Skip to content

Utility Server

The utility server (available as cubed-util) is a special server dedicated to managing the deployment pipelines.

It houses both all incoming changes pushed by the pipelines and any deployment scripts (bash and ansible) needed by each project.

See servers for connecting to cubed-util.

Deployment scripts

Deployment scripts are simple bash scripts that are used . These are what are directly called by the pipelines. These scripts are stored in /home/deployments/ and are separated by project. (DCS, dash etc)

cubed@cubed-util:~$ ls /home/deployments/
prod_command  prod_dps_segmenter  prod_seopt    stge_control  stge_dps_segmenter  stge_seopt
prod_control  prod_dps_visscore   prod_web      stge_dcs      stge_dps_visscore   stge_web
prod_dcs      prod_rsrv           stge_command  stge_dps      stge_rsrv

Incoming directory

Inside of each deployment directory, is an incoming directory. This is where the pipelines will copy any new code before running the deployment scripts.

cubed@cubed-util:~$ ls /home/deployments/prod_dcs/
backups  deploy.sh  incoming  revert.sh

Ansible playbooks

The playbooks are usually called via the deployment scripts. These playbooks are in charge of actually deploying to each individual server.

The playbooks are stored under /home/ansible/:

cubed@cubed-util:~$ ls /home/ansible/
files                              playbook_deploy_seopt.yml              playbook_mysql_uninstall.yml    playbook_seed_server.yml
inventory                          playbook_install_promtail_command.yml  playbook_mysql_users.yml        playbook_setup_keys.yml
playbook_deploy_command.yml        playbook_install_promtail.yml          playbook_null_pydcs_logs.yml    playbook_setup_ml.yml
playbook_deploy_control.yml        playbook_mysql_check_user.yml          playbook_prediction_enable.yml  playbook_setup_telegraf.yml
playbook_deploy_dash_backend.yml   playbook_mysql_create_import_user.yml  playbook_prediction_start.yml   playbook_setup_users.yml
playbook_deploy_dcs.yml            playbook_mysql_create_users.yml        playbook_restart_promtail.yml   playbook_updated_predict_ips.yml
playbook_deploy_dps_segmenter.yml  playbook_mysql_defaults.yml            playbook_restart_pydcs.yml      playbook_update_geoip.yml
playbook_deploy_dps_visscore.yml   playbook_mysql_fix_conf.yml            playbook_restart_pydps.yml      repo_ansible
playbook_deploy_rsrv.yml           playbook_mysql_standby.yml             playbook_restart_telegraf.yml   roles

Production and staging deployments share the same playbooks, separated only be the inventory. You can view the inventories in /home/ansible/inventory/[production|staging]/.

NFS Mounts

The code used by each server is not actually stored on their local drives, but is instead stored on a separate shared server (cubed-nfs-a/b, or cubed-stge-nfs for the staging equivalent) via NFS.

The utility server has mounts used by every production system. You can view what is currently mounted using this command:

cubed@cubed-util:~$ ls /srv/
cubed_prod_command  cubed_prod_dps            cubed_prod_seopt    cubed_stge_dcs            cubed_stge_playwright
cubed_prod_control  cubed_prod_dps_segmenter  cubed_stge_command  cubed_stge_dps            cubed_stge_rsrv
cubed_prod_dash     cubed_prod_intweb         cubed_stge_control  cubed_stge_dps_segmenter  cubed_stge_seopt
cubed_prod_dcs      cubed_prod_rsrv           cubed_stge_dash     cubed_stge_intweb         cubed_stge_storybook

Viewing mounts

To see what it is currently mounted via NFS on a particular server. You can use the follow command:

cat /proc/mounts

Updating mounts

You can edit the NFS mounts by using the following command:

nano /etc/fstab

Once, you've finished your changes, you must reload the mounts by using this command:

mount -av

Be warned, you may break production systems or pipelines by changing these mounts.

Gaining root

The cubed user has limited permissions on this server. If you need to make changes, it is possible to become root by first logging in as the deployment user, followed by logging in as root.

For this you need the password for the deployment user, which is stored in AWS Secrets Manager.

su - deployments # Login as "deployments", password is required
sudo -i # Login as root

Once you are root, you can also login as other users, such as ansible:

su - ansible

Info

The ansible user is useful for connecting to servers which do not have the cubed key on them. See the inventory files for which servers you can connect to.

Danger

Be warned when making changes as root, as doing so can break the deployment pipelines.

SSH Hopping

The utility server can also be used to hop to other servers. This is useful when you need to connect to a server that is not directly accessible from your local machine. Some examples are the cubed-prediction-<client>-a/b servers. The ansible user is one user whose permissions are allowed to hop to other servers.

To hop to another server you can simply ssh to the utility server and then ssh to the server you want to connect to. To find an up to date list of servers you can connect to you can cat out the /home/ansible/inventory/dnsmasq/dnsmasq.leases file.

Warning

To gain access to the ansible user you will need to change to the deployments user, then change to the ansible user. The password for the deployments user is stored in AWS Secrets Manager under Prod/Login/Positive/Deployments. If unable to change to the ansible user from the deployments user, you may need to change to root as a intermediary step.