Cluster.md

Install a Cluster

Liquid Node requires a Nomad + Consul + Vault cluster where the software will be deployed. There are a few options:

• Install the Liquid Cluster - automated single-machine cluster, read the instructions before using in production
• Install a Cluster Manually - for production or barebones development setups
• Use Vagrant - run vagrant up and be happy

Whichever option you choose, you will also need to:

• Increase vm.max_map_count to at least 262144, to make elasticsearch happy - see the docs about elasticsearch in docker for details.
• Make sure you have Python >= 3.7 installed.
• Configure Nomad meta values.

Install the Liquid Cluster

liquidinvestigations/cluster is a self-configuring cluster of Consul + Vault + Nomad. It's optimised for local development, testing, and demo/staging servers.

Use the Docker installation method for cluster with a version later than 0.9.0:

cd /opt/cluster
git checkout v0.9.0
vim cluster.ini
./bin/docker.sh --rm --image liquidinvestigations/cluster:0.9.0

Add the following to cluster.ini, assuming the node repo was cloned in /opt/node:

[nomad_meta]

# set on the one node that will listen on 80 and 443
liquid_ingress = true

# the path on the host that will mount volumes
liquid_volumes = /opt/node/volumes

# the path on the host that points to the original collections
liquid_collections = /opt/node/collections

Note: the system currently assumes that cluster is running in

Install a Nomad + Vault + Consul Cluster Manually

This project assumes that Nomad, Consul and Vault are running as instructed above. If more flexibility is needed, open an issue.

Nomad configuration

The following Nomad Meta values need to be set:

• liquid_ingress = true -- Set on the one node that will listen on 80 and 443
• liquid_volumes = /path/to/volumes -- The path on the host that will mount volumes.
• liquid_collections = /path/to/collections -- The path on the host that points to the original collections
• liquid_large_databases = true -- All large databases have max affinity to nodes that have this parameter set. This should be set to true only on storage servers, not storage clients.

The job constraints are set up in such a way that one single node will need to have both flags set.

The ./liquid * commands require both paths mentioned above to function. Take care to set [liquid] volumes and [liquid] collections in liquid.ini to the same paths as liquid_volumes and liquid_collections.

Vault token

The liquid deployment script needs a Vault token to configure secrets for the apps. It will read the token from an ini file which can be configured in liquid.ini.

[cluster]
vault_secrets = ../cluster/var/vault-secrets.ini

The default assumes a Liquid Cluster is installed and running in a folder adjacent to the node directory. vault-secrets.ini will be generated by the ./cluster.py autovault command. Otherwise, you can create it manually in a different location, with the following contents:

[vault]
root_token = s.Cmro41vNI4wIndgrPqzlqOKY