Open pnispero opened 1 week ago
Question 1 How is remote deployment going to work? in this case remote means pushing to anywhere but s3df dev, so like lcls, or facet.
User goes through CLI, CLI parses the deployment manifest, then CLI won't call the playbook directly like local deployments, instead
CLI checks to see if the tag that the user wants to deploy has been approved? but assuming tags are made automatically after a pull request has been approved, then should the CLI still check? how would it check?
CLI will api call to backend to start a container as 'adbuild', and that container will have the logic to api call to artifact api to get the build results (tarball) for specified component/tag. the container then calls the ioc deployment playbook.
OR same as option 2, but instead of a container, the backend can do the steps
OR the CLI look into the artifact storage itself and grab it. (This would be duplicating logic, one at CLI and one at artifact api, no good).
Question 2 for the deploy configuration, is that something that will be pushed to the repo? or just user space? if someone wants to change the versions for iocs in an app, would they need to make changes to the deploy config, then push this change, and go through build system and tag a new version, when nothing actually changed in code? should we have a 'current' version that users can specify?
Update - Were going to deploy remotely using containers
adbuild
. Then we can create the ssh key one time for adbuild
. adbuild
, and anytime we run the deplyoment container, we will mount the private key (which we can keep in k8s vault). That solves SSH into remote machine.execution environment
which is basically ansible in a container https://docs.ansible.com/ansible/latest/getting_started_ee/index.html. So looking to use that as the base image instead of making our own from scratchQuestion:
Need adbuild
user account on all the facilties (where do we request?) This way I can test the full deployment with ssh.
Another thing to tackle
look into how we implement
ad-build-test
organization authrozied the core-build-system backend as a Github App
which utilizes OAuth
.
Build and deploy build results for an IOC app - Remote/Production
Building build results
Deploying build results
TODO Tasks:
<os>:dev
and<os>:latest
once finished with this feature. with new build_deploy_scripts/PLAY [all] *****
TASK [Gathering Facts] ***** ok: [localhost]
PLAY [Initial IOC Deployment] **
TASK [Create component directory at /sdf/group/ad/eed/lcls/epics/iocTop/test-ioc] *** changed: [localhost]
TASK [Create ioc directory at $IOC /sdf/group/ad/eed/lcls/epics/iocCommon/] ***
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocCommon - test-ioc-1)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocCommon - test-ioc-2)
TASK [Create sym link /sdf/group/ad/eed/lcls/epics/iocCommon//iocSpecificRelease to point to /sdf/group/ad/eed/lcls/epics/iocTop/test-ioc/] ***
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocCommon/test-ioc-1/iocSpecificRelease -> /sdf/group/ad/eed/lcls/epics/iocTop/test-ioc/test-ioc-1.0.0)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocCommon/test-ioc-2/iocSpecificRelease -> /sdf/group/ad/eed/lcls/epics/iocTop/test-ioc/test-ioc-1.0.0)
TASK [Create ioc directory in /sdf/group/ad/eed/lcls/epics/iocData/] **
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData - test-ioc-1)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData - test-ioc-2)
TASK [Create multiple data directories in /sdf/group/ad/eed/lcls/epics/iocData/] ***
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-1 - archive)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-1 - autosave)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-1 - autosave-req)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-1 - iocInfo)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-1 - restore)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-1 - yaml)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-2 - archive)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-2 - autosave)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-2 - autosave-req)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-2 - iocInfo)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-2 - restore)
changed: [localhost] => (item=/sdf/group/ad/eed/lcls/epics/iocData/test-ioc-2 - yaml)
TASK [Add startup.cmd/st.cmd for the IOC at /sdf/group/ad/eed/lcls/epics/iocCommon/] ***
failed: [localhost] (item=== ADBS == test-ioc-1) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "test-ioc-1", "value": "test-ioc-1.0.0"}, "msg": "== ADBS == UNFINSHED. Please do this step manually."}
failed: [localhost] (item=== ADBS == test-ioc-2) => {"ansible_loop_var": "item", "changed": false, "item": {"key": "test-ioc-2", "value": "test-ioc-1.0.0"}, "msg": "== ADBS == UNFINSHED. Please do this step manually."}
TASK [== ADBS == Continue despite previous error] ** ok: [localhost] => { "msg": "Startup.cmd automation is unfinished, please create the startup.cmd manually." }
PLAY [Deploy app, and update envPaths] *****
TASK [Extract build results to '/sdf/group/ad/eed/lcls/epics/iocTop/test-ioc'] *** changed: [localhost]
TASK [Update envPaths (call cram script for this) '{{ facility }}'] **** changed: [localhost]
PLAY [Normal IOC Deployment] ***
TASK [Update sym link /sdf/group/ad/eed/lcls/epics/iocCommon//iocSpecificRelease to point to /sdf/group/ad/eed/lcls/epics/iocTop/test-ioc/] ***
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'user_src_repo == None' failed. The error was: error while evaluating conditional (user_src_repo == None): 'user_src_repo' is undefined\n\nThe error appears to be in '/build/ioc_module/normal_ioc_deploy.yml': line 18, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: 'Update sym link {{ ioc_link_folder }}//iocSpecificRelease to point to {{ ioc_release_folder }}/{{ component_name }}/'\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - \"{{ foo }}\"\n"}
PLAY RECAP ***** localhost : ok=9 changed=7 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0
[WARNING]: Cannot set fs attributes on a non-existent symlink target. follow should be set to False to avoid this. Playbook execution finished with return code: 2 $ sleep to keep container alive for debug pnispero@PC100942:~$