Theme

Sandbox: How to Deploy a new Sandbox

Written by

in

Overview

The process for deploying a new sandbox droplet is initiated by a request from the QA team to create a new droplet for a new engineer. The QA engineer must provide their SSH key for access.

sandbox (2).jpg

Deployment Process

Step 1: Request and Preparation

  1. Request from QA: The QA team submits a request to create a sandbox droplet for a new engineer.

  2. SSH Key: The new QA engineer provides their public SSH key.

Step 2: Terraform Deployment

Terraform automates the creation of resources, including the droplet, DNS records, and assignment of a reserved IP. The reserved IP ensures the droplet remains accessible even if it is redeployed.

Steps:

Open projects/qa/terraform.tfvars file

  1. Add the QA engineer’s name to the qa_team variable list.

  2. Run Terraform to deploy the necessary resources:

    terraform plan
terraform apply

Terraform outputs the droplet name, IP address and DNS records after the deployment is complete.

Step 3: Update Ansible Configuration

Using Ansible ensures the droplet is always in the desired state, and any changes or redeployments are consistent with the predefined configuration.

Steps:

  1. Add the droplet name, IP and username to the ansible/hosts.ini file in the sandbox block.

    [sandbox]
test-sandbox-qa ansible_host=111.22.33.44 user=test

  2. Save the QA engineer’s public SSH key

    ansible/roles/system-user-mgmt/files/ssh/test.pub

Step 4: Run Ansible Playbook

Execute the sandbox-init.yml playbook with the specifying only a specific droplet

docker-compose run --rm ansible ansible-playbook sandbox-init.yml --limit test-sandbox-qa

This playbook performs the following:

  1. Updates the system on the droplet.

  2. Installs necessary tools and packages (e.g., docker, nginx).

  3. Generates SSL certificates using Certbot.

  4. Updates the NGINX configuration for each service (api, crm, talent, rockenjobs) with predefined conf files.

  5. Prepares the environment for application deployment:

    • Creates necessary directories:

    • Attaches the DigitalOcean S3 space to the system for storing database dumps and other files.

  6. Deploys the latest version of the deployment script (rocken_deploy).

Step 5: Finalization

  1. Add the new droplet IP address to the VPN configuration and restart it.

  2. Add the new droplet IP address (not Reserved IP) to the SendGrid Whitelist (Settings/IP Access Management)

  3. Provide the connection details (droplet IP, DNS records) to the QA team.

  4. The QA engineer connects to the droplet via SSH (VPN required) and runs the deployment script to build and deploy applications from the GitLab repository.

Security

  • VPN Access: Access to sandbox droplets and their DNS is restricted to connections through the corporate VPN, ensuring secure communication.

  • Reserved IP: Each droplet has a reserved IP for consistent access.

Summary

The process ensures:

  • Secure and consistent deployment using Terraform and Ansible.

  • Sandbox droplets are always in the required state for QA activities.

  • Simplified redeployment and configuration updates.

This workflow guarantees a reliable environment for QA engineers to perform their tasks efficiently and securely.

Comments

Leave a Reply

More posts