Automation scripts for twistedmatrix.com
Python JavaScript CSS HTML DIGITAL Command Language Shell Other
Latest commit c297ffc Mar 26, 2017 @glyph glyph here goes nothing

README.md

A very work-in-progress library of fabric stuff for deploying twisted infrastrucutre. The immeidate goal is to be able to redeploy everything from cube onto dornkirk.

This package is a library of tools for deploying individual services. It also currently contains a fabfile for global configuration of dornkirk.

The idea is that each individual service (e.g., t-names, www-data, trac, buildbot) will have a configuration repo with a fabfile that uses braid to deploy itself on a given machine.

Currently Supported Services

  • amptrac
  • t-names
  • t-web
  • buildbot (buildmaster)
  • buildslave
  • codespeed
  • kenaan
  • hiscore
  • trac
  • mailman

Server Dependencies

braid currently assumes that it is being run against a ubuntu server (precise).

It requires that the universe component be enabled, as well sudo.

Usage Notes

Fabric configuration is located at braid/settings.py.

# Get the code
$ git clone https://github.com/twisted-infra/braid

Some notable commands:

# Add keys from file to remote user
$ fab users.uploadKeyFile:<user>,<keyfile>
# Add keys from launchpad to remote user
$ fab users.uploadLaunchpadKeys:<user>[,<launchpadUser>]
# Install base packages, and ssh config
$ fab base.bootstrap

There are some tools to help specifying which machines to target.

# Install against dornkirk
$ fab config.production

There is a sample testing.env that can be put in ~/.config/braid/. Any files matching *.env are accessible via

$ fab config.testing

Service configuration conventions

Directory structure

Each service has its own directory under /srv.

Users, groups and privileges

Each service runs as its own system user and owns his root directory (i.e. /srv/<service>). Each service user has to be part of the service group. Any ssh-key that can be used to authenticate as root can also be use to authenticate as any use in the service group.

Init scripts

Most service provide scripts to start and stop the service in ~/bin.

Available tools

How to start/stop/restart services

Each service has its own Fabric namespace. Actions are available as part of each namespace. For example, the dns service can be started, stopped, and restarted as follows:

fab dns.start
fab dns.stop
fab dns.restart

How to update existing services

Similarly as done for managing the running states, an update task lives in each service namespace. It can be run as follows:

fab dns.update

Note that this will restart the service after updating.

How to install new services

A service which was just added to the fabfile can be installed by running its install task:

fab dns.install

Note, however, that while the previous actions did not require root privileges, installing a new service requires to be able to sudo to root. This is needed to create the necessary users, install additional packages and create the base environment.

Managing secrets

A private repository, protected by git secret is used to store the sensitive data for the Twisted infrastructure.

The private repository is located at: https://github.com/twisted-infra/twisted-infra-secret

Since git secret don't support submodules, you will need to clone the twisted-infra-secret repo and git secret reveal it in a directory which is a sibling of the braid base clone directory.

Make sure you pull and reveal the changes before running in production. Make sure you push and hide your changes mode in production.

style-notes

Things that want to root want to be run with sudo, and files put with use_sudo. When dealing with things that want to be run as other users, run should be used, and a ssh connection as that user (with settings(user='user') or the like. braid.base.sshConfig sets things up so anybody with root keys can log-in as any user in the service group.

Vagrant

Vagrant 1.7+ and Ansible 1.9+ is required to use the Vagrant image.

There is Vagrantfile provided with braid, that will set up a staging server. It uses the address 172.16.255.140, and there is a braid config named vagrant that connects to it by default.

# Start the VM
vagrant up
# In case you already have a VM, re-provision it using:
vagrant provision
# New VMs should be initialized using:
fab config.vagrant base.bootstrap
# Run the braid commands using:
fab config.vagrant COMMAND

The following ports are in use on the Vagrant VM, listed here for easy discovery and to avoid conflicts:

  • 80 - Twisted Web
  • 8000 - Buildmaster redirection placeholder (port 80 in production)
  • 8080 - Buildmaster WebStatus
  • 9987 - Buildmaster slave listener