# Deployment Runbook

Standard operating procedure for deploying changes to infrastructure using Ansible.

## Overview

This runbook covers the standard deployment process for configuration changes, application updates, and infrastructure modifications.

## Prerequisites

- [ ] Access to Ansible control node
- [ ] Proper credentials and SSH keys
- [ ] Vault password for target environment
- [ ] Change approval (for production)
- [ ] Backup completed (for production)

## Deployment Process

### 1. Pre-Deployment Checks

```bash
# Verify Ansible version
ansible --version

# Test inventory connectivity
ansible all -i inventories/<environment> -m ping

# Verify vault access
ansible-vault view inventories/<environment>/group_vars/all/vault.yml

# Run syntax check
ansible-playbook site.yml --syntax-check

# Dry-run (check mode)
ansible-playbook -i inventories/<environment> site.yml --check
```

### 2. Staging Deployment

```bash
# Deploy to staging environment
ansible-playbook -i inventories/staging site.yml

# Verify staging deployment
ansible-playbook -i inventories/staging playbooks/security_audit.yml --tags verify
```

### 3. Production Deployment

```bash
# Create pre-deployment backup
ansible-playbook -i inventories/production playbooks/backup.yml

# Deploy to production (gradual rollout)
ansible-playbook -i inventories/production site.yml \
  --extra-vars "maintenance_serial=25%"

# Verify production deployment
ansible-playbook -i inventories/production playbooks/security_audit.yml --tags verify
```

### 4. Post-Deployment Verification

```bash
# Verify all services running
ansible production -m shell -a "systemctl status <critical-services>"

# Check application logs
ansible production -m shell -a "tail -50 /var/log/application.log"

# Monitor system health
ansible production -m shell -a "uptime && free -h && df -h"
```

## Rollback Procedure

If deployment fails:

```bash
# Restore from backup
ansible-playbook -i inventories/production playbooks/disaster_recovery.yml \
  --limit affected_hosts \
  --extra-vars "dr_backup_date=<backup_date>"

# Verify rollback
ansible-playbook -i inventories/production site.yml --check
```

## Emergency Stop

If critical issues detected:

```bash
# Stop deployment immediately (Ctrl+C)
# Assess damage
ansible-playbook playbooks/security_audit.yml --tags assess

# Initiate rollback if needed
```

## Communication Template

```
DEPLOYMENT NOTIFICATION

Environment: [Production/Staging]
Change: [Description]
Start Time: [Time]
Expected Duration: [Duration]
Impact: [Expected impact]
Rollback Plan: [Available/Not Available]
```

## Checklist

- [ ] Pre-deployment backup completed
- [ ] Staging deployment successful
- [ ] Production change approved
- [ ] Deployment executed
- [ ] Post-deployment verification passed
- [ ] Documentation updated
- [ ] Stakeholders notified

---
**Last Updated:** 2025-11-11