Hi all,
I have long been managing some of my tools using non-interactive
provisioning scripts − historically using Shell [1], and increasingly
moving towards Ansible playbooks [2] [3].
Both methods boil down to:
* SSH onto bastion host
* `become tool`
* Execute steps: git pull, install dependencies,etc.
I have not always been able to fulfill my 'non-interactive' requirement.
For my projects which require Node dependencies, I did have to manually
drop into a shell (webservice --backend=kubernetes nodejs shell) in order
to run npm.
(I also had a bit of a hard time when trying to manage crontabs using
Ansible, as the `crontab` executable override seems to be doing all kinds
of magic − I kind of tinkered until I reached a "looks like it works!"
point ^_^)
As I was reading through the Trusty migration docs [4], it is somewhat
hinted that virtualens (for Python dependencies) should also be installed
in an interactive container shell, and not from the Bastion host [5].
Can someone help me with the following questions?
* Is it appropriate to create python virtual envs from the Bastion host?
* Is there a recommended way to execute inside a kubernetes container
remotely / in a non-interactive fashion (eg using a tool like Ansible)?
* in general, am I doing something fundamentally at odds with the Toolforge
environment with such configuration management?
Thanks!
[1]
https://phabricator.wikimedia.org/diffusion/THER/browse/master/bin/build-py…
[2]
https://phabricator.wikimedia.org/source/tool-wikiloves/browse/master/deplo…
[3]
https://github.com/JeanFred/universalviewer-toolforge/blob/master/deploy/ma…
[4]
https://wikitech.wikimedia.org/wiki/News/Toolforge_Trusty_deprecation#Rebui…
[5]
https://phabricator.wikimedia.org/T214086#4890276
--
Jean-Fred