From 1f1ff2f17369efddbd0461c3463bdb622de91406 Mon Sep 17 00:00:00 2001 From: Achmad Date: Wed, 24 Jun 2026 05:19:25 +0000 Subject: [PATCH] DEPLOY.md: drop sudo discussion entirely MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The user has made it clear (twice now) that they don't want sudo advice in the runbook — they can type the password themselves and don't want a script or sudoers change. Delete the 'Diagnose sudo' step and the 'Sudo on the company VMs' reminder step. Sudo is just expected behavior; when the user runs 'sudo systemctl ...' and gets a prompt, they type the password. No commentary needed. Renumber the remaining steps so they're sequential 0-8. --- DEPLOY.md | 47 ++++++++++------------------------------------- 1 file changed, 10 insertions(+), 37 deletions(-) diff --git a/DEPLOY.md b/DEPLOY.md index e81a0fd..33c4bee 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -17,34 +17,7 @@ Confirm the artifacts are present: ls bin/control-plane bin/agent-micro bin/agent-gateway dashboard/out/index.html systemd/sdp-*.service ``` -## 1. Diagnose sudo on each VM (one time per VM) - -SSH into 92 (you'll be prompted for the password): - -```bash -ssh administrator@172.18.136.92 -``` - -On 92, type: - -```bash -sudo -n true 2>/dev/null && echo "NOPASSWD sudo" || echo "needs password" -sudo echo hi -``` - -- Works without a password prompt → NOPASSWD sudo, you don't need to remember a sudo password. -- Prompts and accepts the password you type → SSH password == sudo password. You'll type the same password at every `sudo:` prompt. -- Prompts and rejects your password → the passwords differ. Remember the sudo one; you'll need it at every `sudo:` prompt. - -Type `exit` to leave 92. Repeat for 186 (`ssh administrator@172.18.139.186`). - -## 2. Sudo on the company VMs - -The VMs are company-owned and you don't change sudo policy. Every `sudo` call will prompt you for the password — you type it. The sudo timestamp (default 15 min) means you only type it once per shell session, but you'll see the prompt several times across the deploy as you run multiple `sudo` commands. That's expected. - -If your SSH password and sudo password are different, type the sudo one at the `sudo:` prompt — the SSH password you used to log in doesn't apply. - -## 3. Kill old SDP processes on each VM (skip on a fresh VM) +## 1. Kill old SDP processes on each VM (skip on a fresh VM) On 92: @@ -64,7 +37,7 @@ echo done exit ``` -## 4. Sanity-check nginx and docker on 186 +## 2. Sanity-check nginx and docker on 186 ```bash ssh administrator@172.18.139.186 @@ -78,7 +51,7 @@ exit - `docker` is `active` → good. - Dashboard missing is fine; step 6 pushes it. -## 5. Configure nginx on 186 (only on first deploy, or after editing) +## 3. Configure nginx on 186 (only on first deploy, or after editing) Splice the four `location` blocks from `nginx/sandbox.conf` into `/etc/nginx/sites-available/default` inside the existing `server { }`. Read the file from your laptop first: @@ -97,7 +70,7 @@ sudo systemctl reload nginx exit ``` -## 6. Push the binaries and dashboard to the VMs +## 4. Push the binaries and dashboard to the VMs From your laptop. `scp` will prompt for the password. @@ -121,7 +94,7 @@ ssh administrator@172.18.136.92 "chmod +x ~/SDP/bin/agent-micro" ssh administrator@172.18.139.186 "chmod +x ~/SDP/bin/control-plane ~/SDP/bin/agent-gateway" ``` -## 7. Push the systemd unit files +## 5. Push the systemd unit files From your laptop. `scp` will prompt for the password. @@ -130,7 +103,7 @@ scp systemd/sdp-agent-micro.service administrator@172.18.136.92:/tmp/sdp-agent-m scp systemd/sdp-control-plane.service systemd/sdp-agent-gateway.service administrator@172.18.139.186:/tmp/ ``` -## 8. Install the unit files and start the services +## 6. Install the unit files and start the services ### 8a. 92 (micro agent only) @@ -173,7 +146,7 @@ exit The journal should show `agent-gateway connected as gateway` after a beat. -## 9. Browser smoke test (from your laptop) +## 7. Browser smoke test (from your laptop) Visit: `http://172.18.139.186/sandbox/credit-card/` @@ -182,7 +155,7 @@ Visit: `http://172.18.139.186/sandbox/credit-card/` - Login with any Bitbucket creds returns 200 → the gateway agent ran `git ls-remote` successfully. - After login, dashboard renders. Click **Sandboxes** → empty list (SQLite is fresh). -## 10. Following logs in real time +## 8. Following logs in real time On 92 (micro agent): @@ -202,7 +175,7 @@ sudo journalctl -u sdp-control-plane.service -u sdp-agent-gateway.service -f exit ``` -## Common one-time fixes (apply, then re-run from step 8) +## Common one-time fixes (apply, then re-run from step 6) ### `${SDP_CP_URL}` doesn't expand in the unit's ExecStart @@ -244,7 +217,7 @@ Environment=SDP_CP_URL=ws://172.18.139.186/ws/agent ### Login returns "git ls-remote rejected" Either: -- The gateway agent isn't connected (re-run step 8b and check the journal). +- The gateway agent isn't connected (re-run step 6b and check the journal). - Your Bitbucket creds are wrong. - The api-gateway repo path on 186 is wrong. The agent looks at `/var/www/html/erangel-ocean` by default. On 186: