{"id":22138972,"url":"https://github.com/cwaldbieser/config-deployer","last_synced_at":"2025-03-24T10:41:24.556Z","repository":{"id":50071083,"uuid":"172100970","full_name":"cwaldbieser/config-deployer","owner":"cwaldbieser","description":"Fabric scripts for deploying software configurations.","archived":false,"fork":false,"pushed_at":"2023-08-02T17:48:34.000Z","size":120,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-29T16:08:41.311Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cwaldbieser.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-02-22T16:46:16.000Z","updated_at":"2023-01-09T19:58:55.000Z","dependencies_parsed_at":"2023-02-08T13:45:52.808Z","dependency_job_id":null,"html_url":"https://github.com/cwaldbieser/config-deployer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fconfig-deployer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fconfig-deployer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fconfig-deployer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fconfig-deployer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cwaldbieser","download_url":"https://codeload.github.com/cwaldbieser/config-deployer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245256775,"owners_count":20585968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-01T20:13:07.964Z","updated_at":"2025-03-24T10:41:24.534Z","avatar_url":"https://github.com/cwaldbieser.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n============================\nTools for Deploying Software\n============================\n\nBased on the python Fabric tool.\n\nExample::\n\n [waldbiec@my-workstation]$ pipenv run ./deploy.py amqp_provisioners-config.yml local deploy-config\n\nThe deployment tools assumes a basic structure for the deployment configuration\nfile. It also assumes some other conventions unless you tell it otherwise in\norder to make configuring a deployment as simple as possible.\n\n-----------------------\nDeployment Config Files\n-----------------------\n\nThe deployment of each application varies a bit from app to app. As such, \nthere is some essential information that needs to be conveyed to the deployment\ntools so that it knows what to do with the software configuration and artifacts.\n\nA deployment configuration file is a YAML file with a particular structure.\n\n.. code-block:: yaml\n\n working-tree: /path/to/working/tree/myapp\n config-folder-perms: u=rx,go= # Optional (default u=rx,go=)\n config-file-perms: u=r,go= # Optional (default u=r,go=)\n secrets-file-name: secrets.yml # Optional (default :file:`secrets.yml`)\n targets:\n config-folder: /etc/myapp\n config-owner: apache # Optional (default root)\n config-group: apache # Optional (default same as config-owner)\n roles:\n # Role names are arbitrary. However, if you use the same names\n # for your repository branches, you don't need to specify the\n # branches explicitly. Roles are also known as \"stages\".\n dev:\n config-branch: dev # If not specified, assumes same name as role.\n # A role priority is an integer and may be negative (low priority) or\n # positive (high priority). If unspecified, it is assumed to be 0.\n # The priority is used if a host has multiple effective roles, but\n # a single role must be used to perform some mapping (e.g. the \n # source branch to use). The highest priority role will be used.\n priority: 0 \n # Target hosts is just a list of all the hosts on which the \n # configuration should be deployed.\n target-hosts:\n - host1.dev.example.org\n - host2.dev.example.org\n - host3.dev.example.org\n stage:\n target-hosts:\n - host1.stage.example.org\n - host2.stage.example.org\n - host3.stage.example.org\n prod:\n target-hosts:\n - host1.example.org\n - host2.example.org\n - host3.example.org\n\n------------------------\nDeploying Configurations\n------------------------\n\nThe structure of the git repository that holds the application configuration\nmust have some specific scaffolding.\n\nFirst, it is assumed that the configuration will have some properties that are\nsensitive and should *not* be stored in the repository in clear text. In order\nto keep these secret bits secret, the `git secret \u003chttp://git-secret.io/\u003e`_ \ntool is used to encrypt the secrets with symetric encryption ala GnuPG.\n\nBecause encrypting a file essentially removes some of the benefits of version\ncontrol, actual configuration files that would normally contain secrets in \nclear text are replaced with template files. The templates use the \n`Jinja2 \u003chttp://jinja.pocoo.org/docs/2.9/\u003e`_ template syntax. Placeholders\nare replaced with decrypted secrets at deployment time.\n\nAll the secrets for the configuration are placed in a single file in the root\nof the project called `secrets.yml`. This file should be encrypted with \n`git secret`. This means that all the secrets will be encrypted, and version\nhistory will tell you if *something* in the secrets file changed, but you will\nnot be able to know exactly what changed unless you keep notes in the commit \nmessage.\n\n.. note::\n\n Secrets that are their own files (e.g. private key files) can be encrypted\n independently of the `secrets.yml` file. `secrets.yml` should be used only\n for secrets that would otherwise require encrypting non-secret \n configuration in order to be protected.\n\nThe structure of `secrets.yml` looks like:\n\n.. code:: yaml\n\n # Individual templates should be listed under the *files* key.\n files:\n app-config-w-secrets.cfg.template:\n secrets:\n ldap_bind: LD4p$3cret \n mysql_passwd: DB$3kr3t!\n subfolder/another.template:\n secrets:\n web_service_passwd: 4P1$3cr3t\n\nEach template file listed will have its placeholders replaced with the mappings\nunder its *secrets* key.\n\n--------------------------------------------\nEnvironment Variables and User Configuration\n--------------------------------------------\n\nThe deployer software looks for configuration in the following locations:\n\n* ~/.deployer.cfg\n\nA number of environment variables control the operation of the software:\n\n* `DEPLOYER_CONFIG_PREFIX` - This specifies a path that will be the prefix for\n your deployment files. This is useful if you store them under a common\n folder. You can set this environment variable is your shell startup script,\n e.g. `~/.bashrc`.\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\nSet your working tree base\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n\nIf you have many configurations, it is sometimes convenient to arrange them\nunder a common folder. This folder may vary if you switch workstations or\njust choose to re-organize. Rather than having to update all your deployment\nfiles, you can specify a working tree base in the deployer configuration:\n\n.. code:: ini\n\n [SOURCES]\n working_tree_base = ~/git-repos/app_configs\n\nTilda expansion is supported.\n\n----------------------------------\nDeploying to a Docker-Build Target\n----------------------------------\n\nRather than deploying configurations to a physical or virtual machine, it may\nbe desireable to deploy a configuration as part of a docker image. In this\nkind of deployment, the repository will contain a \n`Dockerfile \u003chttps://docs.docker.com/engine/reference/builder/\u003e`_ and supporting\nconfiguration files for building a docker image. The configuration will have\nsecrets interpolated prior to executing the dockerfile. The docker image may\nbe built on the local host or on a remote host. Settings can influence the\ndocker build:\n\n.. code:: yaml\n\n working-tree: /path/to/repo/containing/Dockerfile\n targets:\n # Indicate that this deployment has a docker-build target.\n docker-build-target: True\n roles:\n stage:\n target-hosts:\n - localhost\n # The built image can be named for later use with `docker run`.\n docker-build-name: shib-idp-tier\n # Values can be supplied from the command line for values in the Dockerfile recipie.\n docker-build-args:\n SHBCFG: ./shib-config/conf\n SHBCREDS: ./shib-config/credentials\n SHBMSGS: ./shib-config/messages\n SHBMD: ./shib-config/metadata\n SHBEDWAPP: ./shib-config/edit-webapp\n # Remove intermediate images (same as `docker build --rm`).\n docker-build-rm: True\n # The docker build path.\n docker-build-path: .\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcwaldbieser%2Fconfig-deployer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcwaldbieser%2Fconfig-deployer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcwaldbieser%2Fconfig-deployer/lists"}