Operations grimoire/Deploy with Salt: Difference between revisions
From Nasqueron Agora
(Complector) |
|||
| Line 1: | Line 1: | ||
== Where to work? == | == Where to work? == | ||
* We deploy from | * We deploy from [[Complector]] using: | ||
** /opt/nasqueron-operations as our local copy of rOPS, authoritative for Salt | ** /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt | ||
** /opt/staging for web application content | ** /opt/salt/staging for web and application content | ||
* You need to belong to the <code> | * You need to belong to the <code>ops</code> group to be able to have access and have write-rights on the repository | ||
* Check if the Salt primary server is alive, if not <code>service salt-master start</code> | |||
* Check | |||
== Deployment workflow == | == Deployment workflow == | ||
=== Apply a new Salt state === | === Apply a new Salt state === | ||
# On your | # On your computer or a devserver, prepare and upload a change to Differential against rOPS repository | ||
# | # Merge it to main, we deploy from the min branch | ||
# Ask Salt to apply the change | # Ask Salt to apply the change | ||
# Log on #nasqueron-operations something like <code>[Eglide] New user account: amj (D607)</code> | # Log on #nasqueron-operations something like <code>[Eglide] New user account: amj (D607)</code> | ||
If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git | |||
Note `arc` isn't available on Complector, as there are too many PHP dependencies. | |||
=== Deploy a web site === | === Deploy a web site === | ||
# Commit as needed | # Commit as needed | ||
# Go to /opt/staging relevant subdirectory and fetch code | # Go to /opt/salt/staging relevant subdirectory and fetch code | ||
# Ask Salt to apply the matching state (if in doubt, a full run is <code>salt '*' state.highstate</code>) | # Ask Salt to apply the matching state (if in doubt, a full run is <code>salt '*' state.highstate test=True</code>) | ||
== Salt commands == | == Salt commands == | ||
| Line 34: | Line 36: | ||
When you've a new state, ensure it's called from <code>top.sls</code> file, as the repository root. | When you've a new state, ensure it's called from <code>top.sls</code> file, as the repository root. | ||
=== Salt | === Salt primary server === | ||
If you wish to deploy directly to the | If you wish to deploy directly to the primary server, you've two solutions: | ||
<code>salt-call --local state.apply test</code> | 1. Run a minion there and use <code>salt complector</salt> normally | ||
2. Replace <code>salt</code> by <code>salt-call --local</code>: <code>sudo salt-call --local state.apply test</code> | |||
This should run as root, so the recommended alias is <code>alias salt sudo salt</code> (tcsh syntax) | This should run as root, so the recommended alias is <code>alias salt sudo salt</code> (tcsh syntax) | ||
The second method seems to be currently needed for Vault tokens. | |||
Latest revision as of 22:01, 2 April 2023
Where to work?
- We deploy from Complector using:
- /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
- /opt/salt/staging for web and application content
- You need to belong to the
opsgroup to be able to have access and have write-rights on the repository - Check if the Salt primary server is alive, if not
service salt-master start
Deployment workflow
Apply a new Salt state
- On your computer or a devserver, prepare and upload a change to Differential against rOPS repository
- Merge it to main, we deploy from the min branch
- Ask Salt to apply the change
- Log on #nasqueron-operations something like
[Eglide] New user account: amj (D607)
If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git
Note `arc` isn't available on Complector, as there are too many PHP dependencies.
Deploy a web site
- Commit as needed
- Go to /opt/salt/staging relevant subdirectory and fetch code
- Ask Salt to apply the matching state (if in doubt, a full run is
salt '*' state.highstate test=True)
Salt commands
Remote server
To apply one state or a directory:
salt eglide state.apply roles/shellserver/users
To apply all:
salt eglide state.highstate
Replace eglide by the server name, or * to target all machines.
When you've a new state, ensure it's called from top.sls file, as the repository root.
Salt primary server
If you wish to deploy directly to the primary server, you've two solutions:
1. Run a minion there and use salt complector</salt> normally
2. Replace salt by salt-call --local: sudo salt-call --local state.apply test
This should run as root, so the recommended alias is alias salt sudo salt (tcsh syntax)
The second method seems to be currently needed for Vault tokens.
