bmc_hub/DEPLOYMENT_CHECKLIST.md

🚀 BMC Hub - Production Deployment Checklist

✅ Pre-Deployment (På din Mac)

1. Test Lokalt

• Alle ændringer committed til Git
• Lokale tests kørt og består
• docker-compose up virker lokalt
• Health endpoint returnerer OK: curl http://localhost:8001/health

2. Opret Gitea Release

cd /Users/christianthomas/DEV/bmc_hub_dev

# Se nuværende tags
git tag -l

# Commit alle ændringer
git add .
git status
git commit -m "Release v1.0.0: Initial production release"

# Push til Gitea
git push origin main

# Tag release (semantic versioning: major.minor.patch)
git tag v1.0.0
git push origin v1.0.0

# Verificer på Gitea
open https://g.bmcnetworks.dk/ct/bmc_hub/releases

3. Verificer Release på Gitea

• Tag synligt på https://g.bmcnetworks.dk/ct/bmc_hub/tags
• Kan downloade archive: https://g.bmcnetworks.dk/ct/bmc_hub/archive/v1.0.0.tar.gz
• Raw files tilgængelige via API

🔧 Production Server Setup (Første Gang)

1. Forbered Server

# SSH til server
ssh user@your-server.com

# Installer Podman (hvis ikke installeret)
sudo apt update
sudo apt install -y podman podman-compose

# Eller på RHEL/CentOS
sudo dnf install -y podman podman-compose

# Verificer installation
podman --version
podman-compose --version

2. Opret Gitea Personal Access Token

• Gå til https://g.bmcnetworks.dk/user/settings/applications
• Klik "Generate New Token"
• Token navn: BMC Hub Production
• Scopes: ✅ repo (read)
• Gem token sikkert (vises kun én gang!)

3. Download Deployment Files

# Opret deployment directory
sudo mkdir -p /srv/podman/bmc_hub_v1.0
sudo chown $USER:$USER /srv/podman/bmc_hub_v1.0
cd /srv/podman/bmc_hub_v1.0

# Download deployment script
curl -H "Authorization: token YOUR_GITEA_TOKEN" \
     https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/scripts/deploy_production.sh?ref=v1.0.0 \
     -o setup.sh
chmod +x setup.sh

# Download .env template
curl -H "Authorization: token YOUR_GITEA_TOKEN" \
     https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/.env.prod.example?ref=v1.0.0 \
     -o .env.example

4. Konfigurer Environment

# Kopier template
cp .env.example .env

# Rediger .env
nano .env

KRITISKE ÆNDRINGER:

# 1. Version
RELEASE_VERSION=v1.0.0

# 2. Gitea Token
GITHUB_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxx  # Din token fra trin 2

# 3. Database Passwords (generer stærke passwords)
POSTGRES_PASSWORD=$(openssl rand -base64 32)
DATABASE_URL=postgresql://bmc_hub_prod:${POSTGRES_PASSWORD}@postgres:5432/bmc_hub_prod

# 4. Secret Key (generer random)
SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(32))")

# 5. CORS Origins (production domain)
CORS_ORIGINS=https://hub.bmcnetworks.dk

# 5b. Stack name (used by deployment scripts for container names)
STACK_NAME=prod

# 6. e-conomic Credentials (hvis relevant)
ECONOMIC_APP_SECRET_TOKEN=xxxxx
ECONOMIC_AGREEMENT_GRANT_TOKEN=xxxxx

# 7. vTiger Credentials (hvis relevant)
VTIGER_API_KEY=xxxxx

# 8. BEHOLD SAFETY SWITCHES!
ECONOMIC_READ_ONLY=true
ECONOMIC_DRY_RUN=true
TIMETRACKING_VTIGER_READ_ONLY=true
TIMETRACKING_ECONOMIC_READ_ONLY=true

5. Kør Deployment

# Download alle filer fra Gitea
./setup.sh

# Verificer downloaded files
ls -la
# Skal se: docker-compose.yml, Dockerfile, requirements.txt, migrations/

# Build og start
podman-compose up -d --build

# Følg logs
podman-compose logs -f

6. Verificer Deployment

# Check container status
podman ps

# Expected output:
# CONTAINER ID  IMAGE                        STATUS         PORTS
# xxxxxxxxxxxx  bmc-hub:v1.0.0              Up 2 minutes   0.0.0.0:8000->8000/tcp
# xxxxxxxxxxxx  postgres:16-alpine          Up 2 minutes   0.0.0.0:5432->5432/tcp

# Test health endpoint
curl http://localhost:8000/health

# Expected:
# {"status":"healthy","database":"connected","version":"v1.0.0"}

# Test API
curl http://localhost:8000/api/v1/system/health

# Check database
podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod

# Liste tabeller
\dt

# Check sample data
SELECT * FROM customers LIMIT 5;
\q

7. Setup Reverse Proxy (SSL/HTTPS)

Med Nginx:

server {
    listen 443 ssl http2;
    server_name hub.bmcnetworks.dk;

    ssl_certificate /etc/ssl/certs/bmcnetworks.crt;
    ssl_certificate_key /etc/ssl/private/bmcnetworks.key;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Med Traefik (labels i docker-compose.yml):

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.bmc-hub.rule=Host(`hub.bmcnetworks.dk`)"
  - "traefik.http.routers.bmc-hub.entrypoints=websecure"
  - "traefik.http.routers.bmc-hub.tls.certresolver=letsencrypt"

8. Setup Backups

# Opret backup script
sudo nano /srv/podman/bmc_hub_v1.0/backup.sh

#!/bin/bash
BACKUP_DIR="/srv/backups/bmc_hub"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Backup database
podman exec bmc-hub-postgres-prod pg_dump -U bmc_hub_prod bmc_hub_prod | \
    gzip > $BACKUP_DIR/database_$DATE.sql.gz

# Backup uploads og data
tar -czf $BACKUP_DIR/files_$DATE.tar.gz /srv/podman/bmc_hub_v1.0/uploads /srv/podman/bmc_hub_v1.0/data

# Behold kun 30 dages backups
find $BACKUP_DIR -type f -mtime +30 -delete

echo "Backup completed: $DATE"

chmod +x /srv/podman/bmc_hub_v1.0/backup.sh

# Tilføj til crontab (daglig backup kl 02:00)
crontab -e
# Add: 0 2 * * * /srv/podman/bmc_hub_v1.0/backup.sh >> /srv/podman/bmc_hub_v1.0/logs/backup.log 2>&1

9. Setup Monitoring (Optional)

Uptime Kuma:

• Add monitor for: https://hub.bmcnetworks.dk/health
• Interval: 60 sekunder
• Expected keyword: "healthy"

Prometheus/Grafana:

• Se docs/MONITORING.md (hvis eksisterer)

🔄 Opdatering til Ny Version

På din Mac:

cd /Users/christianthomas/DEV/bmc_hub_dev

# Lav ændringer...
git add .
git commit -m "Feature: Add new functionality"
git push origin main

# Tag ny version
git tag v1.1.0
git push origin v1.1.0

På Production Server:

cd /srv/podman/bmc_hub_v1.0

# Backup først!
./backup.sh

# Opdater RELEASE_VERSION i .env
nano .env
# Ændr: RELEASE_VERSION=v1.1.0

# Download nye filer
./setup.sh

# Rebuild
podman-compose down
podman-compose up -d --build

# Verificer
podman-compose logs -f api
curl http://localhost:8000/health

🆘 Troubleshooting

Container Starter Ikke

# Check logs detaljeret
podman logs bmc-hub-api-prod --tail 100

# Check build logs
podman-compose build --no-cache

# Verificer .env
cat .env | grep -v "PASSWORD\|TOKEN\|SECRET"

Database Connection Fejl

# Test database connection
podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod

# Check database logs
podman logs bmc-hub-postgres-prod

# Restart database
podman-compose restart postgres

Gitea Download Fejl

# Test token manuelt
curl -H "Authorization: token YOUR_TOKEN" \
     https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/tags

# Verificer release eksisterer
curl https://g.bmcnetworks.dk/ct/bmc_hub/releases

# Check network
ping g.bmcnetworks.dk

Port Allerede I Brug

# Find hvad der bruger porten
sudo lsof -i :8000

# Ændr port i .env
nano .env
# API_PORT=8001

# Rebuild
podman-compose down
podman-compose up -d

🔙 Rollback Procedure

cd /srv/podman/bmc_hub_v1.0

# Stop services
podman-compose down

# Restore database backup
gunzip < /srv/backups/bmc_hub/database_YYYYMMDD_HHMMSS.sql.gz | \
    podman exec -i bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod

# Ændr til gammel version i .env
nano .env
# RELEASE_VERSION=v1.0.0

# Rebuild
podman-compose up -d --build

# Verificer
curl http://localhost:8000/health

📊 Post-Deployment Checks

• Health endpoint OK: curl https://hub.bmcnetworks.dk/health
• API responding: curl https://hub.bmcnetworks.dk/api/v1/system/health
• Database accessible og data intact
• Logs ser normale ud (ingen ERROR/CRITICAL)
• SSL certificate valid
• Backups kører automatisk
• Monitoring alerts konfigureret
• Safety switches aktiveret (READ_ONLY=true)
• DNS pointing til ny server (hvis relevant)
• Firewall rules konfigureret

🎯 Security Checklist

• Alle passwords ændret fra defaults
• SECRET_KEY er random og unik
• CORS_ORIGINS sat til production domain
• SSL/HTTPS aktiveret
• Firewall kun åbner 80/443 (ikke 8000 direkte)
• Database port IKKE exposed eksternt (kun internt network)
• .env fil har korrekte permissions (600)
• Gitea token har minimal scope (kun read)
• Safety switches aktiveret i .env
• Backups krypteret (hvis sensitive data)

📝 Dokumentation

• PRODUCTION_DEPLOYMENT.md - Detaljeret guide
• PRODUCTION_QUICK_START.md - Hurtig reference
• README.md - Project overview

📞 Support

Ved problemer:

• Email: ct@bmcnetworks.dk
• Gitea Issues: https://g.bmcnetworks.dk/ct/bmc_hub/issues

---

Version: 1.0
Sidst opdateret: 2025-12-17