Customize query in gerrit
Details
Details
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | MoritzMuehlenhoff | T164780 Sunset our use of Salt | |||
| Resolved | thcipriani | T129290 [keyresult] Migrate remaining trebuchet deployed services | |||
| Resolved | • Niharika | T129134 Deploy scholarships with scap3 |
Event Timeline
Comment Actions
@Niharika said she would like to take a shot at this to learn a bit about Scap and prod deployments. Hopefully @thcipriani and I can help her find a good example to follow and get reviews of the needed changes.
Comment Actions
hrm, not too many php app examples outside of phabricator which has some weird edgecases, IIRC.
The migration guide: https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide should be helpful in this instance.
The fact that scholarships uses a .env file for configuration in the root directory of the repo that isn't checked into git will be a bit of a stumbling block. It's not insurmountable -- the easiest thing to do would be to move it outside of the repository, I think.
The reason for this is that scap3 does symlink swapping for deployment, i.e. it creates a directory structure where /srv/deployment/scholarships/scholarships is a symlink to /srv/deployment/scholarships/scholarships-cache/revs/[sha1]. When you deploy a new revision, a new directory is created under revs, e.g. /srv/deployment/scholarships/scholarships-cache/revs/[new-sha1] and then swaps the symlink. Currently, it is not trivial to have untracked code in the repository.
Comment Actions
We can easily make a change in the app to look for the local environment settings outside of the app root. I was being a bit of a 12-factor app prima donna when I originally coded that stuff. The .env file itself was a compromise when techops rejected injecting all of the settings via the apache environment.
Comment Actions
Change 324022 had a related patch set uploaded (by BryanDavis):
Look for additional environment files
Comment Actions
Change 326461 had a related patch set uploaded (by Niharika29):
Deploy scholarships with scap3
Comment Actions
Change 326872 had a related patch set uploaded (by BryanDavis):
Add scap3 control files
Comment Actions
Code reviewed the patches that are outstanding for scholarships. One thing I noticed in my review is that krypton may not be accessible from tin via ssh(?):
[thcipriani@tin ~]$ nc -vz krypton.eqiad.wmnet -w 1 22 krypton.eqiad.wmnet [10.64.32.182] 22 (ssh) : Connection timed out
In which case we'd have to add some ferm rules in the puppet patch (https://gerrit.wikimedia.org/r/#/c/326461/5) to allow access from the deployment hosts.
Comment Actions
I realized these ferm rules are in scap::ferm already :)
@Niharika do you have some time to run a deployment of scholarships either this week or next?
https://gerrit.wikimedia.org/r/#/c/326872/ will need to land in the scholarships repo if all looks good to you.
Then we'll have to find someone who can do all the puppet wrangling necessary.
I wrote up a rough outline of what the first deployment with scap looks like: https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment
Comment Actions
Sure thing. To confirm - this part still follows the old deployment steps, doesn't it? Here are the notes I have from the couple of times I did this with @bd808:
Deployment steps (on tin):
cd /srv/deployment/scholarships/scholarships
git fetch // Fetches the latest things from master
git log --stat HEAD..@{upstream} // Magic that lets you see the new stuff
git deploy start // Tell Trebuchet we want to start a deployment
git reset --hard origin/master // Low-level git command to force it to be same as master branch
git deploy sync // Push out the changes to the server (krypton in our case)Then we'll have to find someone who can do all the puppet wrangling necessary.
I wrote up a rough outline of what the first deployment with scap looks like: https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment
I haven't used cumin or run puppet before. Sounds fun. I will need some guidance for this part. :)
Comment Actions
^ This should all stay the same
git deploy start Tell Trebuchet we want to start a deployment
git reset --hard origin/master Low-level git command to force it to be same as master branch
git deploy sync // Push out the changes to the server (krypton in our case)
^ This will all be replaced with:
cd /srv/deployment/scholarships/scholarships scap deploy -v "Message for IRC"
That will be all that's needed for normal deployments.
The first deployment/migration has a few extra steps, it's all outlined on the wikitech page: https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment
Ops will do at least part of those steps. The step that will be different for the deployer is that once the puppet patches are merged, and puppet is run on tin, you'll run scap deploy --init in /srv/deployment/scholarships/scholarships. After that puppet will be run on krypton and then it'll just be a regular deployment to confirm that everything is working.
Then we'll have to find someone who can do all the puppet wrangling necessary.
I wrote up a rough outline of what the first deployment with scap looks like: https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment
I haven't used cumin or run puppet before. Sounds fun. I will need some guidance for this part. :)
I don't think anyone but roots has access to cumin and (mostly) running puppet on these machines. @fgiunchedi has a good amount of scap3 experience. @fgiunchedi do you have some time this week to assist with scholarships deployment?
Comment Actions
@thcipriani's commands missed the step of actually applying the fetched changes:
$ cd /srv/deployment/scholarships/scholarships $ git fetch # Fetch the latest things from master $ git log --stat HEAD..@{upstream} # Show what has changed in master so you don't get surprised $ git reset --hard origin/master # Make the checkout match master exactly # Wait here for a root to do steps 3-5 from https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment $ scap deploy --init # Wait here for a root to do step 7 from https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment $ scap deploy -v "Message for IRC" # Push out the changes to the server (krypton in our case)
Comment Actions
Yeah I can assist with ops-y steps, preferably next week or if everything is in place already also later today in the UTC afternoon would work
Comment Actions
Change 326872 merged by jenkins-bot:
[wikimedia/wikimania-scholarships@master] Add scap3 control files
Comment Actions
Okay, so these ^ steps are done now.
Wait here for a root to do steps 3-5 from https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment
$ scap deploy --init
Wait here for a root to do step 7 from https://wikitech.wikimedia.org/wiki/Scap3/Migration_Guide#First_Deployment
$ scap deploy -v "Message for IRC" # Push out the changes to the server (krypton in our case)
Comment Actions
Change 326461 merged by Filippo Giunchedi:
[operations/puppet@production] Deploy scholarships with scap3
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2017-09-12T16:35:08Z] <niharika29@tin> Started deploy [scholarships/scholarships@004635d]: Deploying scholarships with scap3 T129134
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2017-09-12T16:35:20Z] <niharika29@tin> Finished deploy [scholarships/scholarships@004635d]: Deploying scholarships with scap3 T129134 (duration: 00m 03s)