Repository structures

Basic process

The most basic process is as follows:

Advantages are:

No one can push to node without approval
Well documented who made what changes and when
If agent operates properly, then rollback should be straightforward

There are disadvantages.

We need a different git repo for each node, or
Every node gets every change immediately

That makes testing in dev and stage difficult. We could test from a branch, but that is problematic.

Two phase process

Git_root specifies deployments, that is, what nodes get what versions of what applications. Each node reads from a repository that is dedicated to that node. The deployer system flattens the deployment instructions to explicit instructions for each node and pushes those instructions into each node's repo.

This process makes testing easy. Push deployment instructions to the test environment. If that is successful, then push instructions to deploy to more nodes.

We still maintain complete visibility of what is deployed and when by inspecting each node repo.

Remote security

Many organizations, such as manufacturing and healthcare, cannot allow direct changes to their nodes behind their firewall from the cloud. In fact, these nodes cannot directly connect to the cloud at all.

Local approval

One can even put man in the middle, although we do not see how that would improve the process.

Repository structures

Basic process​

Two phase process​

Remote security​

Local approval​

Basic process

Two phase process

Remote security

Local approval