-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deployment #31
Comments
/cc @sungraze |
So. Okay, let's fix the static files handling then. What do you mean by:
Why would we need to get the files out of the docker image at all? The idea of using images is so that they're self-contained, after all. As far as this is concerned:
...you do not have access to the production server. You have access to the testing server. Yes, there are other sites there, but backups are made daily and if anything goes wrong we can just revert stuff from the backup. Besides, @czesiekhaker is looking at ways of automating build on testing and production servers using a CI pipeline, but since it was not a priority up until now, it takes a bit of time. However, we need it for Weaving too, and potentially for other things, so it's actually a good thing we needed to dive into this now. The idea is for deploys to happen automagically after pushing to a given branch (say, |
Great, As mentioned before, I don't actually want to push for CI/CD. Tbh, I don't think OCCRP projects are there (most of the apps do not have tests or any sort of automation from what I know). I'd rather just have an automated provisioning process with a simple standard deployment method that doesn't include access to OS. A great example for my case is dokku. |
The CI pipeline will initially be used for deployment that indeed does not include access to OS. Once we have that up and running, we can later start using it for tests, once they start being written. I understand Heroku is familiar and convenient to you, but we need to review if it makes sense to set-up Dokku just to deploy ID2, or perhaps if it will be useful for our other software. That being said, while I sympathize with you on how annoying it must be to have to log-in to a server and issue 3 commands to deploy your code, I hope you can make this sacrifice for us while we look at how to set-up deploys in the long run. Thanks. |
What about the provisioning? If we will have to ask you every time to set the CI/CD for us than we are back to where we are now (like KEYCLOACK keys, database rollbacks/resets, new vhosts etc.) |
It is time-consuming and we need to automate this, yes. Reason why it hasn't yet is that 2 years ago Tech Team was 3 people. It was not worth it to invest time into that amount of automation. We've grown, we need to own up to that. Some things can be (semi-)easily automated, some not that much. For example, as far as Keycloak is concerned, while we can have test realms where developers have full admin privileges, obviously production will always be a bit of a different world. Database rollbacks/resets (and perhaps ) certainly can and should be automated, at least in testing/staging. New vhosts -- that's tricky due to TLS. We can automate certificate issuance (again, on the ToDo list), but changes to nginx configs will have to stay manual at least for some time. I know that this environment is more rigid than optimal for quick development, but it is so not without reasons. There are very concrete security considerations we have to take into account. We are not a random startup on Teh Intertubes building an smart juicer, we're dealing with data that can potentially put sources in jeopardy. And we have to think not only about data "leaking", but also being subpoenaed. That's why we avoid many of the convenient options, like Heroku. Finally, the devops/sysops team has to grow, and is already growing. Having said all that, perhaps I am missing something, but I do not see a lot of new services being provisioned. We're not even talking 3 new vhosts per month. So I have to ask, are we expecting a sudden spike in provisioned services? |
I added some instructions to the readme file. I'm leaving this ticket up to @rysiekpl |
Ah, great! Thank you! :) By the way, as far as static resources are concerned, this:
...could be moved to an entrypoint script. Or, if it doesn't touch any resources that only become available upon running the container (volume-mounted directories, database, etc), perhaps even into the Dockerfile. |
Yeah, we really need to have the volumes mounted before these two run. |
Right. Here's a first jab at I see that some of these are done already in the Dockerfile, right? Perhaps, since we need to do it at runtime anyway, it would make sense to remove that from the Dockerfile, thus shortening the build time. |
@rysiekpl I have some bad news. After we switched to the entrypoint feature, the deployment is now affected by docker/compose#3140 :( |
Why can't we have the CMD set in the |
Please see the upstream issue. It looks like it just doesn't work as expected. My biggest issue is when you try running |
Why are you using I understand the upstream issue. What I am saying is: you can have the command set in the |
Ok, I don't get it. I see the command is set in both
...and that no entrypoint is explicitly set in these files. How is this related to the issue you linked to? What exactly are you trying to do and what is the problem? |
Migrations.
The version from master with the @rysiekpl sorry for all the headache, but I'm just reporting what I find. Trust me, there's nothing magical that I'm trying to do here :| |
Right.
Is this something on-topic? Should we add In general if you need to run a command inside the container, use:
For example:
|
For the record, there was a problem with the command not being passed to the This has been fixed by 5957fde |
With the adoption of Rancher this is no longer an issue. |
Hi,
we have an issue with the deployment of the app.
Basically, the way static files are handled right now, it's a pain!
Even though the app, bundles the static files and builds them, there's no easy way to get those files out of the container in a sane way.
Also currently the overall deployment process is not smooth at all (and me having access to the server with all the websites doesn't make me sleep better, if you know what I mean 🛐 )
I dream of having an automated build process, one command step. Something like Heroku would be lovely!
This is an open conversation btw...
Thanks
/cc @rysiekpl @pudo
The text was updated successfully, but these errors were encountered: