Deploy @Scaleway

Goal

This guides you into deploying a TOC instance on Scaleway provider, from scratch.

Requirements

Have a DNS domain under Scaleway management, to be used as the parent domain of the platform.
Follow the Getting started tutorial:
- For the bootstrap:
  - choose the <toc_workspace> you like
  - use your Scaleway managed DNS domain as <toc_parent_domain>
- Mind about including the Scaleway credentials section.

For the sake of the tutorial, assume:

toc_workspace is jon
toc_parent_domain is scw.wescale.fr

Infrastructure creation

From the instance management directory, run:

Run

mise toc:infra:apply

That will:

create Scaleway resources
generate ssh.cfg to access hosts directly
generate inventory
create a dedicated service account for ansible on hosts

If no error arise, you should be able to ping all deployed hosts like so:

$ ansible -m ping toc
jon-watcher | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3.11"
    },
    "changed": false,
    "ping": "pong"
}
jon-keeper | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3.11"
    },
    "changed": false,
    "ping": "pong"
}
jon-worker | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3.11"
    },
    "changed": false,
    "ping": "pong"
}

Base OS configuration

Run

ansible-playbook tocproject.toc.base

After this step you should be able to query the DNS SOA:

$ dig ns.jon.scw.wescale.fr

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> ns.jon.scw.wescale.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44194
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;ns.jon.scw.wescale.fr.     IN  A

;; ANSWER SECTION:
ns.jon.scw.wescale.fr.  300 IN  A   163.172.138.22

;; Query time: 52 msec
;; SERVER: 192.168.1.254#53(192.168.1.254) (UDP)
;; WHEN: Tue Jan 14 15:50:22 CET 2025
;; MSG SIZE  rcvd: 66

Connectivity services

Run

ansible-playbook tocproject.toc.pki && \
ansible-playbook tocproject.toc.idp && \
ansible-playbook tocproject.toc.vpn && \
ansible-playbook tocproject.toc.vpn_agent

At this stage, you should be able to join the deployed web interfaces:

identity provider https://idp.<toc_workspace>.<toc_parent_domain>
vpn management https://vpn.<toc_workspace>.<toc_parent_domain>

Observability services

Deploy metric and log collectors on hosts.
Install Grafana with IdP integration.
Create initial dashboards for the platform monitoring.

Run

ansible-playbook tocproject.toc.obs

When connected to the VPN:

Grafana is available at https://obs.<toc_workspace>.toc.

Dev services

Deploy Git repository service
Deploy CI/CD service with Git portal integration

Run

ansible-playbook tocproject.toc.git && \
ansible-playbook tocproject.toc.bot

When connected to the VPN:

Git is available at https://git.<toc_workspace>.toc.
CI/CD is available at https://bot.<toc_workspace>.toc.