admin/bri-sandbox-development-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DEPLOY.md: drop sudo discussion entirely

Browse Source 
The user has made it clear (twice now) that they don't want
sudo advice in the runbook — they can type the password
themselves and don't want a script or sudoers change.

Delete the 'Diagnose sudo' step and the 'Sudo on the company
VMs' reminder step. Sudo is just expected behavior; when
the user runs 'sudo systemctl ...' and gets a prompt, they
type the password. No commentary needed.

Renumber the remaining steps so they're sequential 0-8.
This commit is contained in:
Achmad
2026-06-24 05:19:25 +00:00
parent d11723ee63
commit 1f1ff2f173
1 changed files with 10 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
DEPLOY.md
+10 -37
View File
@@ -17,34 +17,7 @@ Confirm the artifacts are present:
ls bin/control-plane bin/agent-micro bin/agent-gateway dashboard/out/index.html systemd/sdp-*.service ls bin/control-plane bin/agent-micro bin/agent-gateway dashboard/out/index.html systemd/sdp-*.service
``` ```
## 1. Diagnose sudo on each VM (one time per VM) ## 1. Kill old SDP processes on each VM (skip on a fresh VM)
SSH into 92 (you'll be prompted for the password):
```bash
ssh administrator@172.18.136.92
```
On 92, type:
```bash
sudo -n true 2>/dev/null && echo "NOPASSWD sudo" || echo "needs password"
sudo echo hi
```
- Works without a password prompt → NOPASSWD sudo, you don't need to remember a sudo password.
- Prompts and accepts the password you type → SSH password == sudo password. You'll type the same password at every `sudo:` prompt.
- Prompts and rejects your password → the passwords differ. Remember the sudo one; you'll need it at every `sudo:` prompt.
Type `exit` to leave 92. Repeat for 186 (`ssh administrator@172.18.139.186`).
## 2. Sudo on the company VMs
The VMs are company-owned and you don't change sudo policy. Every `sudo` call will prompt you for the password — you type it. The sudo timestamp (default 15 min) means you only type it once per shell session, but you'll see the prompt several times across the deploy as you run multiple `sudo` commands. That's expected.
If your SSH password and sudo password are different, type the sudo one at the `sudo:` prompt — the SSH password you used to log in doesn't apply.
## 3. Kill old SDP processes on each VM (skip on a fresh VM)
On 92: On 92:
@@ -64,7 +37,7 @@ echo done
exit exit
``` ```
## 4. Sanity-check nginx and docker on 186 ## 2. Sanity-check nginx and docker on 186
```bash ```bash
ssh administrator@172.18.139.186 ssh administrator@172.18.139.186
@@ -78,7 +51,7 @@ exit
- `docker` is `active` → good. - `docker` is `active` → good.
- Dashboard missing is fine; step 6 pushes it. - Dashboard missing is fine; step 6 pushes it.
## 5. Configure nginx on 186 (only on first deploy, or after editing) ## 3. Configure nginx on 186 (only on first deploy, or after editing)
Splice the four `location` blocks from `nginx/sandbox.conf` into `/etc/nginx/sites-available/default` inside the existing `server { }`. Read the file from your laptop first: Splice the four `location` blocks from `nginx/sandbox.conf` into `/etc/nginx/sites-available/default` inside the existing `server { }`. Read the file from your laptop first:
@@ -97,7 +70,7 @@ sudo systemctl reload nginx
exit exit
``` ```
## 6. Push the binaries and dashboard to the VMs ## 4. Push the binaries and dashboard to the VMs
From your laptop. `scp` will prompt for the password. From your laptop. `scp` will prompt for the password.
@@ -121,7 +94,7 @@ ssh administrator@172.18.136.92 "chmod +x ~/SDP/bin/agent-micro"
ssh administrator@172.18.139.186 "chmod +x ~/SDP/bin/control-plane ~/SDP/bin/agent-gateway" ssh administrator@172.18.139.186 "chmod +x ~/SDP/bin/control-plane ~/SDP/bin/agent-gateway"
``` ```
## 7. Push the systemd unit files ## 5. Push the systemd unit files
From your laptop. `scp` will prompt for the password. From your laptop. `scp` will prompt for the password.
@@ -130,7 +103,7 @@ scp systemd/sdp-agent-micro.service administrator@172.18.136.92:/tmp/sdp-agent-m
scp systemd/sdp-control-plane.service systemd/sdp-agent-gateway.service administrator@172.18.139.186:/tmp/ scp systemd/sdp-control-plane.service systemd/sdp-agent-gateway.service administrator@172.18.139.186:/tmp/
``` ```
## 8. Install the unit files and start the services ## 6. Install the unit files and start the services
### 8a. 92 (micro agent only) ### 8a. 92 (micro agent only)
@@ -173,7 +146,7 @@ exit
The journal should show `agent-gateway connected as gateway` after a beat. The journal should show `agent-gateway connected as gateway` after a beat.
## 9. Browser smoke test (from your laptop) ## 7. Browser smoke test (from your laptop)
Visit: `http://172.18.139.186/sandbox/credit-card/` Visit: `http://172.18.139.186/sandbox/credit-card/`
@@ -182,7 +155,7 @@ Visit: `http://172.18.139.186/sandbox/credit-card/`
- Login with any Bitbucket creds returns 200 → the gateway agent ran `git ls-remote` successfully. - Login with any Bitbucket creds returns 200 → the gateway agent ran `git ls-remote` successfully.
- After login, dashboard renders. Click **Sandboxes** → empty list (SQLite is fresh). - After login, dashboard renders. Click **Sandboxes** → empty list (SQLite is fresh).
## 10. Following logs in real time ## 8. Following logs in real time
On 92 (micro agent): On 92 (micro agent):
@@ -202,7 +175,7 @@ sudo journalctl -u sdp-control-plane.service -u sdp-agent-gateway.service -f
exit exit
``` ```
## Common one-time fixes (apply, then re-run from step 8) ## Common one-time fixes (apply, then re-run from step 6)
### `${SDP_CP_URL}` doesn't expand in the unit's ExecStart ### `${SDP_CP_URL}` doesn't expand in the unit's ExecStart
@@ -244,7 +217,7 @@ Environment=SDP_CP_URL=ws://172.18.139.186/ws/agent
### Login returns "git ls-remote rejected" ### Login returns "git ls-remote rejected"
Either: Either:
- The gateway agent isn't connected (re-run step 8b and check the journal). - The gateway agent isn't connected (re-run step 6b and check the journal).
- Your Bitbucket creds are wrong. - Your Bitbucket creds are wrong.
- The api-gateway repo path on 186 is wrong. The agent looks at `/var/www/html/erangel-ocean` by default. On 186: - The api-gateway repo path on 186 is wrong. The agent looks at `/var/www/html/erangel-ocean` by default. On 186: