patternMinor
Preventing accidental production deployments in ansible
Viewed 0 times
productionaccidentaldeploymentspreventingansible
Problem
Last night I ran a playbook from a wrong branch that referenced an old inventory file with old IPs for each server, and deployed a dev build to a production machine. What would be a a good practice to avoid such mistake from happening in the future? How can I isolate environments better?
Solution
The best practice is to separate production and staging(testing) inventory. See Staging vs Production.
This way you pick with -i what you are targeting.
To make it more robust you might want to clone a separate structure for production and restrict access to it. Pull from staging before deploying to production.
In detail, this would mean to 1) put the directories into git, 2) make sure staging is committed, pushed and merged, and 3) then pull to the production and deploy. The workflow is up to you.
This way you pick with -i what you are targeting.
To make it more robust you might want to clone a separate structure for production and restrict access to it. Pull from staging before deploying to production.
In detail, this would mean to 1) put the directories into git, 2) make sure staging is committed, pushed and merged, and 3) then pull to the production and deploy. The workflow is up to you.
Context
StackExchange DevOps Q#8081, answer score: 1
Revisions (0)
No revisions yet.