archive server 4.1 content (#237)

* archive server 4.1 content

* move archive to right place

* remove 4.1 from algolia ignore list

Author: rosieyohannan

archive/server 4.1/server-admin/antora.yml

@@ -0,0 +1,6 @@
+name: server-admin
+title: Server
+version: server-4.1
+display_version: Server 4.1
+nav:
+- modules/ROOT/nav.adoc

archive/server 4.1/server-admin/modules/ROOT/nav.adoc

@@ -0,0 +1,41 @@
+* xref:overview:index.adoc[CircleCI server 4.1]
+** xref:overview:circleci-server-overview.adoc[CircleCI Server Overview]
+** xref:overview:release-notes.adoc[Release notes]
+
+* xref:installation:index.adoc[Installing CircleCI server]
+** xref:installation:phase-1-prerequisites.adoc[Phase 1: Prerequisites]
+** xref:installation:phase-2-core-services.adoc[Phase 2: Core services installation]
+** xref:installation:phase-3-execution-environments.adoc[Phase 3: Execution environments installation]
+** xref:installation:phase-4-post-installation.adoc[Phase 4: Post-installation]
+** xref:installation:hardening-your-cluster.adoc[Hardening your cluster]
+** xref:installation:installing-server-behind-a-proxy.adoc[Installing server behind a proxy]
+** xref:installation:upgrade-server.adoc[Upgrading server]
+** xref:installation:installation-reference.adoc[Installation reference]
+
+* xref:air-gapped-installation:index.adoc[Installing CircleCI server in an air-gapped environment]
+** xref:air-gapped-installation:phase-1-prerequisites.adoc[Phase 1 - Prerequisites]
+** xref:air-gapped-installation:phase-2-configure-object-storage.adoc[Phase 2 - Configure object storage]
+** xref:air-gapped-installation:phase-3-install-circleci-server.adoc[Phase 3 - Install CircleCI server]
+** xref:air-gapped-installation:phase-4-configure-nomad-clients.adoc[Phase 4 - Configure Nomad clients]
+** xref:air-gapped-installation:phase-5-test-your-installation.adoc[Phase 5 - Test installation]
+** xref:air-gapped-installation:additional-considerations.adoc[Additional considerations]
+** xref:air-gapped-installation:example-values.adoc[Example values.yaml]
+
+* xref:operator:index.adoc[CircleCI server operator guide]
+** xref:operator:operator-overview.adoc[Operator overview]
+** xref:operator:introduction-to-nomad-cluster-operation.adoc[Introduction to Nomad cluster operation]
+** xref:operator:managing-user-accounts.adoc[Managing user accounts]
+** xref:operator:managing-orbs.adoc[Managing orbs]
+** xref:operator:manage-virtual-machines-with-vm-service.adoc[Manage virtual machines with VM service]
+** xref:operator:configuring-external-services.adoc[Configuring external services]
+** xref:operator:expanding-internal-database-volumes.adoc[Expanding internal database volumes]
+** xref:operator:managing-load-balancers.adoc[Managing load balancers]
+** xref:operator:user-authentication.adoc[User authentication]
+** xref:operator:managing-build-artifacts.adoc[Managing build artifacts]
+** xref:operator:usage-data-collection.adoc[Usage data collection]
+** xref:operator:circleci-server-security-features.adoc[CircleCI server security features]
+** xref:operator:application-lifecycle.adoc[Application lifecycle]
+** xref:operator:troubleshooting-and-support.adoc[Troubleshooting and support]
+** xref:operator:backup-and-restore.adoc[Backup and restore]
+** xref:operator:upgrade-mongo.adoc[Upgrade MongoDB]
+** xref:operator:faq.adoc[FAQs]

archive/server 4.1/server-admin/modules/ROOT/pages/index.adoc

@@ -0,0 +1,6 @@
+= CircleCI server administration
+:page-noindex: true
+:page-layout: subsection
+:page-description: CircleCI server documentation for installing, configuring, and managing CircleCI server.
+
+CircleCI server is the on-premisis CircleCI platform. In this section you will find the documentation for installing, configuring, and managing CircleCI server.

archive/server 4.1/server-admin/modules/air-gapped-installation/pages/additional-considerations.adoc

@@ -0,0 +1,128 @@
+= Additional considerations
+:page-noindex: true
+:page-platform: Server v4.1, Server Admin
+:page-description: This page presents some items that should be considered when starting an air-gapped installation of CircleCI server v4.1.
+:icons: font
+:experimental:
+
+[#non-tls-docker-registry-installations]
+== Non-TLS Docker registry installations
+
+When configuring your air-gapped Docker registry, it is recommended to use TLS certificates to encrypt traffic. If using a non-TLS, or self-signed installation, the following additional steps will need to be taken.
+
+On machines that access the Docker registry using Docker, the Docker daemon config must be updated (located on Linux at `/etc/docker/daemon.json`).
+
+The insecure-registries section must be added to the file (if it exists), or the file must be created with the following if it does not. Make sure to include the full hostname and port of your registry, but do not include the protocol (`http://` or `https://`).
+
+[source, json]
+----
+{
+      "insecure-registries":["docker.example.internal:5000"]
+}
+----
+
+This file will need to be configured on the following machines:
+
+- All Nomad nodes in the air-gapped environment
+- Potentially all K3s nodes in the air-gapped environment, if using Docker-backed K3s
+
+In addition, on each K3s node, the following file must be configured at `/etc/rancher/k3s/registries.yaml`. Take note to include the protocol where referenced.
+
+[source, yaml]
+----
+mirrors:
+  "docker.example.internal:5000":
+    endpoint:
+      - "http://docker.example.internal:5000"
+configs:
+  "docker.example.internal:5000":
+    tls:
+      insecure_skip_verify: true
+----
+
+---
+
+
+
+[#service-type-load-balancers-k3s]
+== Service type load balancers in K3s
+
+CircleCI server makes use of Service Type: Load Balancer Kubernetes resources to listen to traffic on multiple ports. In order to function, the cluster needs to.
+
+If using a K3s installation, link:https://metallb.universe.tf/installation/[MetalLB] can be used to create a virtual load balancer on the K3s node, to allow ingress traffic to CircleCI server.
+
+Once installed, the following steps need to be followed:
+
+A ConfigMap resource needs to be created to create an address pool for MetalLB.
+
+[source, yaml]
+----
+apiVersion: "v1"
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+    protocol: layer2
+    addresses:
+      - <<k3s_internal_ip_range_start>>-<<k3s_internal_ip_range_end>>
+----
+
+The address pool can be named something other than "default", but the annotations in `values.yaml` will need to be updated. If there is only one k3s node, the address range should have the same IP repeated (for example, `10.0.0.5-10.0.0.5`).
+
+Once this ConfigMap resource is applied to the cluster (`kubectl apply -f metallb-configmap.yaml`), the address pool name can be updated in the `values.yaml` for the Helm installation.
+
+[source, yaml]
+----
+# Additional nginx annotations
+nginx:
+  annotations:
+    # This example uses MetalLB as a k3s load balancer
+    metallb.universe.tf/allow-shared-ip: default
+----
+
+After installing the Helm chart, the circleci-proxy service must be patched to use the internal IP of the desired k3s node to act as the load balancer (this IP should be in the range entered in the ConfigMap above). The example below uses the IP address `10.0.0.5`.
+
+[source, bash]
+----
+kubectl patch svc circleci-proxy  -p '{"spec": {"type": "LoadBalancer", "externalIPs":["10.0.0.5"]}}'
+----
+
+Once complete, DNS records can be created for your server installation (server.internal.example.com) and (*.server.internal.example.com) for 10.0.0.5.
+
+[#tls-importing]
+== Importing trusted TLS certificates
+
+When using a GitHub Enterprise instance with self-signed or custom certificate authority certificates, CircleCI server can be configured to trust these certificates using two methods, as described below.
+
+NOTE: Values provided for either of these methods are supported for GitHub Enterprise certificates only. No other VCS application is supported at this time.
+
+[#configuring-the-tls-imports-value]
+=== Configuring the TLS imports value
+In the `values.yaml` file, the `tls.imports` value can be configured to include a list of `hostname:port` combinations from which to retrieve and trust TLS certificates.
+
+[source, yaml]
+----
+tls:
+  ...
+  import:
+    - github.airgap.example.com:443
+----
+
+For each `hostname:port` combination, CircleCI server will, during installation, retrieve the public certificate for the particular GitHub Enterprise instance and trust it to establish connections with that instance.
+
+
+[#configuring-the-tls-certificates-array]
+=== Configuring the TLS certificates array
+Instead of providing a list of `hostname:port` combinations for certificates to import, the public certificate chains of the corresponding TLS certificates to trust can be provided in the `values.yaml` file, in the `tls.certificates`  value, as a list of base64 encoded certificates strings.
+
+[source, yaml]
+----
+tls:
+  ...
+  certificates:
+    - <<base64-encoded-public-tls-certificate-chain>>
+----

archive/server 4.1/server-admin/modules/air-gapped-installation/pages/example-values.adoc

@@ -0,0 +1,117 @@
+= Example `values.yaml`
+:page-noindex: true
+:page-platform: Server v4.1, Server Admin
+:page-description: This page presents an example values.yaml file to help with setting up an air-gapped installation of CircleCI server v4.1.
+:icons: font
+:experimental:
+
+The following snippet shows an example `values.yaml` file for a Helm installation of CircleCI server in an air-gapped environment.
+
+[#resources]
+== Resources
+The chart assumes an environment with the following resources:
+
+- A K3s cluster for the installation of the Helm chart.
+- MetalLB pre-configued on the K3s cluster for ingress.
+- A private Docker registry at `docker.internal.example.com` running on port 5000 with no TLS encryption.
+- A Nomad instance with mTLS disabled.
+- A MinIO instance running at minio.internal.example.com, with its API listening on port 9000, and no TLS.
+- A TLS certificate issued for both domains `server.internal.example.com` and `*.server.internal.example.com`.
+
+For more information about specific values, see the standard installation documentation, starting with xref:installation:phase-2-core-services.adoc[Phase 2 - Core services].
+
+[#values]
+== `Values.yaml`
+
+[source, yaml]
+----
+
+# Private docker registry at docker.internal.example.com:5000
+global:
+  domainName: "server.internal.example.com"
+  license: '<<your-server-license-here>>'
+  container:
+    registry: "docker.internal.example.com:5000"
+    org: "<image-registry-org>"
+
+# GitHub Enterprise
+github:
+  hostname: "github.internal.example.com"
+  unsafeDisableWebhookSSLVerification: true # If using self-signed certificates
+  enterprise: true
+  selfSignedCert: true # If using self-signed certificates
+  # These must be generated and added manually from GitHub Enterprise
+  clientId: "<<github-enterprise-oauth-app-client-id>>"
+  clientSecret: "<<github-enterprise-oauth-app-client-secret>>"
+  defaultToken: "<<github-enterprise-personal-application-token>>"
+
+# TLS with your provider
+tls:
+  certificate: "<<your-generated-tls-certificate>>"
+  privateKey: "<<your-generated-tls-private-key>>"
+
+# Object storage with Minio
+object_storage:
+  bucketName: "circleci-data" # Update to the name of the bucket created in MinIO
+  expireAfter: 0
+  s3:
+    enabled: true
+    endpoint: "http://minio.internal.example.com:9000"
+    accessKey: "<<minio-username>>"
+    secretKey: "<<minio-password>>"
+
+# Distributor using CircleCI Agent in Minio
+distributor:
+  agent_base_url: http://minio.internal.example.com:9000/circleci-data
+  launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data
+
+# Nomad
+nomad:
+  buildAgentImage: "docker.internal.example.com:5000/circleci/picard" # Do not provide image version, only image name and registry
+  server:
+    gossip:
+      encryption:
+        key: "<<nomad-gossip-encryption-key>>"
+    rpc:
+      mTLS:
+        enabled: false # mTLS is disabled - it is recommended that this be enabled
+
+
+# VM Service Disabled - Requires cloud connectivity
+vm_service:
+  enabled: false
+
+# Additional nginx annotations
+nginx:
+  annotations:
+    # This example uses MetalLB as a k3s load balancer
+    metallb.universe.tf/allow-shared-ip: default
+
+# The below values require no special modifications for an air-gapped environment
+
+apiToken: "<<circleci-api-token>>"
+
+sessionCookieKey: "<<circleci-session-cookie-key>>"
+
+keyset:
+  signing: '<<circleci-signing-key>>'
+  encryption: '<<circleci-encryption-key>>'
+
+mongodb:
+  auth:
+    rootPassword: "<<mongodb-root-password>>"
+    password: "<<mongodb-password>>"
+
+pusher:
+  secret: "<<pusher-secret>>"
+
+postgresql:
+  auth:
+    postgresPassword: "<<postgres-password>>"
+
+rabbitmq:
+  auth:
+    password: "<<rabbitmq-password>>"
+    erlangCookie: "<<rabbitmq-erlang-cookie>>"
+
+----

archive/server 4.1/server-admin/modules/air-gapped-installation/pages/index.adoc

@@ -0,0 +1,2 @@
+= Installing CircleCI server in an air-gapped environment:noindex:
+:page-noindex: true