sudo curl -fsSL -o /tmp/install-flynn https://dl.flynn.io/install-flynn
sudo bash /tmp/install-flynn --channel nightly
sudo flynn-host init --init-discovery
sudo flynn-host init --discovery __token__
zpool create flynn-default /dev/sdb1
sudo service flynn-host start
sudo CLUSTER_DOMAIN=demo.localflynn.com flynn-host bootstrap --min-hosts 3 --discovery __token__
sudo bash /tmp/install-flynn --clean --yes
- follow the instructions here: https://github.com/google/acme (you should end up with cert & key in ~/.config/acme/)
- acme cert -manual example.com
- then update the route for the domain
flynn route update <route-id> --tls-key ~/.config/acme/your-domain.key --tls-cert ~/.config/acme/your-domain.crt
hint: to get the route id, just call flynn route
scp ~/dev/devops/flynn/current.tar root@flynn.host:~
sudo service flynn-host start
sudo flynn-host bootstrap --from-backup ~/current.tar --min-hosts 1
flynn-host collect-debug-info
loose connection
flynn -a discoverd log
check if flynn -a controller pg psql
works. if not:
flynn-host fix
tar -cf mongo-latest.dump mongo/2016-xx-xx/db/
flynn mongodb restore -f latest.dump
External Access:
flynn -a $(flynn env get FLYNN_REDIS) route add tcp --service $(flynn env get FLYNN_REDIS) --leader
flynn -a dashboard env get LOGIN_TOKEN
http://stackoverflow.com/questions/40138413/how-to-obtain-tls-pin-from-flynn-cluster
openssl x509 -inform PEM -outform DER < cert.pem | openssl dgst -binary -sha256 | openssl base64
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 3000:3500/tcp
sudo ufw allow in on flynnbr0
sudo ufw allow in on flannel.1
# redis: sudo ufw allow from xx.xx.xx.xx to any port 3397
sudo nano /etc/default/ufw # -> DEFAULT_FORWARD_POLICY=”ACCEPT”
sudo ufw enable
sudo ufw status verbose
flynn limit set temp_disk
flynn -a APPNAME limit set slugbuilder temp_disk=1G
# or setting a global slugbuilder disk limit with:
flynn -a gitreceive env set SLUGBUILDER_DEFAULT_MEMORY_LIMIT=1G