Operations grimoire/Deploy with Salt

From Nasqueron Agora
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

📕📁📜 Old technical information :: content warning

⌛ This Nasqueron Operations Grimoire page hasn't been updated for a long time.

☣ As our infrastructure evolves quickly, there is a good chance this information is outdated or now inaccurate. Be careful and consider update it.

➡️ To assert the information is still up-to-date or not, you can check the history of the relevant role in our Operations repository.

Where to work?

  • We deploy from Complector using:
    • /opt/salt/nasqueron-operations as our local copy of rOPS, authoritative for Salt
    • /opt/salt/staging for web and application content
  • You need to belong to the ops group to be able to have access and have write-rights on the repository
  • Check if the Salt primary server is alive, if not service salt-master start

Deployment workflow

Apply a new Salt state

  1. On your computer or a devserver, prepare and upload a change to Differential against rOPS repository
  2. Merge it to main, we deploy from the min branch
  3. Ask Salt to apply the change
  4.  Log on #nasqueron-operations something like [Eglide] New user account: amj (D607)

If you want to test it before merging, you can push a branch to datacube remote: ssh://windriver.nasqueron.org/datacube/git/operations.git

Note `arc` isn't available on Complector, as there are too many PHP dependencies.

Deploy a web site

  1. Commit as needed
  2.  Go to /opt/salt/staging relevant subdirectory and fetch code
  3. Ask Salt to apply the matching state (if in doubt, a full run is salt '*' state.highstate test=True)

Salt commands

Remote server

To apply one state or a directory:

salt eglide state.apply roles/shellserver/users

To apply all:

salt eglide state.highstate

Replace eglide by the server name, or * to target all machines.

When you've a new state, ensure it's called from top.sls file, as the repository root.

Salt primary server

If you wish to deploy directly to the primary server, you've two solutions:

1. Run a minion there and use salt complector</salt> normally 2. Replace salt by salt-call --local: sudo salt-call --local state.apply test

This should run as root, so the recommended alias is alias salt sudo salt (tcsh syntax)

The second method seems to be currently needed for Vault tokens.

Retrieved from "https://agora.nasqueron.org/index.php?title=Operations_grimoire/Deploy_with_Salt&oldid=1145"