Redeploy specs.webplatform.org in new production environment

[renoirb]

Move from old DHO environment current scripts. Will automate in #104

Tasks

• Allow direct upload through rsync+ssh
• Allow to write files in where static files are written
• Create hostname for direct shell poking ...specs.webplatform.org
• Consider:
  • to support writing static file in same folder as where publican would if it were running. This way if it breaks, another person can rsync files directly too.
  • Using same owner:group ownership when rsyncing as what publican would use. It will prevent potential breakage by enforcing it.

[renoirb]

Needs to sync with @darobin on how to automate. Will work on it soon.

[renoirb]

Worked on initial deployment:

1. Copy around latest dist archive from /srv/code/packages/specs/dists/
2. rsync to server ONLY IF no /srv/webplatform/specs/index.html exists (i.e. VM is new) so that it doesnt overwrite in subsequent salt -G 'roles:specs' state.sls code

Also had to:

1. Found issue with error page that calls through non SSL fonts and would throw mixed content, made specific rewrite for now.

[renoirb]

@darobin, you can rsync code now to specs.production.wpdn at any time now :)

[renoirb]

I’ll change DNS records only when you are ready. Of course.

[renoirb]

UPDATE 2015-05-13: This is now invalid. We’ll use direct hostname instead rsync.specs.webplatform.org

Forgot to give public IP address you can use to test.

In your hosts file

173.236.255.113 specs.webplatform.org

But you MUST use specs.production.wpdn.

[renoirb]

@darobin I’d like to sync with you on how we’ll setup the GitHub hook. I’ve prepared a Docker runner for publican and also how to setup a hook system that can automate anything we need. This can be done easily, I just want to get your feeling about it before going any further.

[renoirb]

In relation to the Docker container, refer to #153

[renoirb]

• Created direct access SSH only vhost at rsync.specs.webplatform.org
• Created upstream-specs security group to allow rsync+ssh
• Allowed to upload files in /srv/webapps/publican, will have to be improved in Make sure webapps user on specs VM has ~/.authorized_keys #166
  • Upload static files via rsync+ssh to /srv/webapps/publican/data/publish
  • The same folder will be used either by publican when it generates files, OR somebody with access to rsync files directly

This feels dangerous as anybody with access can just write anything anywhere and make tamper manually with publican, and its configs. Letting this could prevent us to rebuild the service completely due to changes made directly.

It’ll do to suit the specific current request.

[renoirb]

Made the switch 24h ago.