change deployment process to get encryption key from gitlab ci

1211040e · Christian Boettcher · e1972a18 · 1211040e · 1211040e · 1211040e
Commit 1211040e authored 3 years ago by Christian Boettcher
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -73,7 +73,7 @@ light-deploy-production:
  environment: Production
  script:
    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "cd /home/apiserver/datacatalog && sudo git pull --all && sudo git checkout -f $CI_COMMIT_TAG"
-    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN"
+    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo SECRETS_ENCRYPTION_KEY=$SECRETS_ENCRYPTION_KEY, /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN"

 full-deploy-production:
  stage: deploy
@@ -99,6 +99,7 @@ full-deploy-production:
    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo mkdir -p /app/mnt"
    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo mount /dev/vdb1 /app/mnt"
    - until ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN ls /finished_cloudinit >/dev/null 2>&1; do sleep 30; done # wait until cloudinit script is complete
+    - SECRETS_ENCRYPTION_KEY=$SECRETS_ENCRYPTION_KEY, /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN

 full-deploy-testing:
  stage: deploy 
@@ -110,7 +111,6 @@ full-deploy-testing:
  environment: Testing
  script:
    - echo "Starting the full testing deployment."
-    - sed -i 's_datacatalog.fz_zam10036.zam.kfa_g' deploy_scripts/cloudinit.yml
    - pip install python-openstackclient
    - OLD_ID=`openstack server show $TESTING_NAME -f value -c id`
    - openstack server set --name $OLD_TEST_NAME $OLD_ID
@@ -121,6 +121,7 @@ full-deploy-testing:
    - sleep 10 # ensure that next command reaches the new server, prevents host key problems
    # TODO move local zip of certificate-docker-volume to server once startup is complete
    - until ssh -oStrictHostKeyChecking=accept-new apiserver@$TESTING_DOMAIN ls /finished_cloudinit >/dev/null 2>&1; do sleep 30; done # wait until cloudinit script is complete
+    - /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $TESTING_URL $TESTING_DOMAIN

  
 cleanup-failed-full-deployment:

--- a/deploy_scripts/cloudinit.yml
+++ b/deploy_scripts/cloudinit.yml
@@ -51,7 +51,4 @@ runcmd:
  - 'git clone https://gitlab.jsc.fz-juelich.de/rybicki1/datacatalog.git /home/apiserver/datacatalog'
  - docker network create net
  # general startup takes long enough that no delay should bee needed - 5 to 6 minutes until these commands are executed
-  - 'export API_URL=https://datacatalog.fz-juelich.de/'
-  - 'export SERVER_DOMAIN=datacatalog.fz-juelich.de'
-  - /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $API_URL $SERVER_DOMAIN
  - touch /finished_cloudinit
--- a/deploy_scripts/deployment.sh
+++ b/deploy_scripts/deployment.sh
@@ -25,8 +25,8 @@ sed -i "s_datacatalog.fz-juelich.de_${SERVER_DOMAIN}_g" docker-compose.yml
 # it is at this point assumed that ip and volume are correctly assigned, and that dns is working properly

 docker-compose pull #  pull changed images (e.g. new latest, or specific tag)
-TIME=`date +%Y-%m-%d-%H-%M`
-mv /app/mnt/docker.log "/app/mnt/docker.log.${TIME}"
+# TIME=`date +%Y-%m-%d-%H-%M`
+# mv /app/mnt/docker.log "/app/mnt/docker.log.${TIME}"

 docker-compose up -d # should only restart changed images, which will also update nginx and reverse-proxy image if needed