A very work-in-progress library of fabric stuff for deploying twisted infrastrucutre. The immeidate goal is to be able to redeploy everything from cube onto dornkirk.
This package is a library of tools for deploying individual services. It also currently contains a fabfile for global configuration of dornkirk.
The idea is that each individual service (e.g., t-names, www-data, trac, buildbot) will have a configuration repo with a fabfile that uses braid to deploy itself on a given machine.
Currently Supported Services
- buildbot (buildmaster)
braid currently assumes that it is being run against a ubuntu server (precise).
It requires that the
universe component be enabled, as well
Fabric configuration is located at
# Get the code $ git clone https://github.com/twisted-infra/braid
Some notable commands:
# Add keys from file to remote user $ fab users.uploadKeyFile:<user>,<keyfile> # Add keys from launchpad to remote user $ fab users.uploadLaunchpadKeys:<user>[,<launchpadUser>]
# Install base packages, and ssh config $ fab base.bootstrap
There are some tools to help specifying which machines to target.
# Install against dornkirk $ fab config.production
There is a sample
testing.env that can be put in ~/.config/braid/.
Any files matching *.env are accessible via
$ fab config.testing
Service configuration conventions
Each service has its own directory under
Users, groups and privileges
Each service runs as its own system user and owns his root directory (i.e.
Each service user has to be part of the
Any ssh-key that can be used to authenticate as root can also be use to authenticate as any use in the
Most service provide scripts to start and stop the service in
How to start/stop/restart services
Each service has its own Fabric namespace. Actions are available as part of each namespace. For example, the
dns service can be started, stopped, and restarted as follows:
How to update existing services
Similarly as done for managing the running states, an
update task lives in each service namespace. It can be run as follows:
Note that this will restart the service after updating.
How to install new services
A service which was just added to the fabfile can be installed by running its
Note, however, that while the previous actions did not require root privileges, installing a new service requires to be able to
This is needed to create the necessary users, install additional packages and create the base environment.
A private repository, protected by
git secret is used to store the sensitive
data for the Twisted infrastructure.
The private repository is located at: https://github.com/twisted-infra/twisted-infra-secret
git secret don't support submodules, you will need to clone the
twisted-infra-secret repo and
git secret reveal it in a directory
which is a sibling of the braid base clone directory.
Make sure you pull and reveal the changes before running in production. Make sure you push and hide your changes mode in production.
Things that want to root want to be run with
sudo, and files
When dealing with things that want to be run as other users,
run should be
used, and a ssh connection as that user (with
settings(user='user') or the like.
braid.base.sshConfig sets things up so anybody with root keys can log-in as any user in the
Vagrantfile provided with braid, that will set up a staging server.
It uses the address
172.16.255.140, and there is a braid config named
vagrant that connects to it by default.
# Start the VM vagrant up # In case you already have a VM, re-provision it using: vagrant provision # New VMs should be initialized using: fab config.vagrant base.bootstrap # Run the braid commands using: fab config.vagrant COMMAND
The following ports are in use on the Vagrant VM, listed here for easy discovery and to avoid conflicts:
- 80 - Twisted Web
- 8000 - Buildmaster redirection placeholder (port 80 in production)
- 8080 - Buildmaster WebStatus
- 9987 - Buildmaster slave listener