e78000831e
Hearth is the infrastructure home for the letemcook ecosystem. Ported from coherence-mcp/infra: - Terraform modules (VPC, EKS, IAM, NLB, S3, storage) - Kubernetes manifests (Forgejo, ingress, cert-manager, karpenter) - Deployment scripts (phased rollout) Status: Not deployed. EKS cluster needs to be provisioned. Next steps: 1. Bootstrap terraform backend 2. Deploy phase 1 (foundation) 3. Deploy phase 2 (core services including Forgejo) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
239 lines
6.7 KiB
Bash
Executable file
239 lines
6.7 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
#
|
|
# Full Infrastructure Deployment (RFC 0044)
|
|
#
|
|
# Deploys all phases in order with validation between each phase.
|
|
# This is the recommended way to perform a complete infrastructure rollout.
|
|
#
|
|
# Usage:
|
|
# ./deploy-all.sh [--dry-run] [--skip-validation] [--start-phase <1-5>]
|
|
#
|
|
# Prerequisites:
|
|
# - AWS CLI configured with appropriate credentials
|
|
# - Terraform >= 1.6.0
|
|
# - kubectl
|
|
# - Helm 3.x
|
|
#
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
# Flags
|
|
DRY_RUN=false
|
|
SKIP_VALIDATION=false
|
|
START_PHASE=1
|
|
|
|
# Parse arguments
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
--dry-run)
|
|
DRY_RUN=true
|
|
shift
|
|
;;
|
|
--skip-validation)
|
|
SKIP_VALIDATION=true
|
|
shift
|
|
;;
|
|
--start-phase)
|
|
START_PHASE="$2"
|
|
shift 2
|
|
;;
|
|
-h|--help)
|
|
echo "Usage: $0 [--dry-run] [--skip-validation] [--start-phase <1-5>]"
|
|
echo ""
|
|
echo "Options:"
|
|
echo " --dry-run Show what would be done without making changes"
|
|
echo " --skip-validation Skip validation between phases (not recommended)"
|
|
echo " --start-phase <N> Start from phase N (for resuming failed deployments)"
|
|
exit 0
|
|
;;
|
|
*)
|
|
echo -e "${RED}Unknown option: $1${NC}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
log_info() {
|
|
echo -e "${BLUE}[INFO]${NC} $1"
|
|
}
|
|
|
|
log_success() {
|
|
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
|
}
|
|
|
|
log_warn() {
|
|
echo -e "${YELLOW}[WARN]${NC} $1"
|
|
}
|
|
|
|
log_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
run_phase() {
|
|
local phase="$1"
|
|
local script="$2"
|
|
local validation="$3"
|
|
|
|
echo ""
|
|
echo "========================================"
|
|
echo "Starting Phase $phase"
|
|
echo "========================================"
|
|
echo ""
|
|
|
|
# Run deployment
|
|
local args=()
|
|
if [ "$DRY_RUN" = true ]; then
|
|
args+=("--dry-run")
|
|
fi
|
|
|
|
if [ -x "$script" ]; then
|
|
"$script" "${args[@]}"
|
|
else
|
|
log_error "Deployment script not found or not executable: $script"
|
|
exit 1
|
|
fi
|
|
|
|
# Run validation
|
|
if [ "$SKIP_VALIDATION" = false ] && [ -x "$validation" ]; then
|
|
echo ""
|
|
log_info "Running validation for Phase $phase..."
|
|
if ! "$validation"; then
|
|
log_error "Phase $phase validation failed"
|
|
echo ""
|
|
echo "Options:"
|
|
echo " 1. Fix the issues and re-run: $0 --start-phase $phase"
|
|
echo " 2. Skip validation: $0 --skip-validation --start-phase $phase"
|
|
echo " 3. Rollback: ./rollback.sh --phase $phase"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Tag successful deployment
|
|
if [ "$DRY_RUN" = false ]; then
|
|
log_info "Tagging Phase $phase deployment..."
|
|
local tag_name="v0.${phase}.0-phase${phase}"
|
|
local tag_message="Phase ${phase}: $(get_phase_name "$phase")"
|
|
git tag -a "$tag_name" -m "$tag_message" 2>/dev/null || log_warn "Tag $tag_name already exists"
|
|
fi
|
|
|
|
log_success "Phase $phase complete"
|
|
}
|
|
|
|
get_phase_name() {
|
|
case "$1" in
|
|
1) echo "Foundation Infrastructure" ;;
|
|
2) echo "Core Services" ;;
|
|
3) echo "DNS and Email" ;;
|
|
4) echo "Observability" ;;
|
|
5) echo "E2EE Webmail" ;;
|
|
*) echo "Unknown" ;;
|
|
esac
|
|
}
|
|
|
|
main() {
|
|
echo "========================================"
|
|
echo "Full Infrastructure Deployment"
|
|
echo "RFC 0044: Infrastructure Rollout Guide"
|
|
echo "========================================"
|
|
echo ""
|
|
echo "This script will deploy all infrastructure phases in order:"
|
|
echo " Phase 1: Foundation Infrastructure (RFC 0039)"
|
|
echo " Phase 2: Core Services (RFC 0040)"
|
|
echo " Phase 3: DNS and Email (RFC 0041)"
|
|
echo " Phase 4: Observability (RFC 0042)"
|
|
echo " Phase 5: E2EE Webmail (RFC 0043) [optional]"
|
|
echo ""
|
|
|
|
if [ "$DRY_RUN" = true ]; then
|
|
log_warn "Running in DRY-RUN mode - no changes will be made"
|
|
echo ""
|
|
fi
|
|
|
|
if [ "$START_PHASE" -gt 1 ]; then
|
|
log_info "Starting from Phase $START_PHASE"
|
|
echo ""
|
|
fi
|
|
|
|
# Track start time
|
|
local start_time
|
|
start_time=$(date +%s)
|
|
|
|
# Phase 1: Foundation
|
|
if [ "$START_PHASE" -le 1 ]; then
|
|
run_phase 1 "$SCRIPT_DIR/deploy-phase1-foundation.sh" "$SCRIPT_DIR/validate-phase1.sh"
|
|
fi
|
|
|
|
# Phase 2: Core Services
|
|
if [ "$START_PHASE" -le 2 ]; then
|
|
run_phase 2 "$SCRIPT_DIR/deploy-phase2-core-services.sh" "$SCRIPT_DIR/validate-phase2.sh"
|
|
fi
|
|
|
|
# Phase 3: DNS and Email
|
|
if [ "$START_PHASE" -le 3 ]; then
|
|
run_phase 3 "$SCRIPT_DIR/deploy-phase3-dns-email.sh" "$SCRIPT_DIR/validate-phase3.sh"
|
|
fi
|
|
|
|
# Phase 4: Observability
|
|
if [ "$START_PHASE" -le 4 ]; then
|
|
run_phase 4 "$SCRIPT_DIR/deploy-phase4-observability.sh" "$SCRIPT_DIR/validate-phase4.sh"
|
|
fi
|
|
|
|
# Phase 5: E2EE Webmail (optional)
|
|
if [ "$START_PHASE" -le 5 ]; then
|
|
echo ""
|
|
log_info "Phase 5 (E2EE Webmail) is optional."
|
|
read -p "Deploy Phase 5? (yes/no): " deploy_phase5
|
|
if [ "$deploy_phase5" = "yes" ]; then
|
|
run_phase 5 "$SCRIPT_DIR/deploy-phase5-e2ee-webmail.sh" "$SCRIPT_DIR/validate-phase5.sh"
|
|
else
|
|
log_info "Skipping Phase 5"
|
|
fi
|
|
fi
|
|
|
|
# Calculate duration
|
|
local end_time
|
|
end_time=$(date +%s)
|
|
local duration=$((end_time - start_time))
|
|
local minutes=$((duration / 60))
|
|
local seconds=$((duration % 60))
|
|
|
|
# Final release tag
|
|
if [ "$DRY_RUN" = false ]; then
|
|
log_info "Creating final release tag..."
|
|
git tag -a "v1.0.0" -m "Initial Release: Full Infrastructure Stack" 2>/dev/null || log_warn "Tag v1.0.0 already exists"
|
|
fi
|
|
|
|
echo ""
|
|
echo "========================================"
|
|
log_success "Full Infrastructure Deployment Complete!"
|
|
echo "========================================"
|
|
echo ""
|
|
echo "Deployment Summary:"
|
|
echo " Duration: ${minutes}m ${seconds}s"
|
|
echo " Phases deployed: $(($START_PHASE > 1 ? 6 - $START_PHASE : 5))"
|
|
echo ""
|
|
echo "Post-Deployment Checklist:"
|
|
echo " [ ] All Prometheus targets UP"
|
|
echo " [ ] No firing alerts in Alertmanager"
|
|
echo " [ ] Grafana dashboards showing data"
|
|
echo " [ ] CockroachDB cluster healthy (3 nodes)"
|
|
echo " [ ] Vault unsealed and HA"
|
|
echo " [ ] Keycloak SSO working for all services"
|
|
echo " [ ] DNS resolving correctly"
|
|
echo " [ ] Email sending/receiving works"
|
|
echo " [ ] Backups running"
|
|
echo ""
|
|
echo "Documentation:"
|
|
echo " - Runbooks: $SCRIPT_DIR/../runbooks/"
|
|
echo " - RFC 0044: Infrastructure Rollout Guide"
|
|
}
|
|
|
|
main "$@"
|