From 1211040ecf31a8c6970c070eeeb00d9872c7d2e0 Mon Sep 17 00:00:00 2001
From: Christian Boettcher <c.boettcher@fz-juelich.de>
Date: Thu, 18 Nov 2021 08:04:45 +0100
Subject: [PATCH] change deployment process to get encryption key from gitlab
 ci

---
 .gitlab-ci.yml               | 5 +++--
 deploy_scripts/cloudinit.yml | 3 ---
 deploy_scripts/deployment.sh | 4 ++--
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 56fd5d5..de6d5a8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -73,7 +73,7 @@ light-deploy-production:
   environment: Production
   script:
     - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "cd /home/apiserver/datacatalog && sudo git pull --all && sudo git checkout -f $CI_COMMIT_TAG"
-    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN"
+    - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo SECRETS_ENCRYPTION_KEY=$SECRETS_ENCRYPTION_KEY, /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN"
 
 full-deploy-production:
   stage: deploy
@@ -99,6 +99,7 @@ full-deploy-production:
     - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo mkdir -p /app/mnt"
     - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo mount /dev/vdb1 /app/mnt"
     - until ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN ls /finished_cloudinit >/dev/null 2>&1; do sleep 30; done # wait until cloudinit script is complete
+    - SECRETS_ENCRYPTION_KEY=$SECRETS_ENCRYPTION_KEY, /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN
 
 full-deploy-testing:
   stage: deploy 
@@ -110,7 +111,6 @@ full-deploy-testing:
   environment: Testing
   script:
     - echo "Starting the full testing deployment."
-    - sed -i 's_datacatalog.fz_zam10036.zam.kfa_g' deploy_scripts/cloudinit.yml
     - pip install python-openstackclient
     - OLD_ID=`openstack server show $TESTING_NAME -f value -c id`
     - openstack server set --name $OLD_TEST_NAME $OLD_ID
@@ -121,6 +121,7 @@ full-deploy-testing:
     - sleep 10 # ensure that next command reaches the new server, prevents host key problems
     # TODO move local zip of certificate-docker-volume to server once startup is complete
     - until ssh -oStrictHostKeyChecking=accept-new apiserver@$TESTING_DOMAIN ls /finished_cloudinit >/dev/null 2>&1; do sleep 30; done # wait until cloudinit script is complete
+    - /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $TESTING_URL $TESTING_DOMAIN
 
   
 cleanup-failed-full-deployment:
diff --git a/deploy_scripts/cloudinit.yml b/deploy_scripts/cloudinit.yml
index 0b739dd..97a9d59 100644
--- a/deploy_scripts/cloudinit.yml
+++ b/deploy_scripts/cloudinit.yml
@@ -51,7 +51,4 @@ runcmd:
   - 'git clone https://gitlab.jsc.fz-juelich.de/rybicki1/datacatalog.git /home/apiserver/datacatalog'
   - docker network create net
   # general startup takes long enough that no delay should bee needed - 5 to 6 minutes until these commands are executed
-  - 'export API_URL=https://datacatalog.fz-juelich.de/'
-  - 'export SERVER_DOMAIN=datacatalog.fz-juelich.de'
-  - /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $API_URL $SERVER_DOMAIN
   - touch /finished_cloudinit
diff --git a/deploy_scripts/deployment.sh b/deploy_scripts/deployment.sh
index 3e3ba1f..63523ec 100755
--- a/deploy_scripts/deployment.sh
+++ b/deploy_scripts/deployment.sh
@@ -25,8 +25,8 @@ sed -i "s_datacatalog.fz-juelich.de_${SERVER_DOMAIN}_g" docker-compose.yml
 # it is at this point assumed that ip and volume are correctly assigned, and that dns is working properly
 
 docker-compose pull #  pull changed images (e.g. new latest, or specific tag)
-TIME=`date +%Y-%m-%d-%H-%M`
-mv /app/mnt/docker.log "/app/mnt/docker.log.${TIME}"
+# TIME=`date +%Y-%m-%d-%H-%M`
+# mv /app/mnt/docker.log "/app/mnt/docker.log.${TIME}"
 
 docker-compose up -d # should only restart changed images, which will also update nginx and reverse-proxy image if needed
 
-- 
GitLab