jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/docs/book/guides/from-scratch.html
Jesús Pérez 6a59d34bb1
chore: update provisioning configuration and documentation 
Update configuration files, templates, and internal documentation
for the provisioning repository system.

Configuration Updates:
- KMS configuration modernization
- Plugin system settings
- Service port mappings
- Test cluster topologies
- Installation configuration examples
- VM configuration defaults
- Cedar authorization policies

Documentation Updates:
- Library module documentation
- Extension API guides
- AI system documentation
- Service management guides
- Test environment setup
- Plugin usage guides
- Validator configuration documentation

All changes are backward compatible.
2025-12-11 21:50:42 +00:00

1093 lines
45 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>From Scratch Deployment - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/guides/from-scratch.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="complete-deployment-guide-from-scratch-to-production"><a class="header" href="#complete-deployment-guide-from-scratch-to-production">Complete Deployment Guide: From Scratch to Production</a></h1>
<p><strong>Version</strong>: 3.5.0
<strong>Last Updated</strong>: 2025-10-09
<strong>Estimated Time</strong>: 30-60 minutes
<strong>Difficulty</strong>: Beginner to Intermediate</p>
<hr />
<h2 id="table-of-contents"><a class="header" href="#table-of-contents">Table of Contents</a></h2>
<ol>
<li><a href="#prerequisites">Prerequisites</a></li>
<li><a href="#step-1-install-nushell">Step 1: Install Nushell</a></li>
<li><a href="#step-2-install-nushell-plugins-recommended">Step 2: Install Nushell Plugins (Recommended)</a></li>
<li><a href="#step-3-install-required-tools">Step 3: Install Required Tools</a></li>
<li><a href="#step-4-clone-and-setup-project">Step 4: Clone and Setup Project</a></li>
<li><a href="#step-5-initialize-workspace">Step 5: Initialize Workspace</a></li>
<li><a href="#step-6-configure-environment">Step 6: Configure Environment</a></li>
<li><a href="#step-7-discover-and-load-modules">Step 7: Discover and Load Modules</a></li>
<li><a href="#step-8-validate-configuration">Step 8: Validate Configuration</a></li>
<li><a href="#step-9-deploy-servers">Step 9: Deploy Servers</a></li>
<li><a href="#step-10-install-task-services">Step 10: Install Task Services</a></li>
<li><a href="#step-11-create-clusters">Step 11: Create Clusters</a></li>
<li><a href="#step-12-verify-deployment">Step 12: Verify Deployment</a></li>
<li><a href="#step-13-post-deployment">Step 13: Post-Deployment</a></li>
<li><a href="#troubleshooting">Troubleshooting</a></li>
<li><a href="#next-steps">Next Steps</a></li>
</ol>
<hr />
<h2 id="prerequisites"><a class="header" href="#prerequisites">Prerequisites</a></h2>
<p>Before starting, ensure you have:</p>
<ul>
<li><strong>Operating System</strong>: macOS, Linux, or Windows (WSL2 recommended)</li>
<li><strong>Administrator Access</strong>: Ability to install software and configure system</li>
<li><strong>Internet Connection</strong>: For downloading dependencies and accessing cloud providers</li>
<li><strong>Cloud Provider Credentials</strong>: UpCloud, AWS, or local development environment</li>
<li><strong>Basic Terminal Knowledge</strong>: Comfortable running shell commands</li>
<li><strong>Text Editor</strong>: vim, nano, VSCode, or your preferred editor</li>
</ul>
<h3 id="recommended-hardware"><a class="header" href="#recommended-hardware">Recommended Hardware</a></h3>
<ul>
<li><strong>CPU</strong>: 2+ cores</li>
<li><strong>RAM</strong>: 8GB minimum, 16GB recommended</li>
<li><strong>Disk</strong>: 20GB free space minimum</li>
</ul>
<hr />
<h2 id="step-1-install-nushell"><a class="header" href="#step-1-install-nushell">Step 1: Install Nushell</a></h2>
<p>Nushell 0.107.1+ is the primary shell and scripting language for the provisioning platform.</p>
<h3 id="macos-via-homebrew"><a class="header" href="#macos-via-homebrew">macOS (via Homebrew)</a></h3>
<pre><code class="language-bash"># Install Nushell
brew install nushell
# Verify installation
nu --version
# Expected: 0.107.1 or higher
</code></pre>
<h3 id="linux-via-package-manager"><a class="header" href="#linux-via-package-manager">Linux (via Package Manager)</a></h3>
<p><strong>Ubuntu/Debian:</strong></p>
<pre><code class="language-bash"># Add Nushell repository
curl -fsSL https://starship.rs/install.sh | bash
# Install Nushell
sudo apt update
sudo apt install nushell
# Verify installation
nu --version
</code></pre>
<p><strong>Fedora:</strong></p>
<pre><code class="language-bash">sudo dnf install nushell
nu --version
</code></pre>
<p><strong>Arch Linux:</strong></p>
<pre><code class="language-bash">sudo pacman -S nushell
nu --version
</code></pre>
<h3 id="linuxmacos-via-cargo"><a class="header" href="#linuxmacos-via-cargo">Linux/macOS (via Cargo)</a></h3>
<pre><code class="language-bash"># Install Rust (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
# Install Nushell
cargo install nu --locked
# Verify installation
nu --version
</code></pre>
<h3 id="windows-via-winget"><a class="header" href="#windows-via-winget">Windows (via Winget)</a></h3>
<pre><code class="language-powershell"># Install Nushell
winget install nushell
# Verify installation
nu --version
</code></pre>
<h3 id="configure-nushell"><a class="header" href="#configure-nushell">Configure Nushell</a></h3>
<pre><code class="language-bash"># Start Nushell
nu
# Configure (creates default config if not exists)
config nu
</code></pre>
<hr />
<h2 id="step-2-install-nushell-plugins-recommended"><a class="header" href="#step-2-install-nushell-plugins-recommended">Step 2: Install Nushell Plugins (Recommended)</a></h2>
<p>Native plugins provide <strong>10-50x performance improvement</strong> for authentication, KMS, and orchestrator operations.</p>
<h3 id="why-install-plugins"><a class="header" href="#why-install-plugins">Why Install Plugins?</a></h3>
<p><strong>Performance Gains:</strong></p>
<ul>
<li>🚀 <strong>KMS operations</strong>: ~5ms vs ~50ms (10x faster)</li>
<li>🚀 <strong>Orchestrator queries</strong>: ~1ms vs ~30ms (30x faster)</li>
<li>🚀 <strong>Batch encryption</strong>: 100 files in 0.5s vs 5s (10x faster)</li>
</ul>
<p><strong>Benefits:</strong></p>
<ul>
<li>✅ Native Nushell integration (pipelines, data structures)</li>
<li>✅ OS keyring for secure token storage</li>
<li>✅ Offline capability (Age encryption, local orchestrator)</li>
<li>✅ Graceful fallback to HTTP if not installed</li>
</ul>
<h3 id="prerequisites-for-building-plugins"><a class="header" href="#prerequisites-for-building-plugins">Prerequisites for Building Plugins</a></h3>
<pre><code class="language-bash"># Install Rust toolchain (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
rustc --version
# Expected: rustc 1.75+ or higher
# Linux only: Install development packages
sudo apt install libssl-dev pkg-config # Ubuntu/Debian
sudo dnf install openssl-devel # Fedora
# Linux only: Install keyring service (required for auth plugin)
sudo apt install gnome-keyring # Ubuntu/Debian (GNOME)
sudo apt install kwalletmanager # Ubuntu/Debian (KDE)
</code></pre>
<h3 id="build-plugins"><a class="header" href="#build-plugins">Build Plugins</a></h3>
<pre><code class="language-bash"># Navigate to plugins directory
cd provisioning/core/plugins/nushell-plugins
# Build all three plugins in release mode (optimized)
cargo build --release --all
# Expected output:
# Compiling nu_plugin_auth v0.1.0
# Compiling nu_plugin_kms v0.1.0
# Compiling nu_plugin_orchestrator v0.1.0
# Finished release [optimized] target(s) in 2m 15s
</code></pre>
<p><strong>Build time</strong>: ~2-5 minutes depending on hardware</p>
<h3 id="register-plugins-with-nushell"><a class="header" href="#register-plugins-with-nushell">Register Plugins with Nushell</a></h3>
<pre><code class="language-bash"># Register all three plugins (full paths recommended)
plugin add $PWD/target/release/nu_plugin_auth
plugin add $PWD/target/release/nu_plugin_kms
plugin add $PWD/target/release/nu_plugin_orchestrator
# Alternative (from plugins directory)
plugin add target/release/nu_plugin_auth
plugin add target/release/nu_plugin_kms
plugin add target/release/nu_plugin_orchestrator
</code></pre>
<h3 id="verify-plugin-installation"><a class="header" href="#verify-plugin-installation">Verify Plugin Installation</a></h3>
<pre><code class="language-bash"># List registered plugins
plugin list | where name =~ "auth|kms|orch"
# Expected output:
# ╭───┬─────────────────────────┬─────────┬───────────────────────────────────╮
# │ # │ name │ version │ filename │
# ├───┼─────────────────────────┼─────────┼───────────────────────────────────┤
# │ 0 │ nu_plugin_auth │ 0.1.0 │ .../nu_plugin_auth │
# │ 1 │ nu_plugin_kms │ 0.1.0 │ .../nu_plugin_kms │
# │ 2 │ nu_plugin_orchestrator │ 0.1.0 │ .../nu_plugin_orchestrator │
# ╰───┴─────────────────────────┴─────────┴───────────────────────────────────╯
# Test each plugin
auth --help # Should show auth commands
kms --help # Should show kms commands
orch --help # Should show orch commands
</code></pre>
<h3 id="configure-plugin-environments"><a class="header" href="#configure-plugin-environments">Configure Plugin Environments</a></h3>
<pre><code class="language-bash"># Add to ~/.config/nushell/env.nu
$env.CONTROL_CENTER_URL = "http://localhost:3000"
$env.RUSTYVAULT_ADDR = "http://localhost:8200"
$env.RUSTYVAULT_TOKEN = "your-vault-token-here"
$env.ORCHESTRATOR_DATA_DIR = "provisioning/platform/orchestrator/data"
# For Age encryption (local development)
$env.AGE_IDENTITY = $"($env.HOME)/.age/key.txt"
$env.AGE_RECIPIENT = "age1xxxxxxxxx" # Replace with your public key
</code></pre>
<h3 id="test-plugins-quick-smoke-test"><a class="header" href="#test-plugins-quick-smoke-test">Test Plugins (Quick Smoke Test)</a></h3>
<pre><code class="language-bash"># Test KMS plugin (requires backend configured)
kms status
# Expected: { backend: "rustyvault", status: "healthy", ... }
# Or: Error if backend not configured (OK for now)
# Test orchestrator plugin (reads local files)
orch status
# Expected: { active_tasks: 0, completed_tasks: 0, health: "healthy" }
# Or: Error if orchestrator not started yet (OK for now)
# Test auth plugin (requires control center)
auth verify
# Expected: { active: false }
# Or: Error if control center not running (OK for now)
</code></pre>
<p><strong>Note</strong>: Its OK if plugins show errors at this stage. Well configure backends and services later.</p>
<h3 id="skip-plugins-not-recommended"><a class="header" href="#skip-plugins-not-recommended">Skip Plugins? (Not Recommended)</a></h3>
<p>If you want to skip plugin installation for now:</p>
<ul>
<li>✅ All features work via HTTP API (slower but functional)</li>
<li>⚠️ Youll miss 10-50x performance improvements</li>
<li>⚠️ No offline capability for KMS/orchestrator</li>
<li> You can install plugins later anytime</li>
</ul>
<p>To use HTTP fallback:</p>
<pre><code class="language-bash"># System automatically uses HTTP if plugins not available
# No configuration changes needed
</code></pre>
<hr />
<h2 id="step-3-install-required-tools"><a class="header" href="#step-3-install-required-tools">Step 3: Install Required Tools</a></h2>
<h3 id="essential-tools"><a class="header" href="#essential-tools">Essential Tools</a></h3>
<p><strong>KCL (Configuration Language)</strong></p>
<pre><code class="language-bash"># macOS
brew install kcl
# Linux
curl -fsSL https://kcl-lang.io/script/install.sh | /bin/bash
# Verify
kcl version
# Expected: 0.11.2 or higher
</code></pre>
<p><strong>SOPS (Secrets Management)</strong></p>
<pre><code class="language-bash"># macOS
brew install sops
# Linux
wget https://github.com/mozilla/sops/releases/download/v3.10.2/sops-v3.10.2.linux.amd64
sudo mv sops-v3.10.2.linux.amd64 /usr/local/bin/sops
sudo chmod +x /usr/local/bin/sops
# Verify
sops --version
# Expected: 3.10.2 or higher
</code></pre>
<p><strong>Age (Encryption Tool)</strong></p>
<pre><code class="language-bash"># macOS
brew install age
# Linux
sudo apt install age # Ubuntu/Debian
sudo dnf install age # Fedora
# Or from source
go install filippo.io/age/cmd/...@latest
# Verify
age --version
# Expected: 1.2.1 or higher
# Generate Age key (for local encryption)
age-keygen -o ~/.age/key.txt
cat ~/.age/key.txt
# Save the public key (age1...) for later
</code></pre>
<h3 id="optional-but-recommended-tools"><a class="header" href="#optional-but-recommended-tools">Optional but Recommended Tools</a></h3>
<p><strong>K9s (Kubernetes Management)</strong></p>
<pre><code class="language-bash"># macOS
brew install k9s
# Linux
curl -sS https://webinstall.dev/k9s | bash
# Verify
k9s version
# Expected: 0.50.6 or higher
</code></pre>
<p><strong>glow (Markdown Renderer)</strong></p>
<pre><code class="language-bash"># macOS
brew install glow
# Linux
sudo apt install glow # Ubuntu/Debian
sudo dnf install glow # Fedora
# Verify
glow --version
</code></pre>
<hr />
<h2 id="step-4-clone-and-setup-project"><a class="header" href="#step-4-clone-and-setup-project">Step 4: Clone and Setup Project</a></h2>
<h3 id="clone-repository"><a class="header" href="#clone-repository">Clone Repository</a></h3>
<pre><code class="language-bash"># Clone project
git clone https://github.com/your-org/project-provisioning.git
cd project-provisioning
# Or if already cloned, update to latest
git pull origin main
</code></pre>
<h3 id="add-cli-to-path-optional"><a class="header" href="#add-cli-to-path-optional">Add CLI to PATH (Optional)</a></h3>
<pre><code class="language-bash"># Add to ~/.bashrc or ~/.zshrc
export PATH="$PATH:/Users/Akasha/project-provisioning/provisioning/core/cli"
# Or create symlink
sudo ln -s /Users/Akasha/project-provisioning/provisioning/core/cli/provisioning /usr/local/bin/provisioning
# Verify
provisioning version
# Expected: 3.5.0
</code></pre>
<hr />
<h2 id="step-5-initialize-workspace"><a class="header" href="#step-5-initialize-workspace">Step 5: Initialize Workspace</a></h2>
<p>A workspace is a self-contained environment for managing infrastructure.</p>
<h3 id="create-new-workspace"><a class="header" href="#create-new-workspace">Create New Workspace</a></h3>
<pre><code class="language-bash"># Initialize new workspace
provisioning workspace init --name production
# Or use interactive mode
provisioning workspace init
# Name: production
# Description: Production infrastructure
# Provider: upcloud
</code></pre>
<p><strong>What this creates:</strong></p>
<pre><code>workspace/
├── config/
│ ├── provisioning.yaml # Main configuration
│ ├── local-overrides.toml # User-specific settings
│ └── providers/ # Provider configurations
├── infra/ # Infrastructure definitions
├── extensions/ # Custom modules
└── runtime/ # Runtime data and state
</code></pre>
<h3 id="verify-workspace"><a class="header" href="#verify-workspace">Verify Workspace</a></h3>
<pre><code class="language-bash"># Show workspace info
provisioning workspace info
# List all workspaces
provisioning workspace list
# Show active workspace
provisioning workspace active
# Expected: production
</code></pre>
<hr />
<h2 id="step-6-configure-environment"><a class="header" href="#step-6-configure-environment">Step 6: Configure Environment</a></h2>
<h3 id="set-provider-credentials"><a class="header" href="#set-provider-credentials">Set Provider Credentials</a></h3>
<p><strong>UpCloud Provider:</strong></p>
<pre><code class="language-bash"># Create provider config
vim workspace/config/providers/upcloud.toml
</code></pre>
<pre><code class="language-toml">[upcloud]
username = "your-upcloud-username"
password = "your-upcloud-password" # Will be encrypted
# Default settings
default_zone = "de-fra1"
default_plan = "2xCPU-4GB"
</code></pre>
<p><strong>AWS Provider:</strong></p>
<pre><code class="language-bash"># Create AWS config
vim workspace/config/providers/aws.toml
</code></pre>
<pre><code class="language-toml">[aws]
region = "us-east-1"
access_key_id = "AKIAXXXXX"
secret_access_key = "xxxxx" # Will be encrypted
# Default settings
default_instance_type = "t3.medium"
default_region = "us-east-1"
</code></pre>
<h3 id="encrypt-sensitive-data"><a class="header" href="#encrypt-sensitive-data">Encrypt Sensitive Data</a></h3>
<pre><code class="language-bash"># Generate Age key if not done already
age-keygen -o ~/.age/key.txt
# Encrypt provider configs
kms encrypt (open workspace/config/providers/upcloud.toml) --backend age \
| save workspace/config/providers/upcloud.toml.enc
# Or use SOPS
sops --encrypt --age $(cat ~/.age/key.txt | grep "public key:" | cut -d: -f2) \
workspace/config/providers/upcloud.toml &gt; workspace/config/providers/upcloud.toml.enc
# Remove plaintext
rm workspace/config/providers/upcloud.toml
</code></pre>
<h3 id="configure-local-overrides"><a class="header" href="#configure-local-overrides">Configure Local Overrides</a></h3>
<pre><code class="language-bash"># Edit user-specific settings
vim workspace/config/local-overrides.toml
</code></pre>
<pre><code class="language-toml">[user]
name = "admin"
email = "admin@example.com"
[preferences]
editor = "vim"
output_format = "yaml"
confirm_delete = true
confirm_deploy = true
[http]
use_curl = true # Use curl instead of ureq
[paths]
ssh_key = "~/.ssh/id_ed25519"
</code></pre>
<hr />
<h2 id="step-7-discover-and-load-modules"><a class="header" href="#step-7-discover-and-load-modules">Step 7: Discover and Load Modules</a></h2>
<h3 id="discover-available-modules"><a class="header" href="#discover-available-modules">Discover Available Modules</a></h3>
<pre><code class="language-bash"># Discover task services
provisioning module discover taskserv
# Shows: kubernetes, containerd, etcd, cilium, helm, etc.
# Discover providers
provisioning module discover provider
# Shows: upcloud, aws, local
# Discover clusters
provisioning module discover cluster
# Shows: buildkit, registry, monitoring, etc.
</code></pre>
<h3 id="load-modules-into-workspace"><a class="header" href="#load-modules-into-workspace">Load Modules into Workspace</a></h3>
<pre><code class="language-bash"># Load Kubernetes taskserv
provisioning module load taskserv production kubernetes
# Load multiple modules
provisioning module load taskserv production kubernetes containerd cilium
# Load cluster configuration
provisioning module load cluster production buildkit
# Verify loaded modules
provisioning module list taskserv production
provisioning module list cluster production
</code></pre>
<hr />
<h2 id="step-8-validate-configuration"><a class="header" href="#step-8-validate-configuration">Step 8: Validate Configuration</a></h2>
<p>Before deploying, validate all configuration:</p>
<pre><code class="language-bash"># Validate workspace configuration
provisioning workspace validate
# Validate infrastructure configuration
provisioning validate config
# Validate specific infrastructure
provisioning infra validate --infra production
# Check environment variables
provisioning env
# Show all configuration and environment
provisioning allenv
</code></pre>
<p><strong>Expected output:</strong></p>
<pre><code>✓ Configuration valid
✓ Provider credentials configured
✓ Workspace initialized
✓ Modules loaded: 3 taskservs, 1 cluster
✓ SSH key configured
✓ Age encryption key available
</code></pre>
<p><strong>Fix any errors</strong> before proceeding to deployment.</p>
<hr />
<h2 id="step-9-deploy-servers"><a class="header" href="#step-9-deploy-servers">Step 9: Deploy Servers</a></h2>
<h3 id="preview-server-creation-dry-run"><a class="header" href="#preview-server-creation-dry-run">Preview Server Creation (Dry Run)</a></h3>
<pre><code class="language-bash"># Check what would be created (no actual changes)
provisioning server create --infra production --check
# With debug output for details
provisioning server create --infra production --check --debug
</code></pre>
<p><strong>Review the output:</strong></p>
<ul>
<li>Server names and configurations</li>
<li>Zones and regions</li>
<li>CPU, memory, disk specifications</li>
<li>Estimated costs</li>
<li>Network settings</li>
</ul>
<h3 id="create-servers"><a class="header" href="#create-servers">Create Servers</a></h3>
<pre><code class="language-bash"># Create servers (with confirmation prompt)
provisioning server create --infra production
# Or auto-confirm (skip prompt)
provisioning server create --infra production --yes
# Wait for completion
provisioning server create --infra production --wait
</code></pre>
<p><strong>Expected output:</strong></p>
<pre><code>Creating servers for infrastructure: production
● Creating server: k8s-master-01 (de-fra1, 4xCPU-8GB)
● Creating server: k8s-worker-01 (de-fra1, 4xCPU-8GB)
● Creating server: k8s-worker-02 (de-fra1, 4xCPU-8GB)
✓ Created 3 servers in 120 seconds
Servers:
• k8s-master-01: 192.168.1.10 (Running)
• k8s-worker-01: 192.168.1.11 (Running)
• k8s-worker-02: 192.168.1.12 (Running)
</code></pre>
<h3 id="verify-server-creation"><a class="header" href="#verify-server-creation">Verify Server Creation</a></h3>
<pre><code class="language-bash"># List all servers
provisioning server list --infra production
# Show detailed server info
provisioning server list --infra production --out yaml
# SSH to server (test connectivity)
provisioning server ssh k8s-master-01
# Type 'exit' to return
</code></pre>
<hr />
<h2 id="step-10-install-task-services"><a class="header" href="#step-10-install-task-services">Step 10: Install Task Services</a></h2>
<p>Task services are infrastructure components like Kubernetes, databases, monitoring, etc.</p>
<h3 id="install-kubernetes-check-mode-first"><a class="header" href="#install-kubernetes-check-mode-first">Install Kubernetes (Check Mode First)</a></h3>
<pre><code class="language-bash"># Preview Kubernetes installation
provisioning taskserv create kubernetes --infra production --check
# Shows:
# - Dependencies required (containerd, etcd)
# - Configuration to be applied
# - Resources needed
# - Estimated installation time
</code></pre>
<h3 id="install-kubernetes"><a class="header" href="#install-kubernetes">Install Kubernetes</a></h3>
<pre><code class="language-bash"># Install Kubernetes (with dependencies)
provisioning taskserv create kubernetes --infra production
# Or install dependencies first
provisioning taskserv create containerd --infra production
provisioning taskserv create etcd --infra production
provisioning taskserv create kubernetes --infra production
# Monitor progress
provisioning workflow monitor &lt;task_id&gt;
</code></pre>
<p><strong>Expected output:</strong></p>
<pre><code>Installing taskserv: kubernetes
● Installing containerd on k8s-master-01
● Installing containerd on k8s-worker-01
● Installing containerd on k8s-worker-02
✓ Containerd installed (30s)
● Installing etcd on k8s-master-01
✓ etcd installed (20s)
● Installing Kubernetes control plane on k8s-master-01
✓ Kubernetes control plane ready (45s)
● Joining worker nodes
✓ k8s-worker-01 joined (15s)
✓ k8s-worker-02 joined (15s)
✓ Kubernetes installation complete (125 seconds)
Cluster Info:
• Version: 1.28.0
• Nodes: 3 (1 control-plane, 2 workers)
• API Server: https://192.168.1.10:6443
</code></pre>
<h3 id="install-additional-services"><a class="header" href="#install-additional-services">Install Additional Services</a></h3>
<pre><code class="language-bash"># Install Cilium (CNI)
provisioning taskserv create cilium --infra production
# Install Helm
provisioning taskserv create helm --infra production
# Verify all taskservs
provisioning taskserv list --infra production
</code></pre>
<hr />
<h2 id="step-11-create-clusters"><a class="header" href="#step-11-create-clusters">Step 11: Create Clusters</a></h2>
<p>Clusters are complete application stacks (e.g., BuildKit, OCI Registry, Monitoring).</p>
<h3 id="create-buildkit-cluster-check-mode"><a class="header" href="#create-buildkit-cluster-check-mode">Create BuildKit Cluster (Check Mode)</a></h3>
<pre><code class="language-bash"># Preview cluster creation
provisioning cluster create buildkit --infra production --check
# Shows:
# - Components to be deployed
# - Dependencies required
# - Configuration values
# - Resource requirements
</code></pre>
<h3 id="create-buildkit-cluster"><a class="header" href="#create-buildkit-cluster">Create BuildKit Cluster</a></h3>
<pre><code class="language-bash"># Create BuildKit cluster
provisioning cluster create buildkit --infra production
# Monitor deployment
provisioning workflow monitor &lt;task_id&gt;
# Or use plugin for faster monitoring
orch tasks --status running
</code></pre>
<p><strong>Expected output:</strong></p>
<pre><code>Creating cluster: buildkit
● Deploying BuildKit daemon
● Deploying BuildKit worker
● Configuring BuildKit cache
● Setting up BuildKit registry integration
✓ BuildKit cluster ready (60 seconds)
Cluster Info:
• BuildKit version: 0.12.0
• Workers: 2
• Cache: 50GB
• Registry: registry.production.local
</code></pre>
<h3 id="verify-cluster"><a class="header" href="#verify-cluster">Verify Cluster</a></h3>
<pre><code class="language-bash"># List all clusters
provisioning cluster list --infra production
# Show cluster details
provisioning cluster list --infra production --out yaml
# Check cluster health
kubectl get pods -n buildkit
</code></pre>
<hr />
<h2 id="step-12-verify-deployment"><a class="header" href="#step-12-verify-deployment">Step 12: Verify Deployment</a></h2>
<h3 id="comprehensive-health-check"><a class="header" href="#comprehensive-health-check">Comprehensive Health Check</a></h3>
<pre><code class="language-bash"># Check orchestrator status
orch status
# or
provisioning orchestrator status
# Check all servers
provisioning server list --infra production
# Check all taskservs
provisioning taskserv list --infra production
# Check all clusters
provisioning cluster list --infra production
# Verify Kubernetes cluster
kubectl get nodes
kubectl get pods --all-namespaces
</code></pre>
<h3 id="run-validation-tests"><a class="header" href="#run-validation-tests">Run Validation Tests</a></h3>
<pre><code class="language-bash"># Validate infrastructure
provisioning infra validate --infra production
# Test connectivity
provisioning server ssh k8s-master-01 "kubectl get nodes"
# Test BuildKit
kubectl exec -it -n buildkit buildkit-0 -- buildctl --version
</code></pre>
<h3 id="expected-results"><a class="header" href="#expected-results">Expected Results</a></h3>
<p>All checks should show:</p>
<ul>
<li>✅ Servers: Running</li>
<li>✅ Taskservs: Installed and healthy</li>
<li>✅ Clusters: Deployed and operational</li>
<li>✅ Kubernetes: 3/3 nodes ready</li>
<li>✅ BuildKit: 2/2 workers ready</li>
</ul>
<hr />
<h2 id="step-13-post-deployment"><a class="header" href="#step-13-post-deployment">Step 13: Post-Deployment</a></h2>
<h3 id="configure-kubectl-access"><a class="header" href="#configure-kubectl-access">Configure kubectl Access</a></h3>
<pre><code class="language-bash"># Get kubeconfig from master node
provisioning server ssh k8s-master-01 "cat ~/.kube/config" &gt; ~/.kube/config-production
# Set KUBECONFIG
export KUBECONFIG=~/.kube/config-production
# Verify access
kubectl get nodes
kubectl get pods --all-namespaces
</code></pre>
<h3 id="set-up-monitoring-optional"><a class="header" href="#set-up-monitoring-optional">Set Up Monitoring (Optional)</a></h3>
<pre><code class="language-bash"># Deploy monitoring stack
provisioning cluster create monitoring --infra production
# Access Grafana
kubectl port-forward -n monitoring svc/grafana 3000:80
# Open: http://localhost:3000
</code></pre>
<h3 id="configure-cicd-integration-optional"><a class="header" href="#configure-cicd-integration-optional">Configure CI/CD Integration (Optional)</a></h3>
<pre><code class="language-bash"># Generate CI/CD credentials
provisioning secrets generate aws --ttl 12h
# Create CI/CD kubeconfig
kubectl create serviceaccount ci-cd -n default
kubectl create clusterrolebinding ci-cd --clusterrole=admin --serviceaccount=default:ci-cd
</code></pre>
<h3 id="backup-configuration"><a class="header" href="#backup-configuration">Backup Configuration</a></h3>
<pre><code class="language-bash"># Backup workspace configuration
tar -czf workspace-production-backup.tar.gz workspace/
# Encrypt backup
kms encrypt (open workspace-production-backup.tar.gz | encode base64) --backend age \
| save workspace-production-backup.tar.gz.enc
# Store securely (S3, Vault, etc.)
</code></pre>
<hr />
<h2 id="troubleshooting"><a class="header" href="#troubleshooting">Troubleshooting</a></h2>
<h3 id="server-creation-fails"><a class="header" href="#server-creation-fails">Server Creation Fails</a></h3>
<p><strong>Problem</strong>: Server creation times out or fails</p>
<pre><code class="language-bash"># Check provider credentials
provisioning validate config
# Check provider API status
curl -u username:password https://api.upcloud.com/1.3/account
# Try with debug mode
provisioning server create --infra production --check --debug
</code></pre>
<h3 id="taskserv-installation-fails"><a class="header" href="#taskserv-installation-fails">Taskserv Installation Fails</a></h3>
<p><strong>Problem</strong>: Kubernetes installation fails</p>
<pre><code class="language-bash"># Check server connectivity
provisioning server ssh k8s-master-01
# Check logs
provisioning orchestrator logs | grep kubernetes
# Check dependencies
provisioning taskserv list --infra production | where status == "failed"
# Retry installation
provisioning taskserv delete kubernetes --infra production
provisioning taskserv create kubernetes --infra production
</code></pre>
<h3 id="plugin-commands-dont-work"><a class="header" href="#plugin-commands-dont-work">Plugin Commands Dont Work</a></h3>
<p><strong>Problem</strong>: <code>auth</code>, <code>kms</code>, or <code>orch</code> commands not found</p>
<pre><code class="language-bash"># Check plugin registration
plugin list | where name =~ "auth|kms|orch"
# Re-register if missing
cd provisioning/core/plugins/nushell-plugins
plugin add target/release/nu_plugin_auth
plugin add target/release/nu_plugin_kms
plugin add target/release/nu_plugin_orchestrator
# Restart Nushell
exit
nu
</code></pre>
<h3 id="kms-encryption-fails"><a class="header" href="#kms-encryption-fails">KMS Encryption Fails</a></h3>
<p><strong>Problem</strong>: <code>kms encrypt</code> returns error</p>
<pre><code class="language-bash"># Check backend status
kms status
# Check RustyVault running
curl http://localhost:8200/v1/sys/health
# Use Age backend instead (local)
kms encrypt "data" --backend age --key age1xxxxxxxxx
# Check Age key
cat ~/.age/key.txt
</code></pre>
<h3 id="orchestrator-not-running"><a class="header" href="#orchestrator-not-running">Orchestrator Not Running</a></h3>
<p><strong>Problem</strong>: <code>orch status</code> returns error</p>
<pre><code class="language-bash"># Check orchestrator status
ps aux | grep orchestrator
# Start orchestrator
cd provisioning/platform/orchestrator
./scripts/start-orchestrator.nu --background
# Check logs
tail -f provisioning/platform/orchestrator/data/orchestrator.log
</code></pre>
<h3 id="configuration-validation-errors"><a class="header" href="#configuration-validation-errors">Configuration Validation Errors</a></h3>
<p><strong>Problem</strong>: <code>provisioning validate config</code> shows errors</p>
<pre><code class="language-bash"># Show detailed errors
provisioning validate config --debug
# Check configuration files
provisioning allenv
# Fix missing settings
vim workspace/config/local-overrides.toml
</code></pre>
<hr />
<h2 id="next-steps"><a class="header" href="#next-steps">Next Steps</a></h2>
<h3 id="explore-advanced-features"><a class="header" href="#explore-advanced-features">Explore Advanced Features</a></h3>
<ol>
<li>
<p><strong>Multi-Environment Deployment</strong></p>
<pre><code class="language-bash"># Create dev and staging workspaces
provisioning workspace create dev
provisioning workspace create staging
provisioning workspace switch dev
</code></pre>
</li>
<li>
<p><strong>Batch Operations</strong></p>
<pre><code class="language-bash"># Deploy to multiple clouds
provisioning batch submit workflows/multi-cloud-deploy.k
</code></pre>
</li>
<li>
<p><strong>Security Features</strong></p>
<pre><code class="language-bash"># Enable MFA
auth mfa enroll totp
# Set up break-glass
provisioning break-glass request "Emergency access"
</code></pre>
</li>
<li>
<p><strong>Compliance and Audit</strong></p>
<pre><code class="language-bash"># Generate compliance report
provisioning compliance report --standard soc2
</code></pre>
</li>
</ol>
<h3 id="learn-more"><a class="header" href="#learn-more">Learn More</a></h3>
<ul>
<li><strong>Quick Reference</strong>: <code>provisioning sc</code> or <code>docs/guides/quickstart-cheatsheet.md</code></li>
<li><strong>Update Guide</strong>: <code>docs/guides/update-infrastructure.md</code></li>
<li><strong>Customize Guide</strong>: <code>docs/guides/customize-infrastructure.md</code></li>
<li><strong>Plugin Guide</strong>: <code>docs/user/PLUGIN_INTEGRATION_GUIDE.md</code></li>
<li><strong>Security System</strong>: <code>docs/architecture/ADR-009-security-system-complete.md</code></li>
</ul>
<h3 id="get-help"><a class="header" href="#get-help">Get Help</a></h3>
<pre><code class="language-bash"># Show help for any command
provisioning help
provisioning help server
provisioning help taskserv
# Check version
provisioning version
# Start Nushell session with provisioning library
provisioning nu
</code></pre>
<hr />
<h2 id="summary"><a class="header" href="#summary">Summary</a></h2>
<p>Youve successfully:</p>
<p>✅ Installed Nushell and essential tools
✅ Built and registered native plugins (10-50x faster operations)
✅ Cloned and configured the project
✅ Initialized a production workspace
✅ Configured provider credentials
✅ Deployed servers
✅ Installed Kubernetes and task services
✅ Created application clusters
✅ Verified complete deployment</p>
<p><strong>Your infrastructure is now ready for production use!</strong></p>
<hr />
<p><strong>Estimated Total Time</strong>: 30-60 minutes
<strong>Next Guide</strong>: <a href="update-infrastructure.html">Update Infrastructure</a>
<strong>Questions?</strong>: Open an issue or contact platform-team@example.com</p>
<p><strong>Last Updated</strong>: 2025-10-09
<strong>Version</strong>: 3.5.0</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../development/CTRL-C_IMPLEMENTATION_NOTES.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../guides/update-infrastructure.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../development/CTRL-C_IMPLEMENTATION_NOTES.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../guides/update-infrastructure.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink