From Wikitech
Jump to: navigation, search

For information about deploying new software with Scap3 see the Scap3 Deployment Guide.

For information about migrating existing services from Trebuchet to Scap3 see the Scap3 Migration Guide

Scap3 Documentation

This is a collection of some of the documentation contained in the commit messages of merged commits that were part of the 'scap3' sprint. They are collected here for ease of access and search-ability.

The primary documentation for scap can be found in the form of auto-generated html docs, see scap documentation index.

Basic Use

The first step to deploying new code from the deployment_host is to use git to bring the repository on the deployment host into the state that you want deployed to your targets.

Once the repository state is correct, use the deploy command to release the finished code use: scap deploy -v

deployer@tin:/srv/deployment/foo/deploy$ scap deploy
20:46:12 Started deploy_foo/deploy
Entering 'foo'
:* scap-target-07
:* scap-target-08
:* scap-target-09
:* scap-target-04
:* scap-target-05
:* scap-target-06
:* scap-target-10
:* scap-target-01
:* scap-target-02
:* scap-target-03
deploy_foo/deploy_config_deploy: 100% (ok: 10; fail: 0; left: 0)
deploy_foo/deploy_fetch: 100% (ok: 10; fail: 0; left: 0)
deploy_foo/deploy_promote: 100% (ok: 10; fail: 0; left: 0)
20:46:42 Finished deploy_foo/deploy (duration: 00m 29s)

Service Checks

NRPE checks

nrpe check type for reusing existing Icinga/NRPE checks in deployments.

By default, checks are loaded and registered from all NRPE definitions in /etc/nagios/nrpe.d and can be referenced in checks.yaml using type: nrpe.

    type: nrpe
    command: check_service_endpoints
    stage: promote

Config Deployments

What happens on tin

  • Looks for environment-specific ./scap/config-files.yaml with target files in the format:
  template: env-specific-template.yaml.j2
  remote_vars: /optional/remote/variable/file.yaml
  • Looks for environment-specific ./scap/vars.yaml that includes variables used to render the template. These variables will be overridden by any conflicting variables in the file specified by remote_vars
  • Variables from any environment-specific vars.yaml file are combined with variables from the root vars.yaml file.
  • A json file is created at [repo]/.git/config-files/[revision].json that contains the final path to any environment-specific templates as well as a final list of combined variables.

What happens on targets

  • Download the file from tin/[repo]/.git/config-files/[revision].json
  • Loop through the config files, and render each template using the variables from the downloaded json file and the variables from the (now) local remote_vars file
  • Links rendered file (in [repo]/.git/config-files/[path]) to final location

Grouping and Filtering deployment targets

Filter deploy hosts with --limit-hosts

--limit-hosts or -l accepts a pattern in one of the following formats:

  • ~[regex] - if the pattern starts with ~ it is interpreted as a regular expression, this is not combined with any other option
  • ![pattern] - can be combined with any other pattern to negate that pattern. May be combined with other pattern matching options.
  • host[01:10] - range matching, works for ascii chars and numbers, including numbers with a leading 0, may be combined with other pattern-matching options.
  • host* - Matches 0 or more characters in the set A-z, '_', '.', or '-'. May be combined with other pattern matching options. This pattern is applied to the dsh_targets file to return a sub-set of hosts to use as a deployment target.

Deployment groups

This feature was introduced in differential revision D16

In addition to the dsh_targets config variable, scap looks for multiple [anything]_dsh_targets config variables. This enables canary_dsh_targets.

All additional deployment groups will be executed before the primary deployment group (defined by the dsh_targets variable).

Additionally, checks now can be scoped to a specific deployment group using:

    stage: promote
    group: dsh-group-name
    command: touch /tmp/hi-there

The group name is optional in a check. If not group name is specified, check runs for all deploy groups.

Structured Logging


This feature was introduced in differential revision D18

The main deploy application now sends all structured log output to a file under scap/log/{git-tag}.log which the new deploy-log utility can tail and filter using a given free-form expression. By default the latter utility will periodically scan the scap/log directory for new files and immediately begin tailing them. It can also be given an explicit log file to parse via the --file option or the latest log file by using --latest; in this case, it will simply filter the entire file for matching records and exit.


Tail behavior

  • Run deploy-log {expr}
  • Run deploy in a separate terminal
  • Verify that **deploy-log** in the first terminal starts reading the new log file. It should say -- Opening log file: {file}.
  • Verify that only log messages matching the given expression are output.

Latest log file behavior

  • Run deploy.
  • Run deploy-log -l {expr}
  • Verify that only log messages from the latest log file matching the given expression are output.

Single log file behavior

  • Run deploy a couple of times.
  • Run deploy-log -f {log-file} {expr}
  • Verify that only log messages from the given log file matching the given expression are output.

Debian package

The Debian package for scap can be built with git-buildpackage. More specifically for production the standard procedure is to have a Debian source package built with gbp buildpackage -us -uc -S and then have the package built with DIST=trusty sudo -E cowbuilder --build scap_VERSION.dsc. To upload the resulting package to e.g. trusty-wikimedia: reprepro -C main --ignore=wrongdistribution include trusty-wikimedia CHANGES_FILE. Note that the package for trusty works the same on jessie and stretch too, so it can be copied with reprepro: reprepro -C main copy jessie-wikimedia trusty-wikimedia scap and reprepro -C main copy stretch-wikimedia trusty-wikimedia scap