ct/bmc_hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a8eaf6e2a9
bmc_hub/DEPLOYMENT_CHECKLIST.md
Christian e772311a86 Release v2.2.2: sync safety hardening
2026-02-22 03:27:40 +01:00

422 lines
9.2 KiB
Markdown
Raw Blame History

# 🚀 BMC Hub - Production Deployment Checklist
## ✅ Pre-Deployment (På din Mac)
### 1. Test Lokalt
- [ ] Alle ændringer committed til Git
- [ ] Lokale tests kørt og består
- [ ] `docker-compose up` virker lokalt
- [ ] Health endpoint returnerer OK: `curl http://localhost:8001/health`
### 2. Opret Gitea Release
```bash
cd /Users/christianthomas/DEV/bmc_hub_dev
# Se nuværende tags
git tag -l
# Commit alle ændringer
git add .
git status
git commit -m "Release v1.0.0: Initial production release"
# Push til Gitea
git push origin main
# Tag release (semantic versioning: major.minor.patch)
git tag v1.0.0
git push origin v1.0.0
# Verificer på Gitea
open https://g.bmcnetworks.dk/ct/bmc_hub/releases
```
### 3. Verificer Release på Gitea
- [ ] Tag synligt på https://g.bmcnetworks.dk/ct/bmc_hub/tags
- [ ] Kan downloade archive: https://g.bmcnetworks.dk/ct/bmc_hub/archive/v1.0.0.tar.gz
- [ ] Raw files tilgængelige via API
## 🔧 Production Server Setup (Første Gang)
### 1. Forbered Server
```bash
# SSH til server
ssh user@your-server.com
# Installer Podman (hvis ikke installeret)
sudo apt update
sudo apt install -y podman podman-compose
# Eller på RHEL/CentOS
sudo dnf install -y podman podman-compose
# Verificer installation
podman --version
podman-compose --version
```
### 2. Opret Gitea Personal Access Token
- [ ] Gå til https://g.bmcnetworks.dk/user/settings/applications
- [ ] Klik "Generate New Token"
- [ ] Token navn: `BMC Hub Production`
- [ ] Scopes: ✅ `repo` (read)
- [ ] Gem token sikkert (vises kun én gang!)
### 3. Download Deployment Files
```bash
# Opret deployment directory
sudo mkdir -p /srv/podman/bmc_hub_v1.0
sudo chown $USER:$USER /srv/podman/bmc_hub_v1.0
cd /srv/podman/bmc_hub_v1.0
# Download deployment script
curl -H "Authorization: token YOUR_GITEA_TOKEN" \
https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/scripts/deploy_production.sh?ref=v1.0.0 \
-o setup.sh
chmod +x setup.sh
# Download .env template
curl -H "Authorization: token YOUR_GITEA_TOKEN" \
https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/.env.prod.example?ref=v1.0.0 \
-o .env.example
```
### 4. Konfigurer Environment
```bash
# Kopier template
cp .env.example .env
# Rediger .env
nano .env
```
**KRITISKE ÆNDRINGER:**
```bash
# 1. Version
RELEASE_VERSION=v1.0.0
# 2. Gitea Token
GITHUB_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxx # Din token fra trin 2
# 3. Database Passwords (generer stærke passwords)
POSTGRES_PASSWORD=$(openssl rand -base64 32)
DATABASE_URL=postgresql://bmc_hub_prod:${POSTGRES_PASSWORD}@postgres:5432/bmc_hub_prod
# 4. Secret Key (generer random)
SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(32))")
# 5. CORS Origins (production domain)
CORS_ORIGINS=https://hub.bmcnetworks.dk
# 5b. Stack name (used by deployment scripts for container names)
STACK_NAME=prod
# 6. e-conomic Credentials (hvis relevant)
ECONOMIC_APP_SECRET_TOKEN=xxxxx
ECONOMIC_AGREEMENT_GRANT_TOKEN=xxxxx
# 7. vTiger Credentials (hvis relevant)
VTIGER_API_KEY=xxxxx
# 8. BEHOLD SAFETY SWITCHES!
ECONOMIC_READ_ONLY=true
ECONOMIC_DRY_RUN=true
TIMETRACKING_VTIGER_READ_ONLY=true
TIMETRACKING_ECONOMIC_READ_ONLY=true
```
### 5. Kør Deployment
```bash
# Download alle filer fra Gitea
./setup.sh
# Verificer downloaded files
ls -la
# Skal se: docker-compose.yml, Dockerfile, requirements.txt, migrations/
# Build og start
podman-compose up -d --build
# Følg logs
podman-compose logs -f
```
### 6. Verificer Deployment
```bash
# Check container status
podman ps
# Expected output:
# CONTAINER ID IMAGE STATUS PORTS
# xxxxxxxxxxxx bmc-hub:v1.0.0 Up 2 minutes 0.0.0.0:8000->8000/tcp
# xxxxxxxxxxxx postgres:16-alpine Up 2 minutes 0.0.0.0:5432->5432/tcp
# Test health endpoint
curl http://localhost:8000/health
# Expected:
# {"status":"healthy","database":"connected","version":"v1.0.0"}
# Test API
curl http://localhost:8000/api/v1/system/health
# Check database
podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod
# Liste tabeller
\dt
# Check sample data
SELECT * FROM customers LIMIT 5;
\q
```
### 7. Setup Reverse Proxy (SSL/HTTPS)
**Med Nginx:**
```nginx
server {
listen 443 ssl http2;
server_name hub.bmcnetworks.dk;
ssl_certificate /etc/ssl/certs/bmcnetworks.crt;
ssl_certificate_key /etc/ssl/private/bmcnetworks.key;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
**Med Traefik** (labels i docker-compose.yml):
```yaml
labels:
- "traefik.enable=true"
- "traefik.http.routers.bmc-hub.rule=Host(`hub.bmcnetworks.dk`)"
- "traefik.http.routers.bmc-hub.entrypoints=websecure"
- "traefik.http.routers.bmc-hub.tls.certresolver=letsencrypt"
```
### 8. Setup Backups
```bash
# Opret backup script
sudo nano /srv/podman/bmc_hub_v1.0/backup.sh
```
```bash
#!/bin/bash
BACKUP_DIR="/srv/backups/bmc_hub"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# Backup database
podman exec bmc-hub-postgres-prod pg_dump -U bmc_hub_prod bmc_hub_prod | \
gzip > $BACKUP_DIR/database_$DATE.sql.gz
# Backup uploads og data
tar -czf $BACKUP_DIR/files_$DATE.tar.gz /srv/podman/bmc_hub_v1.0/uploads /srv/podman/bmc_hub_v1.0/data
# Behold kun 30 dages backups
find $BACKUP_DIR -type f -mtime +30 -delete
echo "Backup completed: $DATE"
```
```bash
chmod +x /srv/podman/bmc_hub_v1.0/backup.sh
# Tilføj til crontab (daglig backup kl 02:00)
crontab -e
# Add: 0 2 * * * /srv/podman/bmc_hub_v1.0/backup.sh >> /srv/podman/bmc_hub_v1.0/logs/backup.log 2>&1
```
### 9. Setup Monitoring (Optional)
**Uptime Kuma:**
- Add monitor for: `https://hub.bmcnetworks.dk/health`
- Interval: 60 sekunder
- Expected keyword: `"healthy"`
**Prometheus/Grafana:**
- Se `docs/MONITORING.md` (hvis eksisterer)
## 🔄 Opdatering til Ny Version
### På din Mac:
```bash
cd /Users/christianthomas/DEV/bmc_hub_dev
# Lav ændringer...
git add .
git commit -m "Feature: Add new functionality"
git push origin main
# Tag ny version
git tag v1.1.0
git push origin v1.1.0
```
### På Production Server:
```bash
cd /srv/podman/bmc_hub_v1.0
# Backup først!
./backup.sh
# Opdater RELEASE_VERSION i .env
nano .env
# Ændr: RELEASE_VERSION=v1.1.0
# Download nye filer
./setup.sh
# Rebuild
podman-compose down
podman-compose up -d --build
# Verificer
podman-compose logs -f api
curl http://localhost:8000/health
```
## 🆘 Troubleshooting
### Container Starter Ikke
```bash
# Check logs detaljeret
podman logs bmc-hub-api-prod --tail 100
# Check build logs
podman-compose build --no-cache
# Verificer .env
cat .env | grep -v "PASSWORD\|TOKEN\|SECRET"
```
### Database Connection Fejl
```bash
# Test database connection
podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod
# Check database logs
podman logs bmc-hub-postgres-prod
# Restart database
podman-compose restart postgres
```
### Gitea Download Fejl
```bash
# Test token manuelt
curl -H "Authorization: token YOUR_TOKEN" \
https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/tags
# Verificer release eksisterer
curl https://g.bmcnetworks.dk/ct/bmc_hub/releases
# Check network
ping g.bmcnetworks.dk
```
### Port Allerede I Brug
```bash
# Find hvad der bruger porten
sudo lsof -i :8000
# Ændr port i .env
nano .env
# API_PORT=8001
# Rebuild
podman-compose down
podman-compose up -d
```
## 🔙 Rollback Procedure
```bash
cd /srv/podman/bmc_hub_v1.0
# Stop services
podman-compose down
# Restore database backup
gunzip < /srv/backups/bmc_hub/database_YYYYMMDD_HHMMSS.sql.gz | \
podman exec -i bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod
# Ændr til gammel version i .env
nano .env
# RELEASE_VERSION=v1.0.0
# Rebuild
podman-compose up -d --build
# Verificer
curl http://localhost:8000/health
```
## 📊 Post-Deployment Checks
- [ ] Health endpoint OK: `curl https://hub.bmcnetworks.dk/health`
- [ ] API responding: `curl https://hub.bmcnetworks.dk/api/v1/system/health`
- [ ] Database accessible og data intact
- [ ] Logs ser normale ud (ingen ERROR/CRITICAL)
- [ ] SSL certificate valid
- [ ] Backups kører automatisk
- [ ] Monitoring alerts konfigureret
- [ ] Safety switches aktiveret (READ_ONLY=true)
- [ ] DNS pointing til ny server (hvis relevant)
- [ ] Firewall rules konfigureret
## 🎯 Security Checklist
- [ ] Alle passwords ændret fra defaults
- [ ] SECRET_KEY er random og unik
- [ ] CORS_ORIGINS sat til production domain
- [ ] SSL/HTTPS aktiveret
- [ ] Firewall kun åbner 80/443 (ikke 8000 direkte)
- [ ] Database port IKKE exposed eksternt (kun internt network)
- [ ] .env fil har korrekte permissions (600)
- [ ] Gitea token har minimal scope (kun read)
- [ ] Safety switches aktiveret i .env
- [ ] Backups krypteret (hvis sensitive data)
## 📝 Dokumentation
- [ ] [PRODUCTION_DEPLOYMENT.md](PRODUCTION_DEPLOYMENT.md) - Detaljeret guide
- [ ] [PRODUCTION_QUICK_START.md](PRODUCTION_QUICK_START.md) - Hurtig reference
- [ ] [README.md](README.md) - Project overview
## 📞 Support
Ved problemer:
- Email: ct@bmcnetworks.dk
- Gitea Issues: https://g.bmcnetworks.dk/ct/bmc_hub/issues
---
**Version:** 1.0
**Sidst opdateret:** 2025-12-17
Reference in New Issue View Git Blame Copy Permalink