noggin icon indicating copy to clipboard operation
noggin copied to clipboard

Published 20 hours ago verified publisher icon fedora-infra

(M/L) As a AAA developer I want Continuous Deployment to the staging environment so that I can easily test/demo new features

Open ryanlerch opened this issue 4 years ago • 17 comments

Acceptance Criteria

  1. Openshift project is created in staging
  2. Configuration and Secrets are managed in ansible
  3. Application is build from git
  4. Every commit on the staging branch triggers a new build and deployment in OpenShift DOD:
  • All AC completed above
  • Team review

Initially filed as: https://github.com/fedora-infra/freeipa-fas/issues/15

ryanlerch avatar Jan 09 '20 11:01 ryanlerch

As discussed in yesterday's standup, @relrod thinks the codebase is not mature enough to deploy to staging, and suggests using CommuniShift.

It just occured to me that if the codebase is not mature enough for staging, maybe this User Story should be put back in the backlog because we are not ready to work on it. Deploying an early version to CommuniShift and then doing the work again for staging doesn't seem like the best use of our time.

abompard avatar Jan 17 '20 09:01 abompard

Deploying an early version to CommuniShift and then doing the work again for staging doesn't seem like the best use of our time.

I'd actually argue otherwise. Deploying to communishift gets us a few benefits:

  • We learn of any issues getting this running on OpenShift. (There shouldn't be, but who knows?)
  • We have an always-online dev environment that we can point to and play with and test against.
  • Once we know how the communishift deployment goes, getting it working on staging should almost be trivial since we'll know what to expect.
  • It's less confusing if someone finds it for now because it's not on a *.fedoraproject.org domain
  • We can't use the staging IPA server anyway because it's still EL7 and we're blocked on changing that until EL 8.2 comes out (unless we make a Fedora IPA staging server)

relrod avatar Jan 17 '20 15:01 relrod

OK that makes sense.

abompard avatar Jan 17 '20 16:01 abompard

Thanks all, so we are deploying to CommunuiShift. As we come to an end of this sprint it may need to pulled into the next, if that makes sense

sfinn85 avatar Jan 20 '20 13:01 sfinn85

OK, I have setup securitas in CommuniShift, but to make it work I need a FreeIPA instance. I have tried setting that up in CommuniShift too, but the FreeIPA container requires running as root, and the CommuniShift policy does not allow that. @relrod suggested that we could run another FreeIPA instance in EC2, but I have never used EC2 nor Fedora's account on it. I'm OK with keeping working on that aspect but somebody with more EC2 experience would go much faster than me, and I'll need help if I'm to learn that stack. Volunteers? Or at least pointers to start with? Thanks.

abompard avatar Jan 29 '20 11:01 abompard

Hi @abompard Can you reach out to the wider cpe team on mail or on google chat channel to see if someone can assist, if team members on this team are unsure?

sfinn85 avatar Jan 30 '20 16:01 sfinn85

Email sent an hour ago.

abompard avatar Feb 03 '20 16:02 abompard

Thanks for update

sfinn85 avatar Feb 03 '20 17:02 sfinn85

Free IPA - deploy ( alternative way needed ) Waiting for a reply on CPE list - follow up 2/5/20 if no ans

sfinn85 avatar Feb 04 '20 09:02 sfinn85

Sprint 3 planning update: Free IPA - Rick gave access that may work. ( Unknown - but hopefully nothing major ) M

sfinn85 avatar Feb 06 '20 09:02 sfinn85

Just adding update from daily stand up: Need Free IPA instance somewhere to test. @abompard has not received access. @relrod can you follow up CPE list discussion takes place about making an instance that will produce, email sent, Kevin responded so hopefully we will get this unblocked.

sfinn85 avatar Feb 10 '20 10:02 sfinn85

I have this on my list to create/setup this week.

If it's blocking/more urgent, please do let me know.

nirik avatar Feb 12 '20 18:02 nirik

Thanks a mill @nirik really appreciate it. It is blocking Aurelien from progressing with the remaining work that needs to be done once access is given but I am not sure if its more urgent now then it was originally? What are your thoughts @abompard

sfinn85 avatar Feb 12 '20 18:02 sfinn85

ok, so I looked more at this. What OS do you need? I was going to do centos 8.1, but there's a pile of odd images in aws for it. I asked our CentOS folks, who pointed me to a .qcow, but thats going to be a pain to import. So options:

  • Just do fedora 31 on it - This is easiest, but might not be the same as staging/prod.
  • Find/get a CentOS 8.1 for it - I can do this, but need to know if it's worth the effort.
  • Use RHEL8.1 for it - but then we have to deal with subscriptions on it, which might be anoying on a development server.

Thoughts?

nirik avatar Feb 12 '20 20:02 nirik

I would be fine with F31, since it's for development purposes, as long as I can install the same version of FreeIPA there that is going to be in staging/prod.

abompard avatar Feb 13 '20 09:02 abompard

ok. I have created a f31 instance and put your ssh key on it. Let me know if you have any problems with it, need more resources, etc.

nirik avatar Feb 13 '20 20:02 nirik

Oh, and I mailed @abompard privately the access info.

nirik avatar Feb 13 '20 20:02 nirik