Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(research): Create staging-1 server with auto wiping database #1530

Merged
merged 2 commits into from
Nov 18, 2022

Conversation

vbustamante
Copy link
Contributor

This wraps up this iteration of the staging-1 work started on #1474

With the code contained here, a functional version of staging-1 can be brought up, loading most of the sensitive data (save only the database credentials, which proved a little harder to isolate) from AWS Secrets.

The only remaining issue is CoreOS' SELinux, which isn't easily disabled via terraform/butane. The method to disable it manually is documented in the README file.

Signed-off-by: Victor Bustamante <victor@systeminit.com>
Signed-off-by: Victor Bustamante <victor@systeminit.com>
@linear
Copy link

linear bot commented Nov 17, 2022

ENG-692 Refactor our deployment strategy

  • Create dev.systeminit.com
    • Use CoreOS and Butane to deploy a 'dev.systeminit.com' URI that auto-deploys from head
    • It should wipe the database every deployment
  • Make app.systeminit.com deploy manually
    • Rather than auto-updating, we should manually decide when to update app.systeminit.com

@netlify
Copy link

netlify bot commented Nov 17, 2022

👷 Deploy request for system-init-corp pending review.

A Netlify team Owner will need to approve the deploy before you can run your build.

Are you a team Owner? Visit the deploys page to approve it

Need more help? Learn more in the Netlify docs

Name Link
🔨 Latest commit 3f2c4b7

Copy link
Contributor

@nickgerace nickgerace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Phenomenal.

Comment on lines +2 to +3
apt update
apt install -y postgresql-client
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are these commands ran?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They run inside of the container that is going to be affected. Since we're running everything on debians (rust's default docker images use it as a base) this is safe, but it does feel a bit hack-ish

- "${DOCKER_CONFIG:-~/.docker/config}:/config.json:ro"
command: --interval 30 --label-enable
- "${DOCKER_CONFIG:-~/.docker/config.json}:/config.json:ro"
command: --interval 10 --label-enable
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment on lines +88 to +106
# Note(victor): This is not vital but is necessary. I will not be taking questions at this time.
- name: layer-vim.service
enabled: true
contents: |
[Unit]
Description=Install Vim
Wants=network-online.target
After=network-online.target

# We run before `zincati.service` to avoid conflicting rpm-ostree
# transactions. - https://docs.fedoraproject.org/en-US/fedora-coreos/os-extensions/
After=layer-awscli.service
Before=zincati.service


[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive --idempotent vim
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jokes aside, there may be a "system packages" step that evolves from the groundwork here. For instance, we will likely eventually want toolbox on here so that we don't have to do this on the host.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very cool! I also feel like butane could make this simpler but the task that track this isn't very active sadly

@vbustamante
Copy link
Contributor Author

bors merge

@si-bors-ng
Copy link
Contributor

si-bors-ng bot commented Nov 18, 2022

@si-bors-ng si-bors-ng bot merged commit 95a530d into main Nov 18, 2022
@si-bors-ng si-bors-ng bot deleted the victor/eng-692-refactor-our-deployment-strategy branch November 18, 2022 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants