HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Preventing accidental production deployments in ansible

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
productionaccidentaldeploymentspreventingansible

Problem

Last night I ran a playbook from a wrong branch that referenced an old inventory file with old IPs for each server, and deployed a dev build to a production machine. What would be a a good practice to avoid such mistake from happening in the future? How can I isolate environments better?

Solution

The best practice is to separate production and staging(testing) inventory. See Staging vs Production.


This way you pick with -i what you are targeting.

To make it more robust you might want to clone a separate structure for production and restrict access to it. Pull from staging before deploying to production.

In detail, this would mean to 1) put the directories into git, 2) make sure staging is committed, pushed and merged, and 3) then pull to the production and deploy. The workflow is up to you.

Context

StackExchange DevOps Q#8081, answer score: 1

Revisions (0)

No revisions yet.