diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9d290cc8..e0b23263 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,18 +1,18 @@ -# Workflow to deploy OntoPortal UI to stage/prod systems +# Workflow to deploy OntoPortal API to stage/prod systems # # Required github secrets: # -# CONFIG_REPO - github repo containing config and customizations for UI. Format 'author/private_config_repo' +# CONFIG_REPO - github repo containing config and customizations for API. Format 'author/private_config_repo' # it is used for getting capistrano deployment configuration for stages on the github actions runner and -# PRIVATE_CONFIG_REPO env var is constructed from it which is used by capistrano on the UI hosts for pulling configs. +# PRIVATE_CONFIG_REPO env var is constructed from it which is used by capistrano on the API hosts for pulling configs. # # GH_PAT - github Personal Access Token for accessing private config repo # -# SSH_JUMPHOST - ssh jump/proxy host though which deployments have to though if UI nodes live on private network. +# SSH_JUMPHOST - ssh jump/proxy host though which deployments have to though if API nodes live on private network. # SSH_JUMPHOST_USER - username to use to connect to the ssh jump/proxy. # # DEPLOY_ENC_KEY - key for decrypting deploymnet ssh key residing in config/ -# this SSH key is used for accessing jump host, UI nodes, and private github repo. +# this SSH key is used for accessing jump host, API nodes, and private github repo. name: Capistrano Deployment # Controls when the action will run. diff --git a/.gitignore b/.gitignore index 8b568832..ed57b8d9 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,6 @@ config/environments/* !config/environments/config.rb.sample #ignore capistrano deployment -config/deploy/* config/*.p12 # Ignore generated test data diff --git a/config/deploy.rb b/config/deploy.rb index 23a982cd..6916caf5 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -1,9 +1,6 @@ -# config valid only for Capistrano 3 - -APP_PATH = '/srv/ontoportal' - -set :application, 'ontologies_api' -set :repo_url, "https://github.com/ncbo/#{fetch(:application)}.git" +set :author, "ontoportal-lirmm" +set :application, "ontologies_api" +set :repo_url, "https://github.com/#{fetch(:author)}/#{fetch(:application)}.git" set :deploy_via, :remote_cache @@ -11,7 +8,7 @@ # ask :branch, proc { `git rev-parse --abbrev-ref HEAD`.chomp } # Default deploy_to directory is /var/www/my_app -set :deploy_to, "#{APP_PATH}/#{fetch(:application)}" +set :deploy_to, "/srv/ontoportal/#{fetch(:application)}" # Default value for :scm is :git # set :scm, :git @@ -20,7 +17,7 @@ # set :format, :pretty # Default value for :log_level is :debug -# set :log_level, :debug +set :log_level, :error # Default value for :pty is false # set :pty, true @@ -32,21 +29,40 @@ # set :linked_dirs, %w{log tmp/pids tmp/cache tmp/sockets vendor/bundle public/system} set :linked_dirs, %w{log vendor/bundle tmp/pids tmp/sockets public/system} -# rbenv -# set :rbenv_type, :system #or :user -# set :rbenv_ruby, '2.2.5' -# set :rbenv_roles, :all # default value - -# do not use sudo -set :use_sudo, false -# required for restarting unicorn with sudo -set :pty, true # Default value for default_env is {} -set :default_env, { -} +# set :default_env, { path: "/opt/ruby/bin:$PATH" } # Default value for keep_releases is 5 set :keep_releases, 5 +set :config_folder_path, "#{fetch(:application)}/#{fetch(:stage)}" + +# If you want to restart using `touch tmp/restart.txt`, add this to your config/deploy.rb: + +SSH_JUMPHOST = ENV.include?('SSH_JUMPHOST') ? ENV['SSH_JUMPHOST'] : 'jumpbox.hostname.com' +SSH_JUMPHOST_USER = ENV.include?('SSH_JUMPHOST_USER') ? ENV['SSH_JUMPHOST_USER'] : 'username' + +JUMPBOX_PROXY = "#{SSH_JUMPHOST_USER}@#{SSH_JUMPHOST}" +set :ssh_options, { + user: 'ontoportal', + forward_agent: 'true', + keys: %w(config/deploy_id_rsa), + auth_methods: %w(publickey), + # use ssh proxy if API servers are on a private network + proxy: Net::SSH::Proxy::Command.new("ssh #{JUMPBOX_PROXY} -W %h:%p") +} + +# private git repo for configuraiton +PRIVATE_CONFIG_REPO = ENV.include?('PRIVATE_CONFIG_REPO') ? ENV['PRIVATE_CONFIG_REPO'] : 'https://your_github_pat_token@github.com/your_organization/ontoportal-configs.git' +desc "Check if agent forwarding is working" +task :forwarding do + on roles(:all) do |h| + if test("env | grep SSH_AUTH_SOCK") + info "Agent forwarding is up to #{h}" + else + error "Agent forwarding is NOT up to #{h}" + end + end +end # inspired by http://nathaniel.talbott.ws/blog/2013/03/14/post-deploy-smoke-tests/ desc 'Run smoke test' @@ -74,7 +90,6 @@ end end - namespace :deploy do desc 'Incorporate the private repository content' @@ -82,10 +97,10 @@ # or get config from local directory if LOCAL_CONFIG_PATH env var is set task :get_config do if defined?(PRIVATE_CONFIG_REPO) - TMP_CONFIG_PATH = "/tmp/#{SecureRandom.hex(15)}" + TMP_CONFIG_PATH = "/tmp/#{SecureRandom.hex(15)}".freeze on roles(:app) do execute "git clone -q #{PRIVATE_CONFIG_REPO} #{TMP_CONFIG_PATH}" - execute "rsync -av #{TMP_CONFIG_PATH}/#{fetch(:application)}/ #{release_path}/" + execute "rsync -av #{TMP_CONFIG_PATH}/#{fetch(:config_folder_path)}/ #{release_path}/" execute "rm -rf #{TMP_CONFIG_PATH}" end elsif defined?(LOCAL_CONFIG_PATH) @@ -98,16 +113,15 @@ desc 'Restart application' task :restart do on roles(:app), in: :sequence, wait: 5 do - # Your restart mechanism here, for example: - # execute :touch, release_path.join('tmp/restart.txt') - execute 'sudo systemctl restart unicorn' - execute 'sleep 5' + # Your restart mechanism here, for example: + # execute :touch, release_path.join('tmp/restart.txt') + execute 'sudo systemctl restart unicorn' + execute 'sleep 5' end end - after :publishing, :get_config - after :get_config, :restart - # after :deploy, :smoke_test + after :updating, :get_config + after :publishing, :restart after :restart, :clear_cache do on roles(:web), in: :groups, limit: 3, wait: 10 do diff --git a/config/deploy/agroportal.rb b/config/deploy/agroportal.rb new file mode 100644 index 00000000..c01f3fb9 --- /dev/null +++ b/config/deploy/agroportal.rb @@ -0,0 +1,17 @@ +# Simple Role Syntax +# ================== +# Supports bulk-adding hosts to roles, the primary +# server in each group is considered to be the first +# unless any hosts have the primary property set. +# Don't declare `role :all`, it's a meta role +role :app, %w[agroportal.lirmm.fr] +role :db, %w[agroportal.lirmm.fr] # sufficient to run db:migrate only on one system +set :branch, ENV.include?('BRANCH') ? ENV['BRANCH'] : 'master' +# Extended Server Syntax +# ====================== +# This can be used to drop a more detailed server +# definition into the server list. The second argument +# something that quacks like a hash can be used to set +# extended properties on the server. +# server 'example.com', user: 'deploy', roles: %w{web app}, my_property: :my_value +set :log_level, :error diff --git a/config/deploy/appliance.rb b/config/deploy/appliance.rb deleted file mode 100644 index fdfe0d70..00000000 --- a/config/deploy/appliance.rb +++ /dev/null @@ -1,49 +0,0 @@ -# Simple Role Syntax -# ================== -# Supports bulk-adding hosts to roles, the primary -# server in each group is considered to be the first -# unless any hosts have the primary property set. -# Don't declare `role :all`, it's a meta role - -# Extended Server Syntax -# ====================== -# This can be used to drop a more detailed server -# definition into the server list. The second argument -# something that quacks like a hash can be used to set -# extended properties on the server. -server 'localhost', roles: %w{app} - -# you can set custom ssh options -# it's possible to pass any option but you need to keep in mind that net/ssh understand limited list of options -# you can see them in [net/ssh documentation](http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start) -# set it globally -# set :ssh_options, { -# keys: %w(/home/rlisowski/.ssh/id_rsa), -# forward_agent: false, -# auth_methods: %w(password) -# } -# and/or per server -# server 'example.com', -# user: 'user_name', -# roles: %w{web app}, -# ssh_options: { -# user: 'user_name', # overrides user setting above -# keys: %w(/home/user_name/.ssh/id_rsa), -# forward_agent: false, -# auth_methods: %w(publickey password) -# # password: 'please use keys' -# } -# setting per server overrides global ssh_options - -BRANCH = ENV.include?('BRANCH') ? ENV['BRANCH'] : 'master' -set :branch, "#{BRANCH}" -set :deploy_to, "/srv/ontoportal/#{fetch(:application)}" -# install gems into a common direcotry shared across ui, api and ncbo_cron to reduce disk usage -set :bundle_path, '/srv/ontoportal/.bundle' -remove :linked_dirs, 'vendor/bundle' - -# private git repo for configuraiton -# PRIVATE_CONFIG_REPO = ENV.include?('PRIVATE_CONFIG_REPO') ? ENV['PRIVATE_CONFIG_REPO'] : 'git@github.com:your_org/private-config-repo.git' - -# location of local configuration files -LOCAL_CONFIG_PATH = ENV.include?('LOCAL_CONFIG_PATH') ? ENV['LOCAL_CONFIG_PATH'] : '/srv/ontoportal/virtual_appliance/appliance_config' diff --git a/config/deploy/production.rb b/config/deploy/production.rb deleted file mode 100644 index c84d24ea..00000000 --- a/config/deploy/production.rb +++ /dev/null @@ -1,39 +0,0 @@ -# Simple Role Syntax -# ================== -# Supports bulk-adding hosts to roles, the primary -# server in each group is considered to be the first -# unless any hosts have the primary property set. -# Don't declare `role :all`, it's a meta role -role :app, %w{deploy@example.com} -role :web, %w{deploy@example.com} -role :db, %w{deploy@example.com} - -# Extended Server Syntax -# ====================== -# This can be used to drop a more detailed server -# definition into the server list. The second argument -# something that quacks like a hash can be used to set -# extended properties on the server. -server 'example.com', user: 'deploy', roles: %w{web app}, my_property: :my_value - -# you can set custom ssh options -# it's possible to pass any option but you need to keep in mind that net/ssh understand limited list of options -# you can see them in [net/ssh documentation](http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start) -# set it globally -# set :ssh_options, { -# keys: %w(/home/rlisowski/.ssh/id_rsa), -# forward_agent: false, -# auth_methods: %w(password) -# } -# and/or per server -# server 'example.com', -# user: 'user_name', -# roles: %w{web app}, -# ssh_options: { -# user: 'user_name', # overrides user setting above -# keys: %w(/home/user_name/.ssh/id_rsa), -# forward_agent: false, -# auth_methods: %w(publickey password) -# # password: 'please use keys' -# } -# setting per server overrides global ssh_options diff --git a/config/deploy/staging.rb b/config/deploy/staging.rb new file mode 100644 index 00000000..47b158ae --- /dev/null +++ b/config/deploy/staging.rb @@ -0,0 +1,17 @@ +# Simple Role Syntax +# ================== +# Supports bulk-adding hosts to roles, the primary +# server in each group is considered to be the first +# unless any hosts have the primary property set. +# Don't declare `role :all`, it's a meta role +role :app, %w{stageportal.lirmm.fr} +role :db, %w{stageportal.lirmm.fr} # sufficient to run db:migrate only on one system +set :branch, ENV.include?('BRANCH') ? ENV['BRANCH'] : 'stage' +# Extended Server Syntax +# ====================== +# This can be used to drop a more detailed server +# definition into the server list. The second argument +# something that quacks like a hash can be used to set +# extended properties on the server. +#server 'example.com', user: 'deploy', roles: %w{web app}, my_property: :my_value +set :log_level, :error diff --git a/config/deploy/test.rb b/config/deploy/test.rb new file mode 100644 index 00000000..fcbe1efc --- /dev/null +++ b/config/deploy/test.rb @@ -0,0 +1,17 @@ +# Simple Role Syntax +# ================== +# Supports bulk-adding hosts to roles, the primary +# server in each group is considered to be the first +# unless any hosts have the primary property set. +# Don't declare `role :all`, it's a meta role +role :app, %w{testportal.lirmm.fr} +role :db, %w{testportal.lirmm.fr} # sufficient to run db:migrate only on one system +# Extended Server Syntax +# ====================== +# This can be used to drop a more detailed server +# definition into the server list. The second argument +# something that quacks like a hash can be used to set +# extended properties on the server. +#server 'example.com', user: 'deploy', roles: %w{web app}, my_property: :my_value +set :log_level, :error +set :branch, ENV.include?('BRANCH') ? ENV['BRANCH'] : 'test'