Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update deployment playbook to help set up staging deployments #941

Open
dacook opened this issue Sep 25, 2024 · 1 comment
Open

Update deployment playbook to help set up staging deployments #941

dacook opened this issue Sep 25, 2024 · 1 comment

Comments

@dacook
Copy link
Member

dacook commented Sep 25, 2024
edited
Loading

This playbook is used to set up a staging server so that we can stage PRs on it:
https://github.com/openfoodfoundation/ofn-install/blob/d8be2a1d3cc05e93f0a91fdf0175ddbc1919f2c1/roles/semaphore_deployment/tasks/main.yml

But the last few actions don't make sense to me. I think it might have been useful in setting up the first staging server. Then the private key would have been copied and stored as the GitHub secret: DEPLOYMENT_KEY. Hmm probably it's still sitting on one of the staging servers.

The public key goes in authorized_keys on the staging server. It's public, so we could streamline the process with the playbook (rather than I having to spend ages trying various keys with trial and error to find out which one it is).

  • Add the deployment public key to this repo and make the playbook automatically load it to /home/ofn-deploy/.ssh/authorized_keys

Another setup task is to update the GitHub secret DEPLOYMENT_HOSTS to include the new staging server. I don't think we can automate that, but we could probably

  • Add a task in the playbook to output the required line(s) for a known_hosts file, with notes on what to do with it.

We have the known_hosts stored in BitWarden at the moment, although it could be stored publicly as a file in the openfoodnetwork repo, because it only contains public keys.
@github-project-automation github-project-automation bot moved this to All the things 💤 in OFN Delivery board Sep 25, 2024
@dacook
Copy link
Member Author

dacook commented Sep 25, 2024

The authorized_keys entry to add to /home/ofn-deploy/.ssh/authorized_keys (for the current private DEPLOYMENT_KEY):

restrict,command="sudo /home/ofn-deploy/deploy \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAHRY3/caNz7v1ZlIJyzyLtniu7PPYvui+CDCtoRk9cgUabk0uxWsp9o7l7LF3CuCK3DhCDfdniDd1tdLd6eCAkbr3QaJpiwsrMryZ0JJF3oKOoH8lVMeV7hYgs95XYfKka2Jj2d99z2PhkJgR3/7Ppj/VA/2sZUm/qmC55Erzy0BOCVo/P+AWgQEZG3dW41rCDk1XlUAgubyO0zlCWDAvghrjfRfHFPDmHx+DCdvC9AwnQkTnnk93t6HTNCi+t11Scv7xqegVeR4p/09BAvrauAueb46chN3b6VwlPdUMotyhS5S/6xmgWtbLv46MHBe17rfCUG0Gun0XZJA44C/0JP7bl6URYwSshqEu/uRW7rVaL1MXr+OoePXZ7pZQ8rYaYMDJjhEoUerUQPY8ogFe1aMp7JzkgoEM6OG6J0DkrkH+l79k2t68GGA2eu4lAX7v9DV9U/3dU3ggM7sYYNdu7EkYjD4+w00VLKwoQXZtbfs73ADHoZvuCtpqgPzvSDOzIgBbw25nf/EA2EzDm/XotwAiryoKSnfRuI3Qx5+I7lJTI0VzoX7Bo9ZPD6inxU6cJ2rrhb1YaSgnIoJcH1rgDX3NdzQLTZVWzYZBx346+/9PyrscPB4K/iu/yse6TUsfQMflhF3IJo+5K2KvR9BXXQ650Smib5ISL6ZBR8m+2Q== GitHub-Action-Stage.yml

@dacook dacook mentioned this issue Sep 26, 2024
Closed
19 tasks
@dacook dacook mentioned this issue Oct 14, 2024
Open
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
OFN Delivery board
Status: All the things 💤
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dacook