bmc_hub/DEPLOYMENT_CHECKLIST.md

# 🚀 BMC Hub - Production Deployment Checklist

## ✅ Pre-Deployment (På din Mac)

### 1. Test Lokalt
- [ ] Alle ændringer committed til Git
- [ ] Lokale tests kørt og består
- [ ] `docker-compose up` virker lokalt
- [ ] Health endpoint returnerer OK: `curl http://localhost:8001/health`

### 2. Opret Gitea Release

```bash
cd /Users/christianthomas/DEV/bmc_hub_dev

# Se nuværende tags
git tag -l

# Commit alle ændringer
git add .
git status
git commit -m "Release v1.0.0: Initial production release"

# Push til Gitea
git push origin main

# Tag release (semantic versioning: major.minor.patch)
git tag v1.0.0
git push origin v1.0.0

# Verificer på Gitea
open https://g.bmcnetworks.dk/ct/bmc_hub/releases
```

### 3. Verificer Release på Gitea
- [ ] Tag synligt på https://g.bmcnetworks.dk/ct/bmc_hub/tags
- [ ] Kan downloade archive: https://g.bmcnetworks.dk/ct/bmc_hub/archive/v1.0.0.tar.gz
- [ ] Raw files tilgængelige via API

## 🔧 Production Server Setup (Første Gang)

### 1. Forbered Server

```bash
# SSH til server
ssh user@your-server.com

# Installer Podman (hvis ikke installeret)
sudo apt update
sudo apt install -y podman podman-compose

# Eller på RHEL/CentOS
sudo dnf install -y podman podman-compose

# Verificer installation
podman --version
podman-compose --version
```

### 2. Opret Gitea Personal Access Token

- [ ] Gå til https://g.bmcnetworks.dk/user/settings/applications
- [ ] Klik "Generate New Token"
- [ ] Token navn: `BMC Hub Production`
- [ ] Scopes: ✅ `repo` (read)
- [ ] Gem token sikkert (vises kun én gang!)

### 3. Download Deployment Files

```bash
# Opret deployment directory
sudo mkdir -p /srv/podman/bmc_hub_v1.0
sudo chown $USER:$USER /srv/podman/bmc_hub_v1.0
cd /srv/podman/bmc_hub_v1.0

# Download deployment script
curl -H "Authorization: token YOUR_GITEA_TOKEN" \
     https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/scripts/deploy_production.sh?ref=v1.0.0 \
     -o setup.sh
chmod +x setup.sh

# Download .env template
curl -H "Authorization: token YOUR_GITEA_TOKEN" \
     https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/.env.prod.example?ref=v1.0.0 \
     -o .env.example
```

### 4. Konfigurer Environment

```bash
# Kopier template
cp .env.example .env

# Rediger .env
nano .env
```

**KRITISKE ÆNDRINGER:**

```bash
# 1. Version
RELEASE_VERSION=v1.0.0

# 2. Gitea Token
GITHUB_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxx  # Din token fra trin 2

# 3. Database Passwords (generer stærke passwords)
POSTGRES_PASSWORD=$(openssl rand -base64 32)
DATABASE_URL=postgresql://bmc_hub_prod:${POSTGRES_PASSWORD}@postgres:5432/bmc_hub_prod

# 4. Secret Key (generer random)
SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(32))")

# 5. CORS Origins (production domain)
CORS_ORIGINS=https://hub.bmcnetworks.dk

# 6. e-conomic Credentials (hvis relevant)
ECONOMIC_APP_SECRET_TOKEN=xxxxx
ECONOMIC_AGREEMENT_GRANT_TOKEN=xxxxx

# 7. vTiger Credentials (hvis relevant)
VTIGER_API_KEY=xxxxx

# 8. BEHOLD SAFETY SWITCHES!
ECONOMIC_READ_ONLY=true
ECONOMIC_DRY_RUN=true
TIMETRACKING_VTIGER_READ_ONLY=true
TIMETRACKING_ECONOMIC_READ_ONLY=true
```

### 5. Kør Deployment

```bash
# Download alle filer fra Gitea
./setup.sh

# Verificer downloaded files
ls -la
# Skal se: docker-compose.yml, Dockerfile, requirements.txt, migrations/

# Build og start
podman-compose up -d --build

# Følg logs
podman-compose logs -f
```

### 6. Verificer Deployment

```bash
# Check container status
podman ps

# Expected output:
# CONTAINER ID  IMAGE                        STATUS         PORTS
# xxxxxxxxxxxx  bmc-hub:v1.0.0              Up 2 minutes   0.0.0.0:8000->8000/tcp
# xxxxxxxxxxxx  postgres:16-alpine          Up 2 minutes   0.0.0.0:5432->5432/tcp

# Test health endpoint
curl http://localhost:8000/health

# Expected:
# {"status":"healthy","database":"connected","version":"v1.0.0"}

# Test API
curl http://localhost:8000/api/v1/system/health

# Check database
podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod

# Liste tabeller
\dt

# Check sample data
SELECT * FROM customers LIMIT 5;
\q
```

### 7. Setup Reverse Proxy (SSL/HTTPS)

**Med Nginx:**

```nginx
server {
    listen 443 ssl http2;
    server_name hub.bmcnetworks.dk;

    ssl_certificate /etc/ssl/certs/bmcnetworks.crt;
    ssl_certificate_key /etc/ssl/private/bmcnetworks.key;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

**Med Traefik** (labels i docker-compose.yml):

```yaml
labels:
  - "traefik.enable=true"
  - "traefik.http.routers.bmc-hub.rule=Host(`hub.bmcnetworks.dk`)"
  - "traefik.http.routers.bmc-hub.entrypoints=websecure"
  - "traefik.http.routers.bmc-hub.tls.certresolver=letsencrypt"
```

### 8. Setup Backups

```bash
# Opret backup script
sudo nano /srv/podman/bmc_hub_v1.0/backup.sh
```

```bash
#!/bin/bash
BACKUP_DIR="/srv/backups/bmc_hub"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Backup database
podman exec bmc-hub-postgres-prod pg_dump -U bmc_hub_prod bmc_hub_prod | \
    gzip > $BACKUP_DIR/database_$DATE.sql.gz

# Backup uploads og data
tar -czf $BACKUP_DIR/files_$DATE.tar.gz /srv/podman/bmc_hub_v1.0/uploads /srv/podman/bmc_hub_v1.0/data

# Behold kun 30 dages backups
find $BACKUP_DIR -type f -mtime +30 -delete

echo "Backup completed: $DATE"
```

```bash
chmod +x /srv/podman/bmc_hub_v1.0/backup.sh

# Tilføj til crontab (daglig backup kl 02:00)
crontab -e
# Add: 0 2 * * * /srv/podman/bmc_hub_v1.0/backup.sh >> /srv/podman/bmc_hub_v1.0/logs/backup.log 2>&1
```

### 9. Setup Monitoring (Optional)

**Uptime Kuma:**
- Add monitor for: `https://hub.bmcnetworks.dk/health`
- Interval: 60 sekunder
- Expected keyword: `"healthy"`

**Prometheus/Grafana:**
- Se `docs/MONITORING.md` (hvis eksisterer)

## 🔄 Opdatering til Ny Version

### På din Mac:

```bash
cd /Users/christianthomas/DEV/bmc_hub_dev

# Lav ændringer...
git add .
git commit -m "Feature: Add new functionality"
git push origin main

# Tag ny version
git tag v1.1.0
git push origin v1.1.0
```

### På Production Server:

```bash
cd /srv/podman/bmc_hub_v1.0

# Backup først!
./backup.sh

# Opdater RELEASE_VERSION i .env
nano .env
# Ændr: RELEASE_VERSION=v1.1.0

# Download nye filer
./setup.sh

# Rebuild
podman-compose down
podman-compose up -d --build

# Verificer
podman-compose logs -f api
curl http://localhost:8000/health
```

## 🆘 Troubleshooting

### Container Starter Ikke

```bash
# Check logs detaljeret
podman logs bmc-hub-api-prod --tail 100

# Check build logs
podman-compose build --no-cache

# Verificer .env
cat .env | grep -v "PASSWORD\|TOKEN\|SECRET"
```

### Database Connection Fejl

```bash
# Test database connection
podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod

# Check database logs
podman logs bmc-hub-postgres-prod

# Restart database
podman-compose restart postgres
```

### Gitea Download Fejl

```bash
# Test token manuelt
curl -H "Authorization: token YOUR_TOKEN" \
     https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/tags

# Verificer release eksisterer
curl https://g.bmcnetworks.dk/ct/bmc_hub/releases

# Check network
ping g.bmcnetworks.dk
```

### Port Allerede I Brug

```bash
# Find hvad der bruger porten
sudo lsof -i :8000

# Ændr port i .env
nano .env
# API_PORT=8001

# Rebuild
podman-compose down
podman-compose up -d
```

## 🔙 Rollback Procedure

```bash
cd /srv/podman/bmc_hub_v1.0

# Stop services
podman-compose down

# Restore database backup
gunzip < /srv/backups/bmc_hub/database_YYYYMMDD_HHMMSS.sql.gz | \
    podman exec -i bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod

# Ændr til gammel version i .env
nano .env
# RELEASE_VERSION=v1.0.0

# Rebuild
podman-compose up -d --build

# Verificer
curl http://localhost:8000/health
```

## 📊 Post-Deployment Checks

- [ ] Health endpoint OK: `curl https://hub.bmcnetworks.dk/health`
- [ ] API responding: `curl https://hub.bmcnetworks.dk/api/v1/system/health`
- [ ] Database accessible og data intact
- [ ] Logs ser normale ud (ingen ERROR/CRITICAL)
- [ ] SSL certificate valid
- [ ] Backups kører automatisk
- [ ] Monitoring alerts konfigureret
- [ ] Safety switches aktiveret (READ_ONLY=true)
- [ ] DNS pointing til ny server (hvis relevant)
- [ ] Firewall rules konfigureret

## 🎯 Security Checklist

- [ ] Alle passwords ændret fra defaults
- [ ] SECRET_KEY er random og unik
- [ ] CORS_ORIGINS sat til production domain
- [ ] SSL/HTTPS aktiveret
- [ ] Firewall kun åbner 80/443 (ikke 8000 direkte)
- [ ] Database port IKKE exposed eksternt (kun internt network)
- [ ] .env fil har korrekte permissions (600)
- [ ] Gitea token har minimal scope (kun read)
- [ ] Safety switches aktiveret i .env
- [ ] Backups krypteret (hvis sensitive data)

## 📝 Dokumentation

- [ ] [PRODUCTION_DEPLOYMENT.md](PRODUCTION_DEPLOYMENT.md) - Detaljeret guide
- [ ] [PRODUCTION_QUICK_START.md](PRODUCTION_QUICK_START.md) - Hurtig reference
- [ ] [README.md](README.md) - Project overview

## 📞 Support

Ved problemer:
- Email: ct@bmcnetworks.dk
- Gitea Issues: https://g.bmcnetworks.dk/ct/bmc_hub/issues

---

**Version:** 1.0  
**Sidst opdateret:** 2025-12-17