Operations grimoire/Deploy with Salt: Difference between revisions

From Nasqueron Agora
(Complector)
 
Line 1: Line 1:
== Where to work? ==
== Where to work? ==
* We deploy from Ysul using:
* We deploy from [[Complector]] using:
** /opt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
** /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
** /opt/staging for web application content
** /opt/salt/staging for web and application content  
* You need to belong to the <code>salt</code> group to be able to control Salt
* You need to belong to the <code>ops</code> group to be able to have access and have write-rights on the repository
* You need to belong to the <code>deploy</code> group to be able to update /opt/staging (salt is a member of deploy)
* Check if the Salt primary server is alive, if not <code>service salt-master start</code>
* You want this alias: <code>alias salt sudo -u salt salt</code> (tcsh syntax)
* Check salt-master is run, if not <code>service salt-master start</code>


== Deployment workflow ==
== Deployment workflow ==
=== Apply a new Salt state ===
=== Apply a new Salt state ===
# On your laptop, prepare and upload a change to Differential against rOPS repository
# On your computer or a devserver, prepare and upload a change to Differential against rOPS repository
# Get the change on Ysul: <code>arc patch D607</code>
# Merge it to main, we deploy from the min branch
# Ask Salt to apply the change
# Ask Salt to apply the change
# Log on #nasqueron-operations something like <code>[Eglide] New user account: amj (D607)</code>
# Log on #nasqueron-operations something like <code>[Eglide] New user account: amj (D607)</code>
# Once working, you can merge it to master
 
If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git
 
Note `arc` isn't available on Complector, as there are too many PHP dependencies.
 
=== Deploy a web site ===
=== Deploy a web site ===
# Commit as needed
# Commit as needed
# Go to /opt/staging relevant subdirectory and fetch code
# Go to /opt/salt/staging relevant subdirectory and fetch code
# Ask Salt to apply the matching state (if in doubt, a full run is <code>salt '*' state.highstate</code>)
# Ask Salt to apply the matching state (if in doubt, a full run is <code>salt '*' state.highstate test=True</code>)


== Salt commands ==
== Salt commands ==
Line 34: Line 36:
When you've a new state, ensure it's called from <code>top.sls</code> file, as the repository root.
When you've a new state, ensure it's called from <code>top.sls</code> file, as the repository root.


=== Salt master ===
=== Salt primary server ===


If you wish to deploy directly to the Salt master, replace <code>salt</code> by <code>salt-call --local</code>:
If you wish to deploy directly to the primary server, you've two solutions:


<code>salt-call --local state.apply test</code>
1. Run a minion there and use <code>salt complector</salt> normally
2. Replace <code>salt</code> by <code>salt-call --local</code>: <code>sudo salt-call --local state.apply test</code>


This should run as root, so the recommended alias is <code>alias salt sudo salt</code> (tcsh syntax)
This should run as root, so the recommended alias is <code>alias salt sudo salt</code> (tcsh syntax)
The second method seems to be currently needed for Vault tokens.

Latest revision as of 22:01, 2 April 2023

Where to work?

  • We deploy from Complector using:
    • /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
    • /opt/salt/staging for web and application content
  • You need to belong to the ops group to be able to have access and have write-rights on the repository
  • Check if the Salt primary server is alive, if not service salt-master start

Deployment workflow

Apply a new Salt state

  1. On your computer or a devserver, prepare and upload a change to Differential against rOPS repository
  2. Merge it to main, we deploy from the min branch
  3. Ask Salt to apply the change
  4.  Log on #nasqueron-operations something like [Eglide] New user account: amj (D607)

If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git

Note `arc` isn't available on Complector, as there are too many PHP dependencies.

Deploy a web site

  1. Commit as needed
  2.  Go to /opt/salt/staging relevant subdirectory and fetch code
  3. Ask Salt to apply the matching state (if in doubt, a full run is salt '*' state.highstate test=True)

Salt commands

Remote server

To apply one state or a directory:

salt eglide state.apply roles/shellserver/users

To apply all:

salt eglide state.highstate

Replace eglide by the server name, or * to target all machines.

When you've a new state, ensure it's called from top.sls file, as the repository root.

Salt primary server

If you wish to deploy directly to the primary server, you've two solutions:

1. Run a minion there and use salt complector</salt> normally 2. Replace salt by salt-call --local: sudo salt-call --local state.apply test

This should run as root, so the recommended alias is alias salt sudo salt (tcsh syntax)

The second method seems to be currently needed for Vault tokens.