Hi all,
I have long been managing some of my tools using non-interactive provisioning scripts − historically using Shell [1], and increasingly moving towards Ansible playbooks [2] [3].
Both methods boil down to: * SSH onto bastion host * `become tool` * Execute steps: git pull, install dependencies,etc.
I have not always been able to fulfill my 'non-interactive' requirement. For my projects which require Node dependencies, I did have to manually drop into a shell (webservice --backend=kubernetes nodejs shell) in order to run npm.
(I also had a bit of a hard time when trying to manage crontabs using Ansible, as the `crontab` executable override seems to be doing all kinds of magic − I kind of tinkered until I reached a "looks like it works!" point ^_^)
As I was reading through the Trusty migration docs [4], it is somewhat hinted that virtualens (for Python dependencies) should also be installed in an interactive container shell, and not from the Bastion host [5].
Can someone help me with the following questions?
* Is it appropriate to create python virtual envs from the Bastion host? * Is there a recommended way to execute inside a kubernetes container remotely / in a non-interactive fashion (eg using a tool like Ansible)? * in general, am I doing something fundamentally at odds with the Toolforge environment with such configuration management?
Thanks!
[1] https://phabricator.wikimedia.org/diffusion/THER/browse/master/bin/build-pyt... [2] https://phabricator.wikimedia.org/source/tool-wikiloves/browse/master/deploy... [3] https://github.com/JeanFred/universalviewer-toolforge/blob/master/deploy/mai... [4] https://wikitech.wikimedia.org/wiki/News/Toolforge_Trusty_deprecation#Rebuil... [5] https://phabricator.wikimedia.org/T214086#4890276