Operations grimoire/Deploy with Salt
Where to work?
- We deploy from Complector using:
- /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
- /opt/salt/staging for web and application content
- You need to belong to the
opsgroup to be able to have access and have write-rights on the repository - Check if the Salt primary server is alive, if not
service salt-master start
Deployment workflow
Apply a new Salt state
- On your computer or a devserver, prepare and upload a change to Differential against rOPS repository
- Merge it to main, we deploy from the min branch
- Ask Salt to apply the change
- Log on #nasqueron-operations something like
[Eglide] New user account: amj (D607)
If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git
Note `arc` isn't available on Complector, as there are too many PHP dependencies.
Deploy a web site
- Commit as needed
- Go to /opt/salt/staging relevant subdirectory and fetch code
- Ask Salt to apply the matching state (if in doubt, a full run is
salt '*' state.highstate test=True)
Salt commands
Remote server
To apply one state or a directory:
salt eglide state.apply roles/shellserver/users
To apply all:
salt eglide state.highstate
Replace eglide by the server name, or * to target all machines.
When you've a new state, ensure it's called from top.sls file, as the repository root.
Salt primary server
If you wish to deploy directly to the primary server, you've two solutions:
1. Run a minion there and use salt complector</salt> normally
2. Replace salt by salt-call --local: sudo salt-call --local state.apply test
This should run as root, so the recommended alias is alias salt sudo salt (tcsh syntax)
The second method seems to be currently needed for Vault tokens.
