Operations grimoire/Deploy with Salt: Difference between revisions
(Created page with "== Where to work? == * We deploy from Ysul /opt/nasqueron-operations * You need to belong to the <code>salt</code> group * You want this alias: <code>alias salt sudo -u salt s...") |
(Complector) |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
== Where to work? == | == Where to work? == | ||
* We deploy from | * We deploy from [[Complector]] using: | ||
* You need to belong to the <code> | ** /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt | ||
** /opt/salt/staging for web and application content | |||
* Check | * You need to belong to the <code>ops</code> group to be able to have access and have write-rights on the repository | ||
* Check if the Salt primary server is alive, if not <code>service salt-master start</code> | |||
== Deployment workflow == | == Deployment workflow == | ||
# | === Apply a new Salt state === | ||
# | # On your computer or a devserver, prepare and upload a change to Differential against rOPS repository | ||
# Merge it to main, we deploy from the min branch | |||
# Ask Salt to apply the change | # Ask Salt to apply the change | ||
# Log on #nasqueron-operations something like <code>[Eglide] New user account: amj (D607)</code> | # Log on #nasqueron-operations something like <code>[Eglide] New user account: amj (D607)</code> | ||
If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git | |||
Note `arc` isn't available on Complector, as there are too many PHP dependencies. | |||
=== Deploy a web site === | |||
# Commit as needed | |||
# Go to /opt/salt/staging relevant subdirectory and fetch code | |||
# Ask Salt to apply the matching state (if in doubt, a full run is <code>salt '*' state.highstate test=True</code>) | |||
== Salt commands == | == Salt commands == | ||
=== Remote server === | |||
To apply one state or a directory: | To apply one state or a directory: | ||
Line 21: | Line 32: | ||
<code>salt eglide state.highstate</code> | <code>salt eglide state.highstate</code> | ||
Replace <code>eglide<code> by the server name, or <code>*</code> to target all machines. | Replace <code>eglide</code> by the server name, or <code>*</code> to target all machines. | ||
When you've a new state, ensure it's called from <code>top.sls</code> file, as the repository root. | |||
=== Salt primary server === | |||
If you wish to deploy directly to the primary server, you've two solutions: | |||
1. Run a minion there and use <code>salt complector</salt> normally | |||
2. Replace <code>salt</code> by <code>salt-call --local</code>: <code>sudo salt-call --local state.apply test</code> | |||
This should run as root, so the recommended alias is <code>alias salt sudo salt</code> (tcsh syntax) | |||
The second method seems to be currently needed for Vault tokens. |
Latest revision as of 22:01, 2 April 2023
Where to work?
- We deploy from Complector using:
- /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
- /opt/salt/staging for web and application content
- You need to belong to the
ops
group to be able to have access and have write-rights on the repository - Check if the Salt primary server is alive, if not
service salt-master start
Deployment workflow
Apply a new Salt state
- On your computer or a devserver, prepare and upload a change to Differential against rOPS repository
- Merge it to main, we deploy from the min branch
- Ask Salt to apply the change
- Log on #nasqueron-operations something like
[Eglide] New user account: amj (D607)
If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git
Note `arc` isn't available on Complector, as there are too many PHP dependencies.
Deploy a web site
- Commit as needed
- Go to /opt/salt/staging relevant subdirectory and fetch code
- Ask Salt to apply the matching state (if in doubt, a full run is
salt '*' state.highstate test=True
)
Salt commands
Remote server
To apply one state or a directory:
salt eglide state.apply roles/shellserver/users
To apply all:
salt eglide state.highstate
Replace eglide
by the server name, or *
to target all machines.
When you've a new state, ensure it's called from top.sls
file, as the repository root.
Salt primary server
If you wish to deploy directly to the primary server, you've two solutions:
1. Run a minion there and use salt complector</salt> normally
2. Replace
salt
by salt-call --local
: sudo salt-call --local state.apply test
This should run as root, so the recommended alias is
alias salt sudo salt
(tcsh syntax)
The second method seems to be currently needed for Vault tokens.