From c63dda81f29376de1a1b169198585ccc0916b36e Mon Sep 17 00:00:00 2001 From: Joe Krzystan Date: Wed, 19 Aug 2020 15:39:47 -0400 Subject: [PATCH 1/2] Use CF7 for rolling deploys and restarts Updating circleci config to use latest CircleCI convenience images and cloudfoundry CLI to remove outdated dependencies. --- .circleci/config.yml | 60 +++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 213c1727e..f31c84da9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,12 +2,14 @@ # # Check https://circleci.com/docs/2.0/language-python/ for more details # -cf-docker-image: &CF_DOCKER_IMAGE - docker: - - image: 18fgsa/cloud-foundry-cli - environment: - - TZ=America/New_York - - CF_API: https://api.fr.cloud.gov +install-cf7: &install-cf7 + run: + name: Install CF7 + command: | + curl -L -o cf7.deb 'https://packages.cloudfoundry.org/stable?release=debian64&version=v7&source=github' + sudo dpkg -i cf7.deb + rm cf7.deb + cf7 api https://api.fr.cloud.gov version: 2 jobs: @@ -84,50 +86,62 @@ jobs: - ./* deploy_to_staging: - <<: *CF_DOCKER_IMAGE - + docker: + - image: cimg/base:2020.01 + environment: + - TZ=America/New_York + - CF_SPACE: staging + - CF_APP: tock + - CF_MANIFEST: manifest-staging.yml steps: - attach_workspace: at: . + - *install-cf7 - run: - name: Login to cloud.gov Staging - command: cf login -a ${CF_API} -u ${CF_DEPLOYER_USERNAME_STAGING} -p ${CF_DEPLOYER_PASSWORD_STAGING} + name: Login to cloud.gov + command: cf7 login -u ${CF_DEPLOYER_USERNAME_STAGING} -p {CF_DEPLOYER_PASSWORD_STAGING} -o gsa-18f-tock -s ${CF_SPACE} - run: name: Save version to file system command: echo ${CIRCLE_SHA1} > tock/VERSION - run: - name: deploy Tock Staging to cloud.gov - command: cf_deploy.sh tock gsa-18f-tock staging manifest-staging.yml + name: Deploying Tock Staging to cloud.gov + command: cf7 push $CF_APP --strategy rolling -f ${CF_MANIFEST} deploy_to_production: - <<: *CF_DOCKER_IMAGE - + docker: + - image: cimg/base:2020.01 + environment: + - TZ=America/New_York + - CF_SPACE: prod + - CF_MANIFEST: manifest-production.yml steps: - attach_workspace: at: . + - *install-cf7 - run: name: Login to cloud.gov Production - command: cf login -a ${CF_API} -u ${CF_DEPLOYER_USERNAME_PRODUCTION} -p ${CF_DEPLOYER_PASSWORD_PRODUCTION} + command: cf7 login -u ${CF_DEPLOYER_USERNAME_PRODUCTION} -p ${CF_DEPLOYER_PASSWORD_PRODUCTION} -o gsa-18f-tock -s ${CF_SPACE} - run: name: Save version to file system command: echo ${CIRCLE_TAG} > tock/VERSION - run: name: Deploy Tock Production to cloud.gov - command: cf_deploy.sh tock gsa-18f-tock prod manifest-production.yml + command: cf7 push tock --strategy rolling -f ${CF_MANIFEST} recycle_production: - <<: *CF_DOCKER_IMAGE - + docker: + - image: cimg/base:2020.01 + environment: + - TZ=America/New_York + - CF_SPACE: prod steps: + - *install-cf7 - run: name: Login to cloud.gov Production - command: cf login -a ${CF_API} -u ${CF_DEPLOYER_USERNAME_PRODUCTION} -p ${CF_DEPLOYER_PASSWORD_PRODUCTION} - - run: - name: Install cf-rolling-restart - command: cf install-plugin -f -r CF-Community "cf-rolling-restart" + command: cf7 login -u ${CF_DEPLOYER_USERNAME_PRODUCTION} -p ${CF_DEPLOYER_PASSWORD_PRODUCTION} -o gsa-18f-tock -s ${CF_SPACE} - run: name: Performing a rolling restart of Tock Production instances - command: cf rolling-restart tock + command: cf restart tock --strategy rolling workflows: version: 2 From 27aba98ef146a8e6aba1db0af384038d9e04c4ac Mon Sep 17 00:00:00 2001 From: Joe Krzystan Date: Wed, 26 Aug 2020 12:26:45 -0400 Subject: [PATCH 2/2] Update docs to reflect new deploy approach Removing references to zdt and autopilot, replacing with V7 CLI commands. --- docs/deployment-process.md | 68 ++++++++++++-------------------------- 1 file changed, 21 insertions(+), 47 deletions(-) diff --git a/docs/deployment-process.md b/docs/deployment-process.md index a1d211eeb..958fec91c 100644 --- a/docs/deployment-process.md +++ b/docs/deployment-process.md @@ -8,13 +8,7 @@ Download the Cloud Foundry CLI according to the [cloud.gov instructions][]. [cloud.gov instructions]: https://docs.cloud.gov/getting-started/setup/ -You will also need to install the [`autopilot`](https://github.com/contraband/autopilot) -plugin for Cloud Foundry, which is used for zero-downtime deploys: - -```shell -# Install the plugin -cf install-plugin autopilot -f -r CF-Community -``` +We use the V7 Cloud Foundry CLI. If you're upgrading from V6, checkout [the CLI docs for instructions](https://github.com/cloudfoundry/cli). Tock will be deployed to the GovCloud instance of cloud.gov: @@ -23,8 +17,11 @@ Tock will be deployed to the GovCloud instance of cloud.gov: cf login -a api.fr.cloud.gov --sso ``` -After this deployment, you'll need to target the org and space you want to work with. For example, if you wanted to work with the dev space: -`cf target -o gsa-18f-tock -s dev` +After authenticating, you'll need to target the org and space you want to work with. For example, if you wanted to work with the dev space: + +``` +cf target -o gsa-18f-tock -s dev +``` Manifest files, which contain import deploy configuration settings, are located in the root directory of this project, prefixed with `manifest-` and ending in a @@ -32,9 +29,7 @@ in the root directory of this project, prefixed with `manifest-` and ending in a During local development and continuous integration testing, `pipenv install --dev` is used. This installs both development -and production dependencies. During deployments, the Cloud Foundry -Python buildpack generates a `requirements.txt` file with `pipenv lock -r` -and installs only production dependencies. +and production dependencies. During deployments, the `requirements.txt` file is used to install dependencies. ### Cloud Foundry structure @@ -92,9 +87,8 @@ cf cups tock-credentials -p credentials-.json # Binding the service to the app cf bind-service tock-credentials -# Restaging the app to make use of the updated credentials. This will cause -# downtime in the application. It is better to use zero-downtime-push instead. -cf restage +# Restaging the app to make use of the updated credentials. +cf restage --strategy rolling ``` You can update the user-provided service with the following commands: @@ -103,9 +97,8 @@ You can update the user-provided service with the following commands: # Uploading the new credentials to the service cf uups tock-credentials -p credentials-staging.json -# Restaging the app to make use of the updated credentials. This will cause -# downtime in the application. It is better to use zero-downtime-push instead. -cf restage +# Restaging the app to make use of the updated credentials. +cf restage --strategy rolling ``` #### Database service @@ -152,7 +145,7 @@ Should you need to, you can push directly to tock.app.cloud.gov with the followi ```sh cf target -o gsa-18f-tock -s staging -cf zero-downtime-push tock-staging -f manifest-staging.yml +cf push tock-staging -f manifest-staging.yml --strategy rolling ``` ### Production servers @@ -162,7 +155,7 @@ be made against the `main` branch following the [_Automated Releases to Production_](#automated-releases-to-production) workflow. In some cases, you may need to make a manual deployment to production. If this is the case, please make -sure you're using the Cloud Foundry [autopilot plugin](https://github.com/contraband/autopilot). +sure you're using the rolling deployment strategy with `--strategy rolling` To deploy, first make sure you're targeting the prod space: @@ -170,12 +163,6 @@ To deploy, first make sure you're targeting the prod space: cf target -o gsa-18f-tock -s prod ``` -If you don't already have the autopilot plugin, you can install it by running the following: - -```sh -cf install-plugin autopilot -f -r CF-Community -``` - Create a `VERSION` file with the name of the version that is being deployed to production either with the Git SHA1 for the latest commit or the Git tag for the latest release: @@ -188,33 +175,20 @@ echo $(git rev-parse HEAD | head -c 7) > tock/VERSION echo $(git describe --abbrev=0 --tags) > tock/VERSION ``` -Then use the autopilot plugin's `zero-downtime-push` command to deploy: +Then use the CLI to deploy: ```sh -cf zero-downtime-push tock -f manifest-production.yml +cf push tock -f manifest-production.yml --strategy rolling ``` -#### Troubleshooting failed manual zero-downtime deployments +#### Troubleshooting failed deployments -If at any point the deployment fails, there should still be zero-downtime for -the production instance. Please verify that the Tock applications that are -running are named correctly and cleaned up. In the following example commands, -the variables should be replaced with the values found in the previous -commands. +If at any point the deployment fails, we can use the CLI to recover to our previous state. -- `${STOPPED_TOCK_APP}` — The application that reads `stopped` from `cf apps`. -- `${TOCK_VERNERABLE_APP_NAME}` — The application that reads `-venerable` from - `cf apps`. +https://docs.cloudfoundry.org/devguide/deploy-apps/rolling-deploy.html#cancel -```sh -# List all applications in the targeted space -cf apps - -# Delete the stopped application -cf delete ${STOPPED_TOCK_APP} -f - -# Rename the started application to match project conventions -cf rename ${TOCK_VERNERABLE_APP_NAME} tock +``` +cf cancel-deployment tock ``` ### Logs @@ -310,7 +284,7 @@ number after the period (e.g., `v20180131.1` turns into `v20180131.2`). Once you push this tag up to GitHub, draft or assign it to an already drafted release in GitHub. CircleCI will deploy this tag to the Production -instance of Tock using CF Autopilot. +instance of Tock. ## Maintenance Mode