[#171] Remove Nginx config post-deployment to prevent configuration reuse across environments #172
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
…euse across environments Summary: To enhance and fix our deployment script's reliability and ensure environment-specific configurations are not mistakenly reused locally, this commit introduces a critical update to the script responsible for preparing configurations, including the Nginx setup. Recognizing the need for distinct configurations across different deployment environments, we've implemented a change to automatically remove the Nginx configuration directory once the deployment script has executed. This action prevents potential conflicts and misconfigurations when deploying to multiple environments by ensuring that each deployment starts with a clean slate regarding Nginx setup. The change has been introduced after an incident[^1] occurred during efforts on #97, where mutliple deployments on multiple environments had to be performed avoiding the GitHub Action workflow, since they were not yet introduced to the repository. The problem is irrelevant on the GitHub workflows since they are executed in isolation on containerized environment. Technical Details: The modification was made in the scripts/govtool/prepare-config.sh script, where a command to remove the Nginx configuration directory ($nginx_config_dir) has been added. This line is strategically placed before the creation of new configuration directories and files, ensuring that any pre-existing Nginx configuration is cleared out before generating new ones. This approach guarantees that configurations from a previous deployment do not linger and affect subsequent deployments to different environments. The logic specifically targets the scenario where the deployment script is run multiple times locally across various environments, addressing a previously overlooked aspect of our deployment process. This change is part of our ongoing efforts to refine our deployment practices, ensuring they are robust, clean, and tailored to the specific requirements of each environment. The change has no impact on GitHub workflow since the execution od the deployment there is performed in isolation with no cached nor reused file system storage. Additionally the documentation note has been added to deployment instructions to keep track of what actually happens during the deploy process and how does this impact the target environments. By incorporating this update, we mitigate the risk of configuration leakage between environments, a critical aspect of maintaining the integrity and isolation of our deployment processes. This change underscores our commitment to continuous improvement in our deployment strategies, ensuring they align with best practices and the unique demands of our infrastructure. [^1]: #174
placek
force-pushed
the
171-enhance-deployment-script-for-conditional-generation-of-basicauth-configuration-files
branch
from
d95e495 to
cb346bc
Compare
adgud
approved these changes
Feb 14, 2024
placek
deleted the
171-enhance-deployment-script-for-conditional-generation-of-basicauth-configuration-files
branch
MSzalowski
pushed a commit
that referenced
this pull request
Feb 15, 2024
…pt-for-conditional-generation-of-basicauth-configuration-files [#171] Remove Nginx config post-deployment to prevent configuration reuse across environments
5 tasks
pmbinapps
pushed a commit
that referenced
this pull request
Feb 16, 2024
…pt-for-conditional-generation-of-basicauth-configuration-files [#171] Remove Nginx config post-deployment to prevent configuration reuse across environments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a bug in the prepare-config.sh script (#171) that caused an incident (#174).
The result of the incident was that the
betaenvironment had the BasicAuth turned on, therefore preventing users from reaching application.The reason behind that behaviour was the reusage of the configuration files responsible for setting up the BasicAuth. Those files were generated during a previous deployments on internal environments (i.e.
dev,testandstaging) and futher used because the script was unaware of pre-existance of those files during their generation.List of changes:
scripts/govtool/prepare-config.shscript, where a command to remove the Nginx configuration directory ($nginx_config_dir) has been added. This change ensures that the Nginx configuration is not shared between executions of the deployment scripts on different environments, which was a actual reason behind the incident.