Page MenuHomePhabricator

EPIC: Scap3 should implement the services team requirements
Closed, ResolvedPublic


The scap3 system should satisfy the requirements set out by the services team in T93428: Streamline our service development and deployment process.

Event Timeline

GWicke raised the priority of this task from to Needs Triage.
GWicke updated the task description. (Show Details)
GWicke added projects: Scap, Deployments.
GWicke added a subscriber: GWicke.

End of quarter check-in on where we stand on these tasks:

This task represents much of the backlog of the Scap3 workboard. Next quarter's goal is to finish and expand the use of Scap3, so work on these workboard items will continue.

At the end of the quarter here is where these requirements stand:

  • rolling deploys / config changes
    • We have rolling, staged deploys, i.e. you can limit the parallelism of a given deploy and a given stage within that deploy
    • You can fetch code in parallel across hosts while switching to new code in serial
    • You can target specific subsets of hosts using deploy --limit-hosts [pattern or range]
    • Config change deploy should merge soon
    • We support post-deploy checks (currently just checking port, expand checks are in process)
  • minimum privilege operation; should have a small attack surface
    • This quarter's updates to keyholder mean that:
      1. There is a small group with access to the deploy-service key
      2. The only sudoer permission change has been limited to service restart
  • (eventually) consistent deploys
    • code versions are tracked by using tags on the target repo, the currently deployed revision is available on tin:/srv/deployment/[repo]/.git/DEPLOY_HEAD
    • Rollback has been implemented (T109514) in such a way that any failure during any stage reverts back to the previous, known-good, state
thcipriani moved this task from Needs triage to Services MVP on the Scap board.

@thcipriani, thanks for the broad overview. Could you add detail on the sub-requirements in T93428 ?

thcipriani renamed this task from Scap3 should implement the services team requirements to EPIC: Scap3 should implement the services team requirements.Dec 11 2015, 7:07 PM
thcipriani added a project: Epic.
thcipriani set Security to None.
dduvall claimed this task.
dduvall added a subscriber: dduvall.

All requirements have been implemented. We're now working on adoption.