Page MenuHomeDevCentral
Create Task
Maniphest T1569

Deploy account is defined in saltmaster role but used in devserver role too
Closed, ResolvedPublic
Actions

Description

To provide software in devserver role, some Git repositories are cloned using the SSH key belonging to the deploy account.

But this deploy account is defined in saltmaster role, as the intended workflow was:

  1. declare your repository to deploy as a submodule of rSTAGING
  2. update repo in /opt/salt/staging
  3. deploy from there

The current trend is to clone repository directly on the server to avoid IO performance issues with large amount of files.

A solution has to be found to this problem, for example:

  • investigate if gitfs performs well (but why to have every file on every server?)
  • create deploy as a part of the core

Same problem for webserver-wwwroot51 unit (roles/devserver/webserver-wwwroot51/).

Revisions and Commits

rOPS Nasqueron Operations
D3032rOPS6817329915b7 Provide the "deploy" account for roles needing it

Related Objects

Event Timeline

dereckson created this task.Jan 23 2020, 07:09
dereckson mentioned this in T1559: Figure how to deploy automatically /var/51-wwwroot credentials.Jan 25 2020, 04:09
dereckson updated the task description. (Show Details)Jan 25 2020, 04:13
dereckson added a comment.Sep 9 2021, 21:28

Furthermore, Jenkins CD uses the deploy account to publish static website updates on Ysul through:

stage('Publish') {
    steps {
        echo 'Deploying....'
        sshPublisher(
            failOnError: true,
            publishers: [
                sshPublisherDesc(
                    configName: 'ysul-deploy',
                    verbose: true,
                    transfers: [
                        sshTransfer(
                            sourceFiles: '**',
                            remoteDirectory: 'api.nasqueron.org',
                            cleanRemote: true,
                        )
                    ]
                )
            ]
        )
    }
}
dereckson mentioned this in D2414: Allow Jenkins CD to publish static sites.Sep 9 2021, 21:50
dereckson mentioned this in rOPS43904679b026: Allow Jenkins CD to publish static sites.Sep 9 2021, 22:54
dereckson moved this task from Backlog to Ops on the Technical debt board.Sep 12 2021, 11:57
dereckson closed this task as Resolved.Apr 16 2023, 20:10
dereckson claimed this task.
dereckson added a commit: rOPS6817329915b7: Provide the "deploy" account for roles needing it.
dereckson added a revision: D3032: Provide the "deploy" account for roles needing it.

Account is now provided to the roles defined in _modules/node.py for the method node.has_deployment.

dereckson mentioned this in rOPS6817329915b7: Provide the "deploy" account for roles needing it.Apr 16 2023, 20:11
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator