nwlZ6PK+eLhkTkPETBY/ykpoKSdMwtkeazWl+fL/cZkknK8llarxbEv9Xwa7XmCNX+TRd0F8ysGY9rtV86sGv909TxFMiOZKdC9ZapGtXk2AjKYmIoOOU90XTo/C8qlCMrICrOsMRGxuRSth0QiOOoXFTVGaI2b+fDqyqepTxWlp+OhsATWy1DmB+kVbjwRbAnIssSHl+c4LXVXPsstIbyark8kl3im6X/VTRnOU8v/vl1QVsWBbqf/fLs80XwNPaSCBIPbi4TI6Heb2MQKRnOhAJ5wyIyOcG0fDwLZUuEE31e9moKTpBY5wVIbLUmK3+2OcNI59EdZUunn3cHRMA1gWTm8Tl1l0HOLZPyPCFTiwShLL2WYiFiL7a+KSLURELE1nLWMZtKb5SfXAY+w4TcuBBHIfs9xsSzBR7pJPGi44gqpL2/l6GtSnUdiZepjjmwwolw/pfe3UZAtSfAlw== deploy

7. Criar certificado SSL auto-assinado usado pelos contêineres:

cd /etc/pki/itflex/
openssl req -x509 -newkey rsa:4096 -keyout default.key -out default.crt -nodes -days 3650
ln -s default.crt ca.crt

8. Criar /app/ com a estrutura a seguir

mkdir -p /app/envs
touch /app/envs/services.env
chown -R deploy:itflex /app/

9. Criar uma reserva de DHCP no Firewall da iTFLEX
10. Criar o registro A no DNS da iTFLEX para acessar o staging pelo nome vpnflex-staingX.itflex.lan
11. Adicionar novo staging ao known_hosts no gitlab
    • Groups > itflex > Settings > CI/CD > Variables > Expand > SSH_KNOWN_HOSTS > Edit
    • Adicionar a chave ecdsa-sha2-nistp256 (escanear através do comando ssh-keyscan vpnflex-stagingX.itflex.lan)
    • Formato: nome_dns,ip_address ecdsa-sha2-nistp256 chave

Neste ponto a VM já pode ser integrada ao BOT e ao GitLab CI/CD.