From 1211040ecf31a8c6970c070eeeb00d9872c7d2e0 Mon Sep 17 00:00:00 2001 From: Christian Boettcher <c.boettcher@fz-juelich.de> Date: Thu, 18 Nov 2021 08:04:45 +0100 Subject: [PATCH] change deployment process to get encryption key from gitlab ci --- .gitlab-ci.yml | 5 +++-- deploy_scripts/cloudinit.yml | 3 --- deploy_scripts/deployment.sh | 4 ++-- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 56fd5d5..de6d5a8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ light-deploy-production: environment: Production script: - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "cd /home/apiserver/datacatalog && sudo git pull --all && sudo git checkout -f $CI_COMMIT_TAG" - - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN" + - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo SECRETS_ENCRYPTION_KEY=$SECRETS_ENCRYPTION_KEY, /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN" full-deploy-production: stage: deploy @@ -99,6 +99,7 @@ full-deploy-production: - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo mkdir -p /app/mnt" - ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN "sudo mount /dev/vdb1 /app/mnt" - until ssh -oStrictHostKeyChecking=accept-new apiserver@$PRODUCTION_DOMAIN ls /finished_cloudinit >/dev/null 2>&1; do sleep 30; done # wait until cloudinit script is complete + - SECRETS_ENCRYPTION_KEY=$SECRETS_ENCRYPTION_KEY, /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $PRODUCTION_URL $PRODUCTION_DOMAIN full-deploy-testing: stage: deploy @@ -110,7 +111,6 @@ full-deploy-testing: environment: Testing script: - echo "Starting the full testing deployment." - - sed -i 's_datacatalog.fz_zam10036.zam.kfa_g' deploy_scripts/cloudinit.yml - pip install python-openstackclient - OLD_ID=`openstack server show $TESTING_NAME -f value -c id` - openstack server set --name $OLD_TEST_NAME $OLD_ID @@ -121,6 +121,7 @@ full-deploy-testing: - sleep 10 # ensure that next command reaches the new server, prevents host key problems # TODO move local zip of certificate-docker-volume to server once startup is complete - until ssh -oStrictHostKeyChecking=accept-new apiserver@$TESTING_DOMAIN ls /finished_cloudinit >/dev/null 2>&1; do sleep 30; done # wait until cloudinit script is complete + - /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $TESTING_URL $TESTING_DOMAIN cleanup-failed-full-deployment: diff --git a/deploy_scripts/cloudinit.yml b/deploy_scripts/cloudinit.yml index 0b739dd..97a9d59 100644 --- a/deploy_scripts/cloudinit.yml +++ b/deploy_scripts/cloudinit.yml @@ -51,7 +51,4 @@ runcmd: - 'git clone https://gitlab.jsc.fz-juelich.de/rybicki1/datacatalog.git /home/apiserver/datacatalog' - docker network create net # general startup takes long enough that no delay should bee needed - 5 to 6 minutes until these commands are executed - - 'export API_URL=https://datacatalog.fz-juelich.de/' - - 'export SERVER_DOMAIN=datacatalog.fz-juelich.de' - - /home/apiserver/datacatalog/deploy_scripts/deployment.sh /home/apiserver/datacatalog $API_URL $SERVER_DOMAIN - touch /finished_cloudinit diff --git a/deploy_scripts/deployment.sh b/deploy_scripts/deployment.sh index 3e3ba1f..63523ec 100755 --- a/deploy_scripts/deployment.sh +++ b/deploy_scripts/deployment.sh @@ -25,8 +25,8 @@ sed -i "s_datacatalog.fz-juelich.de_${SERVER_DOMAIN}_g" docker-compose.yml # it is at this point assumed that ip and volume are correctly assigned, and that dns is working properly docker-compose pull # pull changed images (e.g. new latest, or specific tag) -TIME=`date +%Y-%m-%d-%H-%M` -mv /app/mnt/docker.log "/app/mnt/docker.log.${TIME}" +# TIME=`date +%Y-%m-%d-%H-%M` +# mv /app/mnt/docker.log "/app/mnt/docker.log.${TIME}" docker-compose up -d # should only restart changed images, which will also update nginx and reverse-proxy image if needed -- GitLab