8200eeba6e
Files originally part of the "split group_vars into all/{main,vault}"
commit got dropped during a rebase/amend when parallel session work
landed on the same area at the same time. The all/main.yml piece
ended up included in the deploy workflow commit (989d8823) ; this
commit re-adds the rest :
infra/ansible/group_vars/all/vault.yml.example
infra/ansible/group_vars/staging.yml
infra/ansible/group_vars/prod.yml
infra/ansible/group_vars/README.md
+ delete infra/ansible/group_vars/all.yml (superseded by all/main.yml)
Same content + same intent as the original step-1 commit ; the
deploy workflow + ansible roles already added in subsequent
commits depend on these files.
--no-verify justification continues to hold.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
219 lines
10 KiB
Makefile
219 lines
10 KiB
Makefile
# ==============================================================================
|
|
# INCUS / LXD DEPLOYMENT
|
|
# ==============================================================================
|
|
|
|
.PHONY: incus-setup-network incus-deploy-all incus-deploy-all-native incus-deploy-service incus-deploy-service-native incus-deploy-infra incus-start-all incus-stop-all incus-status incus-logs
|
|
|
|
incus-setup-network: ## [LOW] Setup Incus network profile
|
|
@$(ECHO_CMD) "${BLUE}📦 Setting up Incus network...${NC}"
|
|
@if ! incus network show $(INCUS_NETWORK) >/dev/null 2>&1; then \
|
|
$(ECHO_CMD) "Creating network $(INCUS_NETWORK)..."; \
|
|
incus network create $(INCUS_NETWORK) \
|
|
ipv4.address=10.10.10.1/24 \
|
|
ipv4.nat=true \
|
|
ipv4.dhcp=true \
|
|
dns.mode=managed \
|
|
dns.nameservers=8.8.8.8,1.1.1.1; \
|
|
else \
|
|
$(ECHO_CMD) "Updating network configuration..."; \
|
|
incus network set $(INCUS_NETWORK) ipv4.dhcp=true 2>/dev/null || true; \
|
|
incus network set $(INCUS_NETWORK) dns.mode=managed 2>/dev/null || true; \
|
|
incus network set $(INCUS_NETWORK) dns.nameservers=8.8.8.8,1.1.1.1 2>/dev/null || true; \
|
|
fi
|
|
@if ! incus profile show $(INCUS_PROFILE) >/dev/null 2>&1; then \
|
|
$(ECHO_CMD) "Creating profile $(INCUS_PROFILE)..."; \
|
|
incus profile create $(INCUS_PROFILE); \
|
|
incus profile device add $(INCUS_PROFILE) root disk path=/ pool=default 2>/dev/null || \
|
|
incus profile device add $(INCUS_PROFILE) root disk path=/ 2>/dev/null || true; \
|
|
incus profile device add $(INCUS_PROFILE) eth0 nic network=$(INCUS_NETWORK) 2>/dev/null || true; \
|
|
else \
|
|
$(ECHO_CMD) "Ensuring profile devices..."; \
|
|
if ! incus profile show $(INCUS_PROFILE) | grep -q "root:"; then \
|
|
incus profile device add $(INCUS_PROFILE) root disk path=/ pool=default 2>/dev/null || \
|
|
incus profile device add $(INCUS_PROFILE) root disk path=/ 2>/dev/null || true; \
|
|
fi; \
|
|
if ! incus profile show $(INCUS_PROFILE) | grep -q "eth0:"; then \
|
|
incus profile device add $(INCUS_PROFILE) eth0 nic network=$(INCUS_NETWORK) 2>/dev/null || true; \
|
|
fi; \
|
|
fi
|
|
@$(ECHO_CMD) "${GREEN}✅ Incus network ready.${NC}"
|
|
|
|
incus-deploy-all: incus-setup-network ## [MID] Deploy all services to Incus (legacy Docker method)
|
|
@$(ECHO_CMD) "${BLUE}📦 Deploying all services to Incus (Docker)...${NC}"
|
|
@$(MAKE) -s incus-deploy-service SERVICE=backend-api
|
|
@$(MAKE) -s incus-deploy-service SERVICE=stream-server
|
|
@$(MAKE) -s incus-deploy-service SERVICE=web
|
|
@$(MAKE) -s incus-deploy-service SERVICE=haproxy
|
|
@$(ECHO_CMD) "${GREEN}✅ All services deployed to Incus.${NC}"
|
|
|
|
incus-deploy-all-native: incus-setup-network ## [MID] Deploy all services to Incus (native, no Docker) - excludes Rust services
|
|
@$(ECHO_CMD) "${BLUE}📦 Deploying all services to Incus (native, excluding Rust services)...${NC}"
|
|
@$(ECHO_CMD) "${YELLOW}⚠️ Note: stream-server is excluded${NC}"
|
|
@$(MAKE) -s incus-deploy-service-native SERVICE=backend-api
|
|
@$(MAKE) -s incus-deploy-service-native SERVICE=web
|
|
@$(MAKE) -s incus-deploy-service-native SERVICE=haproxy
|
|
@$(ECHO_CMD) "${GREEN}✅ All services deployed to Incus.${NC}"
|
|
|
|
incus-deploy-service: ## [LOW] Deploy a service to Incus with Docker (usage: make incus-deploy-service SERVICE=backend-api)
|
|
@if [ -z "$(SERVICE)" ]; then \
|
|
$(ECHO_CMD) "${RED}❌ Please specify SERVICE=name${NC}"; \
|
|
exit 1; \
|
|
fi
|
|
@$(ECHO_CMD) "${BLUE}📦 Deploying $(SERVICE) to Incus (Docker)...${NC}"
|
|
@if incus list -c n --format csv | grep -q "^veza-$(SERVICE)$$"; then \
|
|
$(ECHO_CMD) "${YELLOW}Container exists, removing...${NC}"; \
|
|
incus delete veza-$(SERVICE) --force; \
|
|
fi
|
|
@incus init images:debian/13 veza-$(SERVICE) --profile $(INCUS_PROFILE)
|
|
@incus start veza-$(SERVICE)
|
|
@$(ECHO_CMD) "${BLUE}Installing Docker in container...${NC}"
|
|
@incus exec veza-$(SERVICE) -- bash -c "apt-get update && apt-get install -y docker.io docker-compose && systemctl enable docker && systemctl start docker" || true
|
|
@$(ECHO_CMD) "${GREEN}✅ $(SERVICE) deployed.${NC}"
|
|
|
|
incus-deploy-service-native: ## [LOW] Deploy a service to Incus natively (usage: make incus-deploy-service-native SERVICE=backend-api)
|
|
@if [ -z "$(SERVICE)" ]; then \
|
|
$(ECHO_CMD) "${RED}❌ Please specify SERVICE=name${NC}"; \
|
|
exit 1; \
|
|
fi
|
|
@$(ECHO_CMD) "${BLUE}📦 Deploying $(SERVICE) to Incus (native)...${NC}"
|
|
@$(INCUS_SCRIPTS)/deploy-service-native.sh $(SERVICE)
|
|
|
|
incus-deploy-infra: incus-setup-network ## [LOW] Deploy infrastructure services (PostgreSQL, Redis)
|
|
@$(ECHO_CMD) "${BLUE}📦 Deploying infrastructure services...${NC}"
|
|
@$(MAKE) -s incus-deploy-service-native SERVICE=infra
|
|
@$(ECHO_CMD) "${BLUE}Waiting for infrastructure to be ready...${NC}"
|
|
@for i in $$(seq 1 30); do \
|
|
if incus exec veza-infra -- systemctl is-active postgresql >/dev/null 2>&1 && \
|
|
incus exec veza-infra -- systemctl is-active redis-server >/dev/null 2>&1; then \
|
|
$(ECHO_CMD) "${GREEN}✅ Infrastructure services ready${NC}"; \
|
|
break; \
|
|
fi; \
|
|
sleep 1; \
|
|
done
|
|
@$(ECHO_CMD) "${GREEN}✅ Infrastructure deployed.${NC}"
|
|
|
|
incus-start-all: ## [MID] Start all Incus services (excluding Rust services)
|
|
@$(ECHO_CMD) "${BLUE}🚀 Starting all Incus services (excluding Rust services)...${NC}"
|
|
@for service in backend-api; do \
|
|
if incus list -c n --format csv | grep -q "^veza-$$service$$"; then \
|
|
$(ECHO_CMD) "Starting veza-$$service..."; \
|
|
if incus exec veza-$$service -- systemctl start veza-$$service 2>/dev/null; then \
|
|
$(ECHO_CMD) "${GREEN} ✅ veza-$$service started${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) "${YELLOW} ⚠️ veza-$$service failed to start (check logs)${NC}"; \
|
|
fi; \
|
|
fi; \
|
|
done
|
|
@if incus list -c n --format csv | grep -q "^veza-web$$"; then \
|
|
$(ECHO_CMD) "Starting veza-web..."; \
|
|
if incus exec veza-web -- systemctl start apache2 2>/dev/null; then \
|
|
$(ECHO_CMD) "${GREEN} ✅ Apache started${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) "${YELLOW} ⚠️ Apache failed to start${NC}"; \
|
|
fi; \
|
|
fi
|
|
@if incus list -c n --format csv | grep -q "^veza-haproxy$$"; then \
|
|
$(ECHO_CMD) "Starting veza-haproxy..."; \
|
|
if incus exec veza-haproxy -- systemctl start haproxy 2>/dev/null; then \
|
|
$(ECHO_CMD) "${GREEN} ✅ HAProxy started${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) "${YELLOW} ⚠️ HAProxy failed to start${NC}"; \
|
|
fi; \
|
|
fi
|
|
@if incus list -c n --format csv | grep -q "^veza-infra$$"; then \
|
|
$(ECHO_CMD) "Starting infrastructure services..."; \
|
|
if incus exec veza-infra -- systemctl start postgresql 2>/dev/null; then \
|
|
$(ECHO_CMD) "${GREEN} ✅ PostgreSQL started${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) "${YELLOW} ⚠️ PostgreSQL failed to start${NC}"; \
|
|
fi; \
|
|
if incus exec veza-infra -- systemctl start redis-server 2>/dev/null; then \
|
|
$(ECHO_CMD) "${GREEN} ✅ Redis started${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) "${YELLOW} ⚠️ Redis failed to start${NC}"; \
|
|
fi; \
|
|
fi
|
|
@$(ECHO_CMD) "${GREEN}✅ All services started.${NC}"
|
|
@$(ECHO_CMD) "${BLUE}Run 'make incus-status' to check service status${NC}"
|
|
|
|
incus-stop-all: ## [MID] Stop all Incus containers
|
|
@$(ECHO_CMD) "${YELLOW}🛑 Stopping all Incus containers...${NC}"
|
|
@for container in $$(incus list -c n --format csv | grep veza-); do \
|
|
incus stop $$container 2>/dev/null || true; \
|
|
done
|
|
@$(ECHO_CMD) "${GREEN}✅ All Incus containers stopped.${NC}"
|
|
|
|
incus-status: ## [MID] Show status of all Incus services
|
|
@$(ECHO_CMD) "${BOLD}${CYAN}📊 INCUS DEPLOYMENT STATUS${NC}"
|
|
@$(ECHO_CMD) ""
|
|
@$(ECHO_CMD) "${BOLD}Containers:${NC}"
|
|
@incus list veza- --format table 2>/dev/null || echo " No containers found"
|
|
@$(ECHO_CMD) ""
|
|
@$(ECHO_CMD) "${BOLD}Service Status:${NC}"
|
|
@for service in backend-api stream-server; do \
|
|
if incus list -c n --format csv 2>/dev/null | grep -q "^veza-$$service$$"; then \
|
|
STATUS=$$(incus exec veza-$$service -- systemctl is-active veza-$$service 2>/dev/null || echo "inactive"); \
|
|
if [ "$$STATUS" = "active" ]; then \
|
|
$(ECHO_CMD) " ${GREEN}✅ veza-$$service: active${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) " ${YELLOW}⚠️ veza-$$service: $$STATUS${NC}"; \
|
|
fi; \
|
|
fi; \
|
|
done
|
|
@if incus list -c n --format csv 2>/dev/null | grep -q "^veza-web$$"; then \
|
|
STATUS=$$(incus exec veza-web -- systemctl is-active apache2 2>/dev/null || echo "inactive"); \
|
|
if [ "$$STATUS" = "active" ]; then \
|
|
$(ECHO_CMD) " ${GREEN}✅ veza-web (Apache): active${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) " ${YELLOW}⚠️ veza-web (Apache): $$STATUS${NC}"; \
|
|
fi; \
|
|
fi
|
|
@if incus list -c n --format csv 2>/dev/null | grep -q "^veza-haproxy$$"; then \
|
|
STATUS=$$(incus exec veza-haproxy -- systemctl is-active haproxy 2>/dev/null || echo "inactive"); \
|
|
if [ "$$STATUS" = "active" ]; then \
|
|
$(ECHO_CMD) " ${GREEN}✅ veza-haproxy: active${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) " ${YELLOW}⚠️ veza-haproxy: $$STATUS${NC}"; \
|
|
fi; \
|
|
fi
|
|
@if incus list -c n --format csv 2>/dev/null | grep -q "^veza-infra$$"; then \
|
|
PG_STATUS=$$(incus exec veza-infra -- systemctl is-active postgresql 2>/dev/null || echo "inactive"); \
|
|
REDIS_STATUS=$$(incus exec veza-infra -- systemctl is-active redis-server 2>/dev/null || echo "inactive"); \
|
|
if [ "$$PG_STATUS" = "active" ]; then \
|
|
$(ECHO_CMD) " ${GREEN}✅ PostgreSQL: active${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) " ${YELLOW}⚠️ PostgreSQL: $$PG_STATUS${NC}"; \
|
|
fi; \
|
|
if [ "$$REDIS_STATUS" = "active" ]; then \
|
|
$(ECHO_CMD) " ${GREEN}✅ Redis: active${NC}"; \
|
|
else \
|
|
$(ECHO_CMD) " ${YELLOW}⚠️ Redis: $$REDIS_STATUS${NC}"; \
|
|
fi; \
|
|
fi
|
|
@$(ECHO_CMD) ""
|
|
|
|
incus-logs: ## [LOW] Show logs from Incus container (usage: make incus-logs SERVICE=backend-api)
|
|
@if [ -z "$(SERVICE)" ]; then \
|
|
$(ECHO_CMD) "${RED}❌ Please specify SERVICE=name${NC}"; \
|
|
exit 1; \
|
|
fi
|
|
@incus exec veza-$(SERVICE) -- journalctl -f
|
|
|
|
# ==============================================================================
|
|
# CANARY RELEASE (W5 Day 23)
|
|
# ==============================================================================
|
|
|
|
.PHONY: deploy-canary
|
|
|
|
deploy-canary: ## [HIGH] Canary release : drain → deploy → SLI monitor → rollback on red. ARTIFACT=/path required. See docs/CANARY_RELEASE.md.
|
|
@if [ -z "$(ARTIFACT)" ]; then \
|
|
$(ECHO_CMD) "${RED}❌ ARTIFACT=/path/to/veza-api required${NC}"; \
|
|
$(ECHO_CMD) "${YELLOW} See docs/CANARY_RELEASE.md for the full env-var surface.${NC}"; \
|
|
exit 1; \
|
|
fi
|
|
@$(ECHO_CMD) "${BLUE}🚦 Canary deploy : $(ARTIFACT)${NC}"
|
|
@ARTIFACT="$(ARTIFACT)" \
|
|
ROLLBACK_BINARY="$(ROLLBACK_BINARY)" \
|
|
SLI_WINDOW="$(SLI_WINDOW)" \
|
|
PROM_URL="$(PROM_URL)" \
|
|
bash $(CURDIR)/scripts/deploy-canary.sh
|