Skip to content

Commit

Permalink
Adding FAQ questions and answers for atlantis (hootsuite#118)
Browse files Browse the repository at this point in the history 
* Adding FAQ questions and answers for atlantis

* update after reviews
  • Loading branch information
@anubhavmishra
anubhavmishra authored Aug 14, 2017
1 parent 69957a8 commit d3d1e8f
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 0 deletions.
26 changes: 26 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
* [Glossary](#glossary)
* [Project](#project)
* [Environment](#environment)
* [FAQ](#faq)

## Features
➜ Collaborate on Terraform with your team
Expand Down Expand Up @@ -310,5 +311,30 @@ We identify a project by its repo **and** the path to the root of the project wi
#### Environment
A Terraform environment. See [terraform docs](https://www.terraform.io/docs/state/environments.html) for more information.

## FAQ
**Q: Does Atlantis affect Terraform [remote state](https://www.terraform.io/docs/state/remote.html)?**

A: No. Atlantis does not interfere with Terraform remote state in anyway. Under the hood, Atlantis is simply executing `terraform plan` and `terraform apply`.

**Q: How does Atlantis locking interact with Terraform [locking](https://www.terraform.io/docs/state/locking.html)?**

A: Atlantis provides locking of pull requests that prevents concurrent modification of the same infrastructure (Terraform project) whereas Terraform locking only prevents two concurrent `terraform apply`'s from happening.

Terraform locking can be used alongside Atlantis locking since Atlantis is simply executing terraform commands.

**Q: How to run Atlantis in high availability mode? Does it need to be?**

A: Atlantis server can easily be run under the supervision of a init system like `upstart` or `systemd` to make sure `atlantis server` is always running.

Atlantis currently stores all locking and Terraform plans locally on disk under the `--data-dir` directory (defaults to `~/.atlantis`). Because of this there is currently no way to run two or more Atlantis instances concurrently.

However, if you were to lose the data, all you would need to do is run `atlantis plan` again on the pull requests that are open. If someone tries to run `atlantis apply` after the data has been lost then they will get an error back, so they will have to re-plan anyway.

**Q: How to add SSL to Atlantis server?**

A: Atlantis currently only supports HTTP. In order to add SSL you will need to front Atlantis server with NGINX or HAProxy. Follow the document [here](./docs/nginx-ssl-proxy.md) to use configure NGINX with SSL as a reverse proxy.



## Credits
* Atlantis Logo: Icon made by [freepik](https://www.flaticon.com/authors/freepik) from www.flaticon.com
66 changes: 66 additions & 0 deletions docs/nginx-ssl-proxy.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# NGINX SSL Proxy
This document shows how to configure Nginx with SSL as a reverse proxy for Atlantis server.

* Install NGINX

```bash
sudo apt-get update
sudo apt-get install nginx
```

* Install a SSL Certificate
This certificate can be purchased or generated. Here is a example of generating a self signed SSL certificate.

```bash
cd /etc/nginx
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
```
You will be prompted to enter some information about the certificate. Fill those as you like.

* Edit NGINX Config

```bash
sudo vim /etc/nginx/sites-enabled/default
server {
listen 80;
return 301 https://$host$request_uri;
}

server {

listen 443;
server_name atlantis.domain.com;

ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/atlantis.access.log;

location / {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Fixes the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:4141;
proxy_read_timeout 90;

proxy_redirect http://localhost:4141 https://atlantis.domain.com;
}
}
```

* Restart NGINX

```bash
sudo service nginx restart

```

0 comments on commit d3d1e8f

Please sign in to comment.