feat(research): Create staging-1 server with auto wiping database #1530
Conversation
Signed-off-by: Victor Bustamante <[email protected]>
Signed-off-by: Victor Bustamante <[email protected]>
ENG-692 Refactor our deployment strategy
|
👷 Deploy request for system-init-corp pending review.A Netlify team Owner will need to approve the deploy before you can run your build. Are you a team Owner? Visit the deploys page to approve it → Need more help? Learn more in the Netlify docs →
|
| apt update | ||
| apt install -y postgresql-client |
There was a problem hiding this comment.
Where are these commands ran?
There was a problem hiding this comment.
They run inside of the container that is going to be affected. Since we're running everything on debians (rust's default docker images use it as a base) this is safe, but it does feel a bit hack-ish
| - "${DOCKER_CONFIG:-~/.docker/config}:/config.json:ro" | ||
| command: --interval 30 --label-enable | ||
| - "${DOCKER_CONFIG:-~/.docker/config.json}:/config.json:ro" | ||
| command: --interval 10 --label-enable |
There was a problem hiding this comment.
| # Note(victor): This is not vital but is necessary. I will not be taking questions at this time. | ||
| - name: layer-vim.service | ||
| enabled: true | ||
| contents: | | ||
| [Unit] | ||
| Description=Install Vim | ||
| Wants=network-online.target | ||
| After=network-online.target | ||
|
|
||
| # We run before `zincati.service` to avoid conflicting rpm-ostree | ||
| # transactions. - https://docs.fedoraproject.org/en-US/fedora-coreos/os-extensions/ | ||
| After=layer-awscli.service | ||
| Before=zincati.service | ||
|
|
||
|
|
||
| [Service] | ||
| Type=oneshot | ||
| RemainAfterExit=yes | ||
| ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive --idempotent vim |
There was a problem hiding this comment.
Jokes aside, there may be a "system packages" step that evolves from the groundwork here. For instance, we will likely eventually want toolbox on here so that we don't have to do this on the host.
There was a problem hiding this comment.
This is very cool! I also feel like butane could make this simpler but the task that track this isn't very active sadly
|
bors merge |
|
Build succeeded: |
si-bors-ng
bot
deleted the
victor/eng-692-refactor-our-deployment-strategy
branch
This wraps up this iteration of the staging-1 work started on #1474
With the code contained here, a functional version of staging-1 can be brought up, loading most of the sensitive data (save only the database credentials, which proved a little harder to isolate) from AWS Secrets.
The only remaining issue is CoreOS' SELinux, which isn't easily disabled via terraform/butane. The method to disable it manually is documented in the README file.