deployments

Noah called with a question while you were out. I took a message, but it was lost in the flood. I figured you could call him back when it stopped raining, which it did at last!

My own private atlantis had its deployment debut yesterday. I renewed the blog SSL certificate on my workstation, saving the key and certificate in their own private directory nested beneath corrina/files. In a separate directory, ovid/manifests, I added a Lua module with these definitions:

coroutine.yield(
   atlantis.v1.fs.file {
      name = "etc/ssl/certs/yieldsfalsehood.com.pem",
      mode = "0644",
      contents = atlantis.v1.res.file(
         "letsencrypt/live/yieldsfalsehood.com/fullchain.pem"
      )
   }
)

coroutine.yield(
   atlantis.v1.fs.file {
      name = "etc/ssl/private/yieldsfalsehood.com.key",
      mode = "0600",
      contents = atlantis.v1.res.file(
         "letsencrypt/live/yieldsfalsehood.com/privkey.pem"
      )
   }
)

To tie the manifests and files together I ran something like this in a directory with access to both ovid and corrina:

$ python -m atlantis.trident \
         ursula \
             -P ovid/manifests/?.lua -P "" -P "" \
             -m www.ssl \
         tar \
             -F corrina/files \
      | ssh node1 \
            tar -C / -xvf -
etc/ssl/certs/yieldsfalsehood.com.pem
etc/ssl/private/yieldsfalsehood.com.key

I had to login manually afterwards to reload the web server, which I should be able to capture once krabs is calcified. Hail, Atlantis!