Deploying Elixir apps without sudo
By DevOps on Wed 16 May 2018in
After we have deployed the new release, we restart the app to make it live:
sudo /bin/systemctl restart foo
The user account needs sufficient permissions to restart the app, though.
Instead of giving the deploy account full sudo permissions, you can make a
user-specific sudo config file which specifies what commands it can run,
deploy ALL=(ALL) NOPASSWD: /bin/systemctl start foo, /bin/systemctl stop foo, /bin/systemctl restart foo
That works ok, but it would be better if we didn't require sudo permissions at all. One option is to take advantage of the supervision provided by systemd to restart the app.
When we deploy a new release, the deploy user uploads the new code, sets up the symlink, then touches a flag file. Systemd notices and restarts the app.
See mix_deploy for examples.