-
Notifications
You must be signed in to change notification settings - Fork 0
Deployment Plan
Clyde Geyer edited this page Apr 21, 2026
·
3 revisions
- Project: Thunder Bay Cut Flowers Monitoring System
- Date: 2026-04-14
- Environment scope: Staging and Production
- Deployment owner: Release Manager
- Status: Draft for team review
- Deploy the backend API, frontend, database schema, CV pipeline, and device upload path as one working system.
- Preserve data integrity and secure authentication for users and devices.
- Enable ongoing operations (monitoring, backups, alerting support, and incident response).
- User can register, log in, and view dashboard/data pages.
- Device can upload JPEG images with API key authentication.
- Record ingestion, CV scoring, and optional email alerting work end-to-end.
- Database backups and restore procedure are validated.
- Support team can execute runbook tasks without developer intervention.
- Node.js Express backend
- Next.js frontend static export hosted by backend
- PostgreSQL database and DDL/migrations
- Python CV analysis dependencies and runtime
- SMTP-based email alerting configuration
- ESP32 device provisioning and API key onboarding
- Hardware manufacturing or sensor redesign
- Large-scale horizontal autoscaling architecture changes
- New feature development beyond deployment readiness
- Application server VM or physical host
- PostgreSQL server host (can be same host for small deployment)
- HTTPS termination layer (reverse proxy/load balancer with TLS certificates)
- Secure secrets storage method (environment variables and restricted access)
- Backup storage target (off-host and/or cloud object storage)
- CI/CD runner or deployment workstation
- ESP32-S3 camera devices with firmware tooling
- Network access to NTP, sunrise-sunset API, and SMTP provider
| Role | Primary Responsibility During Installation | Primary Responsibility During Operations |
|---|---|---|
| Release Manager | Own deployment checklist, go/no-go decision, timeline control | Own release calendar and rollback decisions |
| Backend Engineer | Configure API service, routes, env vars, process startup | Triage API incidents, patch backend defects |
| Frontend Engineer | Build/export client bundle, verify page routing and API base URL | Support UI regressions and compatibility issues |
| Database Administrator | Provision DB, run DDL/migrations, validate indexes and backups | Own backup/restore, data integrity checks, SQL performance |
| DevOps/SRE | Provision infrastructure, TLS, logging, monitoring, service restart policy | Uptime, alerting, scaling, capacity planning |
| QA Engineer | Execute smoke/regression/UAT scripts | Run post-release verification and defect triage |
| Support Analyst | Validate support runbook and user onboarding flow | First-line support and escalation handling |
| Security Lead | Validate secrets handling and auth hardening | Review vulnerabilities and rotate credentials |
| Firmware/Device Technician | Flash firmware, configure Wi-Fi/API key, field test uploads | Replace/re-provision failed devices |
| Trainer | Deliver end-user and support training sessions | Refresher training and knowledge base updates |
- Application process manager for Node service (service unit or equivalent)
- PostgreSQL service with restricted DB user permissions
- Scheduled backup job and restore validation workflow
- Log aggregation and retention policy for API, DB, and CV subprocess logs
- Incident ticketing and escalation workflow
- Daily logical backup of database.
- Weekly restore test into non-production environment.
- Backup retention policy: 30 daily, 12 monthly snapshots.
- Owner: Database Administrator.
- Ingestion endpoint acknowledges upload immediately, then performs asynchronous image analysis and persistence.
- Monitor CV timeout/failure rates and fallback-score usage.
- Maintain Python dependencies in a pinned environment.
- Owner: Backend Engineer + DevOps/SRE.
- Validate SMTP credentials, domain restrictions, and score threshold settings.
- Monitor delivery failures and cooldown behavior.
- Owner: Support Analyst + Backend Engineer.
- Rotate JWT secret, device API keys (as required), and SMTP credentials.
- Enforce production setting to prevent insecure auth fallback.
- Owner: Security Lead + DevOps/SRE.
Configure and validate at minimum:
- API service:
- ENVIRONMENT
- PORT
- JWT_SECRET
- DB_NAME
- DB_USER
- DB_PASSWORD
- CV_ANALYSIS_ENABLED
- CV_TIMEOUT_MS
- CV_FALLBACK_SCORE
- ALERT_EMAIL_ENABLED
- ALERT_EMAIL_SCORE_THRESHOLD
- ALERT_EMAIL_COOLDOWN_HOURS
- ALERT_EMAIL_GMAIL_USER
- ALERT_EMAIL_GMAIL_APP_PASSWORD
- ALERT_EMAIL_FROM
- Frontend:
- NEXT_PUBLIC_API_BASE_URL
- CV scripts:
- GEMINI_API_KEY
- GEMINI_MODEL (optional)
- CV_ANALYSIS_ENABLED (optional, defaults to true; set false for Gemini-only scoring)
- Device firmware secrets:
- Wi-Fi SSID/password
- device API key
- server name/path
- latitude/longitude
- Create database role and database owner with least privilege.
- Create first admin/operations user account in application.
- Create deployment service account for CI/CD if used.
- Create support staff user accounts for validation access.
- Run base schema script.
- Run migration script for user settings JSON field if needed.
- Optionally seed demo images/data only in non-production.
- Validate monitor, user, and association tables with test records.
- Confirm release window, freeze policy, and communication plan.
- Verify access to infrastructure, DB, email provider, and firmware tooling.
- Verify TLS certificates and DNS records.
- Create final deployment artifact versions and checksums.
Estimated duration: 2 to 3 hours.
- Provision application host and database host.
- Install Node.js runtime and required OS packages.
- Install Python runtime and virtual environment for scripts dependencies.
- Provision storage path for uploaded images with correct permissions.
Estimated duration: 2 to 4 hours.
- Create database role/user and database.
- Execute base DDL script.
- Execute incremental migration scripts (if not already included).
- Run schema validation queries (tables, indexes, constraints).
Estimated duration: 1 to 2 hours.
- Deploy repository code to target host.
- Install backend dependencies.
- Install frontend dependencies and generate static export.
- Verify backend serves static frontend output path.
- Configure process manager/service startup.
Estimated duration: 2 to 3 hours.
- Create production environment file entries using secure secret injection.
- Set JWT secret and enforce production environment mode.
- Configure DB credentials and test connection.
- Configure email credentials and threshold/cooldown values.
- Configure CV credentials and timeout.
Estimated duration: 1 to 2 hours.
- Create monitor records or claim flow path for each production device.
- Flash firmware and configure device secrets (server/API key/location).
- Connect devices to Wi-Fi and validate first upload.
- Confirm records and images appear in app.
Estimated duration: 30 to 60 minutes per device batch.
- Run smoke tests:
- register/login/logout
- monitor create/claim
- recent/range data APIs
- image retrieval
- Trigger controlled test upload and verify record + optional alert.
- Execute UAT sign-off checklist.
- Announce go-live and open hypercare period.
Estimated duration: 2 to 3 hours.
| Major Piece | Estimate | Owner |
|---|---|---|
| Planning and readiness | 2 to 3 hours | Release Manager |
| Infrastructure setup | 2 to 4 hours | DevOps/SRE |
| Database provisioning and migration | 1 to 2 hours | DBA |
| App build and deployment | 2 to 3 hours | Backend + Frontend Engineers |
| Environment/secrets configuration | 1 to 2 hours | DevOps/SRE + Security |
| Device provisioning and first uploads | 0.5 to 1 hour per batch | Device Technician |
| Validation, UAT, go-live | 2 to 3 hours | QA + Release Manager |
| Hypercare (post-release) | 1 to 2 business days | Support + Engineering |
Total initial deployment estimate (excluding hypercare): 10.5 to 18 hours plus device batch time.
- Format: Live walkthrough plus short written guide.
- Duration: 60 minutes.
- Topics:
- login and account basics
- dashboard interpretation
- data page filters and historical analysis
- monitor selection and basic settings
- understanding alerts and response actions
- Validation: completion quiz or practical checklist.
- Format: Runbook workshop and scenario drills.
- Duration: 90 to 120 minutes.
- Topics:
- common incidents (login issues, missing data, device offline)
- log locations and triage flow
- escalation matrix and SLA targets
- credential and key rotation process
- backup/restore request handling
- Validation: incident simulation with pass/fail criteria.
- Format: Deep-dive handoff for DevOps/DBA/Engineering.
- Duration: 2 to 3 hours.
- Topics:
- deployment steps and rollback trigger points
- DB maintenance and restore testing
- CV dependency and timeout management
- alerting configuration and health checks
Initiate backout if any of the following occurs during deployment window:
- Authentication failures across majority of test users
- Device uploads failing at high rate
- Database migration failure causing schema incompatibility
- Critical regression in record retrieval or image serving
- Unrecoverable security misconfiguration (secrets exposure risk)
- Announce deployment rollback and freeze new changes.
- Stop current application service.
- Repoint service to previous known-good release artifact.
- Restore previous environment variable set from secure backup.
- If DB schema/data changed incompatibly:
- restore latest pre-deployment backup into production DB
- validate integrity and application connectivity
- Run smoke validation on restored version.
- Confirm service restoration and communicate status.
- Open postmortem task and capture root cause/actions.
- Application rollback target: 30 to 60 minutes
- Database restore rollback target: 60 to 120 minutes (depends on backup size)
- Pre-deployment notice: 3 to 5 business days before release.
- Deployment start/finish notifications: real-time in team channel.
- Incident communication cadence during rollback: every 15 to 30 minutes.
- Final release report: within 1 business day.
- All required environment values are set and validated.
- DB schema and migrations are complete.
- Frontend static output is present and served correctly.
- Device API keys are provisioned and tested.
- Backup and restore test is successful.
- Support team confirms runbook readiness.
- Go/no-go approval recorded.