112 lines
2.7 KiB
Bash
112 lines
2.7 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
usage() {
|
|
cat <<'EOF'
|
|
Usage: ./deployments/setup.sh
|
|
|
|
This script DOES NOT install dependencies.
|
|
It prints the manual steps and required/optional dependencies for a real (non-Docker) production deployment.
|
|
EOF
|
|
}
|
|
|
|
if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
|
|
usage
|
|
exit 0
|
|
fi
|
|
|
|
cat <<'EOF'
|
|
== FetchML production setup (non-Docker) ==
|
|
|
|
Required (core):
|
|
- Go-built binaries: api-server, worker
|
|
- Redis (reachable from api-server + worker)
|
|
- A writable base_path for experiments
|
|
- A writable data_dir if you want snapshot/dataset staging + integrity validation
|
|
|
|
Required (TLS/WSS):
|
|
- Caddy (recommended) OR another reverse proxy that can terminate TLS and proxy WebSockets
|
|
|
|
Optional:
|
|
- systemd (recommended) for service supervision
|
|
- MinIO / S3-compatible storage (only if you use remote snapshot_store)
|
|
- Podman (only if your worker executes jobs in Podman)
|
|
|
|
Notes:
|
|
- The Zig CLI currently supports ws:// only. In production, keep the API server internal on ws:// and terminate TLS/WSS at Caddy.
|
|
- This script is informational; it will not modify your system.
|
|
|
|
---
|
|
1) Build binaries
|
|
|
|
make prod
|
|
|
|
Artifacts:
|
|
./bin/api-server
|
|
./bin/worker
|
|
|
|
---
|
|
2) Create a dedicated user (recommended)
|
|
|
|
useradd --system --create-home --shell /usr/sbin/nologin fetchml
|
|
|
|
---
|
|
3) Create directories (example paths)
|
|
|
|
mkdir -p /var/lib/fetchml/experiments
|
|
mkdir -p /var/lib/fetchml/active/datasets /var/lib/fetchml/active/snapshots
|
|
mkdir -p /var/log/fetchml
|
|
|
|
Ensure ownership:
|
|
chown -R fetchml:fetchml /var/lib/fetchml /var/log/fetchml
|
|
|
|
---
|
|
4) Configure the API server
|
|
|
|
- Start from: configs/api/prod.yaml (or your multi-user config)
|
|
- For real production, keep server.tls.enabled: false
|
|
- Ensure monitoring.health_checks.enabled is set appropriately
|
|
|
|
Example flags:
|
|
./bin/api-server -config /etc/fetchml/api.yaml
|
|
|
|
---
|
|
5) Configure Caddy (TLS/WSS termination)
|
|
|
|
- Recommended: use deployments/Caddyfile.prod as a baseline.
|
|
- Caddy should listen on 443 and reverse proxy to the API server (internal) on 9101.
|
|
|
|
Example layout:
|
|
/etc/caddy/Caddyfile
|
|
/var/lib/caddy
|
|
|
|
---
|
|
6) Configure Redis
|
|
|
|
- Use Redis AUTH in production.
|
|
- Ensure the api-server + worker can reach it.
|
|
|
|
---
|
|
7) Run under systemd (recommended)
|
|
|
|
Create unit files (example):
|
|
/etc/systemd/system/fetchml-api.service
|
|
/etc/systemd/system/fetchml-worker.service
|
|
/etc/systemd/system/caddy.service (if not already provided)
|
|
|
|
Then:
|
|
systemctl daemon-reload
|
|
systemctl enable --now fetchml-api
|
|
systemctl enable --now fetchml-worker
|
|
systemctl enable --now caddy
|
|
|
|
---
|
|
8) Smoke check
|
|
|
|
Internal health (no TLS):
|
|
curl -f http://127.0.0.1:9101/health
|
|
|
|
External health (through Caddy TLS termination):
|
|
curl -f https://YOUR_DOMAIN/health
|
|
|
|
EOF
|