AWS & DigitalOcean deployment guide updates

docs/reference/running/deployment/aws_aurora_ecs.rst

@@ -6,6 +6,15 @@ AWS
 
 :edb-alt-title:  Deploying Gel to AWS
 
+.. note::
+
+   We recomend using our `helm chart <helm-chart_>`_ to deploy gel on AWS.  The
+   CloudFormation guide below does not configure TLS certificates correctly.
+
+.. _helm-chart:
+   https://github.com/geldata/helm-charts/blob/main
+   /charts/gel-server/README.md
+
 .. include:: ./note_cloud.rst
 
 In this guide we show how to deploy Gel on AWS using Amazon Aurora and

docs/reference/running/deployment/digitalocean.rst

@@ -6,229 +6,5 @@ DigitalOcean
 
 :edb-alt-title: Deploying Gel to DigitalOcean
 
-In this guide we show how to deploy Gel to DigitalOcean either with a
-One-click Deploy option or a
-:ref:`managed PostgreSQL <ref_guide_deployment_digitalocean_managed>`
-database as the backend.
-
-.. include:: ./note_cloud.rst
-
-.. include:: ./note_cloud_reset_password.rst
-
-One-click Deploy
-++++++++++++++++
-
-Prerequisites
-=============
-
-* |gelcmd| CLI (`install <gel-install_>`_)
-* DigitalOcean account
-
-Click the button below and follow the droplet creation workflow on
-DigitalOcean to deploy a Gel instance.
-
-.. image:: https://www.deploytodo.com/do-btn-blue.svg
-   :target: 1-click-button_
-   :width: 225px
-
-.. _1-click-button:
-   https://marketplace.digitalocean.com/apps/edgedb?refcode=f0b0d77b5d49
-
-By default, the admin password is ``gelpassword``; let's change that to
-something more secure. First, find your droplet's IP address on the
-`DigitalOcean dashboard <https://cloud.digitalocean.com/droplets>`_ and assign
-it to an environment variable ``IP``.
-
-.. _DigitalOcean: https://cloud.digitalocean.com/droplets?
-.. _here: gel-install_
-
-.. code-block:: bash
-
-   $ IP=<your-droplet-ip>
-
-Then use the ``read`` command to securely assign a value to the ``PASSWORD``
-environment variable.
-
-.. code-block:: bash
-
-   $ echo -n "> " && read -s PASSWORD
-
-Use these variables to change the password for the default role |admin|.
-
-.. code-block:: bash
-
-   $ printf gelpassword | gel query \
-         --host $IP \
-         --password-from-stdin \
-         --tls-security insecure \
-         "alter role admin set password := '${PASSWORD}'"
-   OK: ALTER ROLE
-
-.. _ref_guide_deployment_digitalocean_link:
-
-Construct the DSN
------------------
-
-Let's construct your instance's DSN (also known as a "connection string").
-We'll write the value to a file called ``dsn.txt`` so it doesn't get stored in
-shell logs.
-
-.. code-block:: bash
-
-   $ echo gel://admin:$PASSWORD@$IP > dsn.txt
-
-Copy the value from ``dsn.txt``. Run the following command to open a REPL
-to the new instance.
-
-..  code-block:: bash
-
-   $ gel --dsn <dsn> --tls-security insecure
-   gel>
-
-Success! You're now connected to your remote instance.
-
-It's often useful to assign an alias to the remote instance using
-:gelcmd:`instance link`.
-
-.. code-block:: bash
-
-   $ gel instance link \
-       --dsn <dsn> \
-       --trust-tls-cert \
-       --non-interactive \
-       my_instance
-   Authenticating to gel://admin@1.2.3.4:5656/main
-   Trusting unknown server certificate:
-   SHA1:1880da9527be464e2cad3bdb20dfc430a6af5727
-   Successfully linked to remote instance. To connect run:
-     gel -I my_instance
-
-You can now use the ``-I`` CLI flag to execute commands against your remote
-instance:
-
-.. code-block:: bash
-
-   $ gel -I my_instance
-   gel>
-
-
-.. _ref_guide_deployment_digitalocean_managed:
-
-Deploy with Managed PostgreSQL
-++++++++++++++++++++++++++++++
-
-Prerequisites
-=============
-
-* |gelcmd| CLI (`install <gel-install_>`_)
-* DigitalOcean account
-* ``doctl`` CLI (`install <doclt-install_>`_)
-* ``jq`` (`install <jq_>`_)
-
-.. _gel-install: https://www.edgedb.com/install
-.. _doclt-install: https://docs.digitalocean.com/reference/doctl/how-to/install
-.. _jq: https://stedolan.github.io/jq/
-
-
-Create a managed PostgreSQL instance
-====================================
-
-If you already have a PostgreSQL instance you can skip this step.
-
-.. code-block:: bash
-
-   $ DSN="$( \
-         doctl databases create gel-postgres \
-             --engine pg \
-             --version 14 \
-             --size db-s-1vcpu-1gb \
-             --num-nodes 1 \
-             --region sfo3 \
-             --output json \
-         | jq -r '.[0].connection.uri' )"
-
-
-Provision a droplet
-===================
-
-Replace ``$SSH_KEY_IDS`` with the ids for the ssh keys you want to ssh into the
-new droplet with. Separate multiple values with a comma. You can list your
-keys with ``doctl compute ssh-key list``.  If you don't have any ssh keys in
-your DigitalOcean account you can follow `this guide <upload-ssh-keys_>`_ to
-add one now.
-
-.. _upload-ssh-keys:
-   https://docs.digitalocean.com/products/droplets
-   /how-to/add-ssh-keys/to-account/
-
-.. code-block:: bash
-
-   $ IP="$( \
-         doctl compute droplet create gel \
-             --image gel \
-             --region sfo3 \
-             --size s-2vcpu-4gb \
-             --ssh-keys $SSH_KEY_IDS \
-             --format PublicIPv4 \
-             --no-header \
-             --wait )"
-
-Configure the backend Postgres DSN. To simplify the initial deployment, let's
-instruct Gel to run in insecure mode (with password authentication off and
-an autogenerated TLS certificate). We will secure the instance once things are
-up and running.
-
-.. code-block:: bash
-
-   $ printf "GEL_SERVER_BACKEND_DSN=${DSN} \
-   \nGEL_SERVER_SECURITY=insecure_dev_mode\n" \
-   | ssh root@$IP -T "cat > /etc/gel/env"
-
-   $ ssh root@$IP "systemctl restart gel.service"
-
-Set the superuser password.
-
-.. code-block:: bash
-
-   $ echo -n "> " && read -s PASSWORD
-
-   $ gel -H $IP --tls-security insecure query \
-         "alter role admin set password := '$PASSWORD'"
-   OK: ALTER ROLE
-
-Set the security policy to strict.
-
-.. code-block:: bash
-
-   $ printf "GEL_SERVER_BACKEND_DSN=${DSN} \
-   \nGEL_SERVER_SECURITY=strict\n" \
-   | ssh root@$IP -T "cat > /etc/gel/env"
-
-   $ ssh root@$IP "systemctl restart gel.service"
-
-
-.. note::
-
-   To upgrade an existing Gel droplet to the latest point release, ``ssh``
-   into your droplet and run the following.
-
-   .. code-block:: bash
-
-      $ apt-get update && apt-get install --only-upgrade gel-server-6
-      $ systemctl restart gel
-
-That's it! Refer to the :ref:`Construct the DSN
-<ref_guide_deployment_digitalocean_link>` section above to connect to your
-instance.
-
-.. note::
-
-   The command groups :gelcmd:`instance` and :gelcmd:`project` are not
-   intended to manage production instances.
-
-Health Checks
-=============
-
-Using an HTTP client, you can perform health checks to monitor the status of
-your Gel instance. Learn how to use them with our :ref:`health checks guide
-<ref_guide_deployment_health_checks>`.
+Create a droplet and use the :ref:`ref_guide_deployment_bare_metal` guide to
+install gel server.