EPIC: Scap3 should implement the services team requirements
Closed, ResolvedPublic

Description

The scap3 system should satisfy the requirements set out by the services team in T93428: Streamline our service development and deployment process.

GWicke created this task.Aug 18 2015, 11:08 PM
GWicke updated the task description. (Show Details)
GWicke raised the priority of this task from to Needs Triage.
GWicke added projects: Scap, Deployment-Systems.
GWicke added a subscriber: GWicke.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 18 2015, 11:08 PM

End of quarter check-in on where we stand on these tasks:

This task represents much of the backlog of the Scap3 workboard. Next quarter's goal is to finish and expand the use of Scap3, so work on these workboard items will continue.

At the end of the quarter here is where these requirements stand:

  • rolling deploys / config changes
    • We have rolling, staged deploys, i.e. you can limit the parallelism of a given deploy and a given stage within that deploy
    • You can fetch code in parallel across hosts while switching to new code in serial
    • You can target specific subsets of hosts using deploy --limit-hosts [pattern or range]
    • Config change deploy should merge soon https://gerrit.wikimedia.org/r/#/c/240292/
    • We support post-deploy checks (currently just checking port, expand checks are in process)
  • minimum privilege operation; should have a small attack surface
    • This quarter's updates to keyholder mean that:
      1. There is a small group with access to the deploy-service key
      2. The only sudoer permission change has been limited to service restart
  • (eventually) consistent deploys
    • code versions are tracked by using tags on the target repo, the currently deployed revision is available on tin:/srv/deployment/[repo]/.git/DEPLOY_HEAD
    • Rollback has been implemented (T109514) in such a way that any failure during any stage reverts back to the previous, known-good, state
thcipriani moved this task from Needs triage to Services MVP on the Scap board.Sep 30 2015, 10:36 PM
thcipriani triaged this task as Normal priority.

@thcipriani, thanks for the broad overview. Could you add detail on the sub-requirements in T93428 ?

thcipriani renamed this task from Scap3 should implement the services team requirements to EPIC: Scap3 should implement the services team requirements.
thcipriani set Security to None.
greg edited projects, added scap2; removed Deployment-Systems.Feb 9 2016, 11:34 PM
dduvall closed this task as Resolved.Feb 12 2016, 7:31 PM
dduvall claimed this task.
dduvall added a subscriber: dduvall.

All requirements have been implemented. We're now working on adoption.