promote watch.ocaml.org to non-beta

[avsm]

watch.ocaml.org has been quite successful, and a great source of permanent storage for OCaml videos. It's time to promote it to a non-beta service:

• switch it to being deployed via docker service / the OCaml deployer service. (@mtelvers this was with you last I think?)
• ensure backups (tarsnap account for VM backups #14) are active for this VM (after previous is done).
• document the process of adding accounts/videos. It's a little confusing due to the ActivityPub integration meaning that the account appears in Mastodon clients rather than the full domain (@avsm/@patricoferris to discuss this in the new year).
• remove the banner saying 'beta service subject to change' (@avsm)

[mtelvers]

@avsm I have a WIP which has converted the current docker-compose.yml into Docker services deployable via an Ansible playbook. If we add it to deploy.ci.ocaml.org, what repository should we monitor? It would seem a waste to build the Dockerfile again, as it is already published. Did you have something else in mind?

[avsm]

Using the upstream Docker image is fine by me. It's just that we need to be careful with managing the volumes and the database state. For example, upgrading to 5.0.0 requires careful execution of the steps here: https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0

So we need to have some mechanism to snapshot the volumes so we can roll back if it all goes horribly wrong...

[avsm]

(To answer your question, I don't think it needs to monitor a repository -- making the service something that requires manual updating is fine by me. It would be nice if it could regularly, on a ocurrent-cron, just do a docker pull to get the latest version of the image as published on that version tag by upstream, so we get base images with security updates applied)

[mtelvers]

@avsm May I update the existing installation to 5.0.1?

I have cloned the current installation and tested the upgrade steps. You can check the results by adding this to your /etc/hosts:

128.232.124.150 watch.ocaml.org

The obvious difference I can see is that the occurrences of bactrian have been replaced by ocaml2021 or similar.

[mtelvers]

ocurrent/ocurrent-deployer#159 adds the two pipelines for this. The first runs a periodic backup by connecting to the machine over SSH and running tarsnap. The output is then visible via OCurrent Deployer. The second periodically pulls the production-bullseye tag of peertube and if it has changed, it updates the Docker service.

@avsm Please let me know if I can update to 5.0.1 as per my previous message so I can move this forward.

Example output via OCurrent Deployer for a backup job

2023-01-26 10:31.13: New job: tarsnap: ./tarsnap-backup.sh
2023-01-26 10:31.13: Waiting for confirm-threshold > above-average
2023-01-26 10:47.15: Explicit approval received for this job
2023-01-26 10:47.15: Exec: "ssh" "watch.ocaml.org" "./tarsnap-backup.sh"
tarsnap: Removing leading '/' from member names
                                       Total size  Compressed size
All archives                         235465364724     229511926270
  (unique data)                       38619268571      36902026959
This archive                          42824560863      41890652791
New data                                 17484329          5251335
2023-01-26 10:47.21: Job succeeded

[avsm]

@mtelvers go for it! My only slight worry here is to keep an eye on the tarsnap incremental backup size. In theory, it should be friendly for the video directory as its incremental, but it's worth keeping an eye on the tarsnap-list output to make sure that you can restore it using the key, and that the total size of the backup isn't growing linearly.

[mtelvers]

PeerTube has been updated to 5.0.1. The Docker service stack is now deployed via Ansible and is documented on infra.ocaml.org. The Docker container for PeerTube is updated on ocurrent deployer. The Tarsnap backup output is also available on ocurrent deployer

[avsm]

Nice one, @mtelvers! This looks great. I'll reconfigure the live service to remove the beta notice, then. Might you be able to describe the update above briefly on the infra blog so I can reference it from a discuss post, and then we can close this issue?

[mtelvers]

@avsm I have added a blog post describing the changes.

[avsm]

Beta tag removed, and https://watch.ocaml.org/about/instance updated with latest stuff (like links to CoC, how to request an account, maintainers). Will close this issue once I post to discuss about it.

[avsm]

Posted. https://discuss.ocaml.org/t/watch-ocaml-org-out-of-beta-and-a-call-for-new-videos/11561/2

Thanks for all the help @mtelvers!