Release and Maintenance Workflow
Infra-ansible deploy workflow is downtime-aware by design:
- maintenance on
- pre-migration backup
- pull pinned images
- run migrations
- bring stack up
- smoke checks
- maintenance off
Core command
ansible-playbook -i inventory.yml playbooks/deploy.yml \
--limit <host> \
--vault-password-file .secrets/vault-pass \
-e release_id=<release_id>
Rollback posture
- app rollback: redeploy prior pinned image digests
- db rollback: restore pre-migration backup if required
Failure mode to watch
Port bind conflicts after stack_id changes usually mean stale old compose projects still running.
Stop old project cleanly, then rerun deploy.
Destructive reset
freshdb wipes volumes. Use only in explicitly approved dev/test recovery workflows.