i am looking for some suggestions and views related to devops enterprise architecture design for a nodejs and mongoDb application.
one of the requirement is to keep the solution at low cost, hence i have kept the number of servers in test/staging and development to a minimum, and production with a fully blown architecture.
Each environment has two zones ZONE1(dmz1) and ZONE2(dmz2), zone2 being more secure, which hosts mongodb servers. Production mongodb is a 5 node replica set, with the arbiter node on the Production environment and two members in Production DR environment, additionally the nodesjs app is loadbalanced.
questions:
- Is it a good practice to keep CI/jenkins on staging and let it deploy artifacts to both production and development?
- provided there will be no SSH access to servers in production what configuration managment strategy i should use to manage the servers and deploy application?
Ok, first of all, one of the principles that the devops culture advocates for (it actually is one of its end goals) is to minimize the gap between environments and to enable an organization to make deployments while being confident on the tests that were performed earlier, so it would be in your best interest to replicate on test/dev what you will have on production as well as you can, this being said:
It really depends on the ammount of of deployments you guys do (is 1 jenkins server going to be enough?) and the security concerns you might have (is having both production and testing networks connected via 1 servers making your security team worry?). At the end it all really depends, i've seen ci/cd pipelines implemented fully with 1 jenkins server as the main control and letting it deploy on test, perform some automatic tests and if it passes, promote the deployment to production. You can check jenkins blue ocean pipelines while on that.
When you say no ssh access, it means that people wont have accounts on those servers? or that there won't be ssh traffic/service at all? if it's the second option, i really doubt that cm tools would work at all, however, if it's the former you can set something along the lines of an ansible role on a control server (it can even be the jenkins ci server), set a ssh key for ansible to use and let it handle all the provisioning and deployment of your servers/application on production. Bear in mind that this last strategy not only automates your deployments but also enables you to automatically provision new servers whether that be for scaling your solution or disaster recovery,
I really hope my reply helps you out a little,
Cheers