np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
lcbp3/specs/002-infra-ops/quickstart.md
T

294 lines
7.1 KiB
Markdown
Raw Permalink Blame History

# Quick Start Guide: Infrastructure Operations & Deployment Automation
**Purpose**: Get started with the Infrastructure Operations & Deployment Automation feature
**Date**: 2026-04-20
**Target Audience**: DevOps Engineers, System Administrators
## Prerequisites
### Hardware Requirements
- QNAP NAS (192.168.10.8) with Docker support
- ASUSTOR NAS (192.168.10.9) with Docker support
- SSH access between NAS devices configured
- Minimum 100GB storage for backups
### Software Requirements
- Docker 20.10+
- Docker Compose 2.0+
- Bash 5.0+ or PowerShell 7.2+
- Git client
- SSH key authentication
### Network Requirements
- Static IP addresses for both NAS devices
- Open ports: 22 (SSH), 80/443 (HTTP/HTTPS), 8080 (applications)
- VPN or secure network connection for remote access
## Initial Setup
### 1. Repository Configuration
```bash
# Clone the repository
git clone https://git.np-dms.work/np-dms/lcbp3.git
cd lcbp3
# Switch to the infrastructure branch
git checkout 002-infra-ops
```
### 2. SSH Key Authentication
Ensure SSH keys are configured between QNAP and ASUSTOR:
```bash
# Test SSH connectivity
ssh admin@192.168.10.8 "docker --version"
ssh admin@192.168.10.9 "docker --version"
```
### 3. Environment Configuration
Copy and configure environment files:
```bash
# QNAP environments
cp specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/.env.example \
specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/.env
# ASUSTOR environments
cp specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/.env.example \
specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/.env
```
Edit the `.env` files with your specific configurations:
- Database passwords
- SSL certificate paths
- Backup storage locations
- Monitoring endpoints
## Core Services Deployment
### 1. Database Services (QNAP)
```bash
# Navigate to QNAP database directory
cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/mariadb
# Deploy MariaDB with phpMyAdmin
docker-compose -f docker-compose-lcbp3-db.yml up -d
# Verify deployment
docker-compose -f docker-compose-lcbp3-db.yml ps
```
### 2. Application Services (QNAP)
```bash
# Navigate to QNAP app directory
cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app
# Deploy backend, frontend, and ClamAV
docker-compose -f docker-compose-app.yml up -d
# Verify deployment
docker-compose -f docker-compose-app.yml ps
```
### 3. Reverse Proxy (QNAP)
```bash
# Navigate to Nginx Proxy Manager directory
cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/npm
# Deploy reverse proxy
docker-compose -f docker-compose.yml up -d
# Access Nginx Proxy Manager
# URL: http://192.168.10.8:81
# Default: admin@example.com / changeme
```
### 4. Monitoring Stack (ASUSTOR)
```bash
# Navigate to ASUSTOR monitoring directory
cd specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/monitoring
# Deploy Prometheus, Grafana, and supporting services
docker-compose -f docker-compose.yml up -d
# Verify deployment
docker-compose -f docker-compose.yml ps
```
## SSL Certificate Setup
### 1. Initial Certificate Generation
```bash
# On QNAP, generate Let's Encrypt certificates
cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/npm
# Run certbot for initial certificate
docker-compose exec npm certbot --nginx -d your-domain.com
```
### 2. Automated Renewal
Add to crontab for automatic renewal:
```bash
# Edit crontab
crontab -e
# Add renewal task (runs daily at 2 AM)
0 2 * * * cd /path/to/npm && docker-compose exec npm certbot renew
```
## Backup Configuration
### 1. Initial Backup Setup
```bash
# Navigate to backup scripts directory
cd specs/04-Infrastructure-OPS/04-02-backup-recovery
# Configure backup destinations
cp backup-config.example.yml backup-config.yml
# Edit backup-config.yml with your storage locations
nano backup-config.yml
```
### 2. Automated Backup Schedule
```bash
# Add backup cron job (runs daily at 1 AM)
0 1 * * * /path/to/backup-scripts/daily-backup.sh
# Add backup validation (runs weekly on Sunday at 3 AM)
0 3 * * 0 /path/to/backup-scripts/validate-backups.sh
```
## Monitoring Configuration
### 1. Grafana Dashboard Access
1. Access Grafana: `http://192.168.10.9:3000`
2. Default credentials: `admin / admin` (change on first login)
3. Import dashboards from `specs/04-Infrastructure-OPS/04-03-monitoring/dashboards/`
### 2. Alert Configuration
1. Access AlertManager: `http://192.168.10.9:9093`
2. Configure notification channels (email, Slack, etc.)
3. Test alert rules to ensure notifications work
## Blue-Green Deployment
### 1. Environment Setup
```bash
# Create blue environment (current production)
cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app
docker-compose -f docker-compose-app.yml -p app-blue up -d
# Create green environment (new version)
docker-compose -f docker-compose-app.yml -p app-green up -d
```
### 2. Traffic Switching
```bash
# Switch traffic to green environment
# Update Nginx Proxy Manager upstream configuration
# Point to green environment containers
# Test green environment functionality
```
### 3. Rollback Procedure
```bash
# If issues detected, rollback to blue
# Update Nginx Proxy Manager upstream configuration
# Point back to blue environment containers
# Stop green environment containers
```
## Security Hardening
### 1. Container Security Scan
```bash
# Install Trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# Scan all running containers
trivy image --severity HIGH,CRITICAL $(docker ps --format "table {{.Image}}" | tail -n +2)
```
### 2. Security Policy Validation
```bash
# Run security validation script
cd specs/04-Infrastructure-OPS/04-06-security-operations
./validate-security-policies.sh
```
## Troubleshooting
### Common Issues
1. **Container won't start**
```bash
# Check logs
docker-compose logs [service-name]
# Check resource usage
docker stats
```
2. **Backup failures**
```bash
# Check backup logs
tail -f /var/log/backup.log
# Test connectivity to backup storage
ping backup-storage-host
```
3. **Monitoring alerts not working**
```bash
# Check Prometheus targets
curl http://192.168.10.9:9090/api/v1/targets
# Test AlertManager
curl http://192.168.10.9:9093/api/v1/alerts
```
### Health Checks
```bash
# Check all services health
curl -f http://192.168.10.8:3000/health || echo "Backend unhealthy"
curl -f http://192.168.10.8/health || echo "Frontend unhealthy"
curl -f http://192.168.10.9:9090/-/healthy || echo "Prometheus unhealthy"
```
## Next Steps
1. **Configure automated monitoring alerts** for your specific thresholds
2. **Set up backup retention policies** based on your compliance requirements
3. **Implement disaster recovery testing** on a regular schedule
4. **Configure log aggregation** for centralized monitoring
5. **Set up automated security scanning** in your CI/CD pipeline
## Support
For issues and questions:
- Check the troubleshooting section above
- Review logs in `/var/log/` directories
- Consult the full documentation in `specs/04-Infrastructure-OPS/`
- Contact the infrastructure team for escalated issues
Reference in New Issue View Git Blame Copy Permalink