130 lines
5.4 KiB
Markdown
130 lines
5.4 KiB
Markdown
# New Sysdb Deployment Environment
|
|
|
|
## Introduction
|
|
|
|
Deploying a new environment requires the following:
|
|
1. Configuring the environment in **bob**
|
|
2. Configuring the environment in GIT (`https://git.psi.ch/linux-infra/hiera`)
|
|
- Environment format: `data-<environment_name>`
|
|
- And change permissions accordingly
|
|
- Configure the necessary webhooks for the Puppet and Sysdb server
|
|
3. Configuring the environment in Puppet (e.g. `puppet01.psi.ch`)
|
|
|
|
## Configuring the environment in sysdb
|
|
|
|
Bob allows to create a new environment in `sysdb` by using the `bob env` option.
|
|
You must have permissions to do that.
|
|
|
|
|
|
You must belong to the `sysdb-admins` group that is actually
|
|
configured on the local `/etc/group` file. A migration to Active
|
|
Directory should be done for that group.
|
|
|
|
To list current defined environments run
|
|
|
|
bob env list
|
|
|
|
To add a new environment, run
|
|
|
|
bob env add <environment_name> <owner> <admin_group> "<description>"
|
|
|
|
In example, for the MeG cluster
|
|
|
|
bob env add meg caubet_m unx-hpc_adm "MeG Cluster"
|
|
|
|
### Test new environment in BOB
|
|
|
|
In order to test that environment was successfully created
|
|
|
|
bob env list | grep <environment_name>
|
|
|
|
An example
|
|
|
|
caubet_m@caubet-laptop:~/GIT/admin-guide/deployment$ bob env list | grep meg
|
|
meg caubet_m unx-hpc_adm MeG Cluster
|
|
|
|
|
|
## Configuring the environment in GIT
|
|
|
|
You must belong to the `unx-puppet_adm` Active Directory group in order to be able to create new projects.
|
|
|
|
In order to create a new environment in **GIT**, you should access and login in the following link: https://git.psi.ch/linux-infra/hiera/.
|
|
Here you can see the different environments.
|
|
|
|
The steps to create and configure a new **GIT** project are:
|
|
|
|
1. Create a new project (environment) in the `hiera` group. It can be done here: https://git.psi.ch/projects/new?namespace_id=1738
|
|
|
|
- Click `[Create blank project]`
|
|
- Define `[Project name]`, which *must* have the format `data-<environment_name>` where `<environment_name>` is the one defined in **Bob**
|
|
- Specify `[Visibility Level]`: Should be `Internal` or `Private`
|
|
- Remove the tick `[Initialize repository with a README]`.
|
|
|
|
2. Configure project permissions as follows:
|
|
|
|
- `[data-<environment_name]->[Settings]->[Repository]`, or directly: https://git.psi.ch/linux-infra/hiera/data-(environment_name)/-/settings/repository
|
|
- Enable already registered deploy key: `[Deploy Keys]` -> `[Privately accessible deploy keys]` -> select `root@puppet01'` -> click on `'Enable'`
|
|
- `[data-<environment_name]->[Manage]->[Members]`, or directly: https://git.psi.ch/linux-infra/hiera/data-(environment_name)/project_members
|
|
- Setup specific permissions for specific users or groups. In example:
|
|
- Set project `Maintainer`:
|
|
- `[Select members to invite]` (`caubet_m`) + `[Choose a role permission]` (`Maintainer`) + `[Add to project]`
|
|
- Set other roles:
|
|
- `[Select members to invite]` (`dorigo_a`) + `[Choose a role permission]` (`Developer`) + `[Add to project]`
|
|
- `[data-<environment_name]->[Settings]->[Webhooks]`, or directly: https://git.psi.ch/linux-infra/hiera/data-(environment_name)/-/hooks
|
|
- Add WebHooks as follows:
|
|
- `[URL]`: http://puppet01.psi.ch/events/dataupdate
|
|
- `[URL]`: http://sysdb.psi.ch/events/dataupdate
|
|
- (Checked) `[Push events]`. Uncheck the rest.
|
|
- `[SSL verification]` -> (uncheck) `[Enable SSL verification]`
|
|
- Confirm information from above, and click on `[Add webhook]` to add the new WebHook.
|
|
|
|
### Test new environment in GIT
|
|
|
|
In order to test that environment was successfully created
|
|
|
|
git clone git@git.psi.ch:linux-infra/hiera/data-<environment_name>.git
|
|
|
|
An example
|
|
|
|
caubet_m@caubet-laptop:~/GIT$ git clone git@git.psi.ch:linux-infra/hiera/data-meg.git
|
|
Cloning into 'data-meg'...
|
|
X11 forwarding request failed
|
|
warning: You appear to have cloned an empty repository.
|
|
|
|
## Configuring the environment in Puppet server
|
|
|
|
In [bootstrap](https://git.psi.ch/linux-infra/bootstrap) add the new repo to `instcode/puppet/puppet_server/manifests/data.pp` and run the bootstrap for the Puppet server. Note that before this can be rolled out `master` branch needs to exist on `git.psi.ch`.
|
|
|
|
## Configuring the environment in Sysdb Server
|
|
|
|
In [bootstrap](https://git.psi.ch/linux-infra/bootstrap) add the new repo to the suitable inventory file (eg. `ansible/inventory.yaml` for production) and run the playbook for the Sysdb server. Note that before this can be rolled out `master` branch needs to exist on `git.psi.ch`.
|
|
|
|
## Test new environment in Puppet
|
|
|
|
In order to test that environment was successfully created
|
|
|
|
git clone git@git.psi.ch:linux-infra/data-<environment_name>.git
|
|
|
|
Add a new file <environment_name>.yaml in to the project:
|
|
|
|
cd data-<environment_name>
|
|
touch <environment_name>.yaml
|
|
git add <environment_name>.yaml
|
|
git commit -a -m "Added first empty file"
|
|
git push
|
|
|
|
After a few seconds (needs time to trigger the change), check in `puppet01.psi.ch:/srv/puppet/data/<environment_name>` that file was successfully triggered (copied) to the puppet server from **GIT**
|
|
|
|
ssh root@puppet01.psi.ch ls /srv/puppet/data/<environment_name>/<environment_name>.yaml
|
|
|
|
Full real example:
|
|
|
|
git clone git@git.psi.ch:linux-infra/data-meg.git
|
|
cd data-meg
|
|
touch meg.yaml
|
|
git add meg.yaml
|
|
git commit -a -m "Added first empty file"
|
|
git push
|
|
sleep 5
|
|
ssh root@puppet01.psi.ch ls /srv/puppet/data/meg/meg.yaml
|