seaweedfs/telemetry/DEPLOYMENT.md

# SeaweedFS Telemetry Server Deployment

This document describes how to deploy the SeaweedFS telemetry server to a remote server using GitHub Actions.

## Prerequisites

1. A remote Linux server with:
   - SSH access
   - systemd (for service management)
   - Optional: Prometheus and Grafana (for monitoring)

2. GitHub repository secrets configured (see [Setup GitHub Secrets](#setup-github-secrets) below):
   - `TELEMETRY_SSH_PRIVATE_KEY`: SSH private key for accessing the remote server
   - `TELEMETRY_HOST`: Remote server hostname or IP address
   - `TELEMETRY_USER`: Username for SSH access

## Setup GitHub Secrets

Before using the deployment workflow, you need to configure the required secrets in your GitHub repository.

### Step 1: Generate SSH Key Pair

On your local machine, generate a new SSH key pair specifically for deployment:

```bash
# Generate a new SSH key pair
ssh-keygen -t ed25519 -C "seaweedfs-telemetry-deploy" -f ~/.ssh/seaweedfs_telemetry_deploy

# This creates two files:
# ~/.ssh/seaweedfs_telemetry_deploy     (private key)
# ~/.ssh/seaweedfs_telemetry_deploy.pub (public key)
```

### Step 2: Configure Remote Server

Copy the public key to your remote server:

```bash
# Copy public key to remote server
ssh-copy-id -i ~/.ssh/seaweedfs_telemetry_deploy.pub user@your-server.com

# Or manually append to authorized_keys
cat ~/.ssh/seaweedfs_telemetry_deploy.pub | ssh user@your-server.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
```

Test the SSH connection:

```bash
# Test SSH connection with the new key
ssh -i ~/.ssh/seaweedfs_telemetry_deploy user@your-server.com "echo 'SSH connection successful'"
```

### Step 3: Add Secrets to GitHub Repository

1. Go to your GitHub repository
2. Click on **Settings** tab
3. In the sidebar, click **Secrets and variables** → **Actions**
4. Click **New repository secret** for each of the following:

#### TELEMETRY_SSH_PRIVATE_KEY

```bash
# Display the private key content
cat ~/.ssh/seaweedfs_telemetry_deploy
```

- **Name**: `TELEMETRY_SSH_PRIVATE_KEY`
- **Value**: Copy the entire private key content, including the `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` lines

#### TELEMETRY_HOST

- **Name**: `TELEMETRY_HOST`
- **Value**: Your server's hostname or IP address (e.g., `telemetry.example.com` or `192.168.1.100`)

#### TELEMETRY_USER

- **Name**: `TELEMETRY_USER`
- **Value**: The username on the remote server (e.g., `ubuntu`, `deploy`, or your username)

### Step 4: Verify Configuration

Create a simple test workflow or manually trigger the deployment to verify the secrets are working correctly.

### Security Best Practices

1. **Dedicated SSH Key**: Use a separate SSH key only for deployment
2. **Limited Permissions**: Create a dedicated user on the remote server with minimal required permissions
3. **Key Rotation**: Regularly rotate SSH keys
4. **Server Access**: Restrict SSH access to specific IP ranges if possible

### Example Server Setup

If you're setting up a new server, here's a basic configuration:

```bash
# On the remote server, create a dedicated user for deployment
sudo useradd -m -s /bin/bash seaweedfs-deploy
sudo usermod -aG sudo seaweedfs-deploy  # Only if sudo access is needed

# Switch to the deployment user
sudo su - seaweedfs-deploy

# Create SSH directory
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Add your public key (paste the content of seaweedfs_telemetry_deploy.pub)
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
```

### Troubleshooting

#### SSH Connection Issues

```bash
# Test SSH connection manually
ssh -i ~/.ssh/seaweedfs_telemetry_deploy -v user@your-server.com

# Check SSH key permissions
ls -la ~/.ssh/seaweedfs_telemetry_deploy*
# Should show: -rw------- for private key, -rw-r--r-- for public key
```

#### GitHub Actions Fails

1. **Check secrets**: Ensure all three secrets are properly set in GitHub
2. **Verify SSH key**: Make sure the entire private key (including headers/footers) is copied
3. **Test connectivity**: Manually SSH to the server from your local machine
4. **Check user permissions**: Ensure the remote user has necessary permissions

## GitHub Actions Workflow

The deployment workflow (`.github/workflows/deploy_telemetry.yml`) provides two main operations:

### 1. First-time Setup

Run this once to set up the remote server:

1. Go to GitHub Actions in your repository
2. Select "Deploy Telemetry Server" workflow
3. Click "Run workflow"
4. Check "Run first-time server setup"
5. Click "Run workflow"

This will:
- Create necessary directories on the remote server
- Set up systemd service configuration
- Configure log rotation
- Upload Grafana dashboard and Prometheus configuration
- Enable the telemetry service (but not start it yet)

**Note**: The setup only prepares the infrastructure. You need to run a deployment afterward to install and start the telemetry server.


### 2. Deploy Updates

To deploy updates, manually trigger deployment:
1. Go to GitHub Actions in your repository
2. Select "Deploy Telemetry Server" workflow
3. Click "Run workflow"
4. Check "Deploy telemetry server to remote server"
5. Click "Run workflow"

## Server Directory Structure

After setup, the remote server will have:

```
~/seaweedfs-telemetry/
├── bin/
│   └── telemetry-server          # Binary executable
├── logs/
│   ├── telemetry.log            # Application logs
│   └── telemetry.error.log      # Error logs
├── data/                        # Data directory (if needed)
├── grafana-dashboard.json       # Grafana dashboard configuration
└── prometheus.yml               # Prometheus configuration
```

## Service Management

The telemetry server runs as a systemd service:

```bash
# Check service status
sudo systemctl status telemetry.service

# View logs
sudo journalctl -u telemetry.service -f

# Restart service
sudo systemctl restart telemetry.service

# Stop/start service
sudo systemctl stop telemetry.service
sudo systemctl start telemetry.service
```

## Accessing the Service

After deployment, the telemetry server will be available at:

- **Dashboard**: `http://your-server:8353`
- **API**: `http://your-server:8353/api/*`
- **Metrics**: `http://your-server:8353/metrics`
- **Health Check**: `http://your-server:8353/health`

## Optional: Prometheus and Grafana Integration

### Prometheus Setup

1. Install Prometheus on your server
2. Update `/etc/prometheus/prometheus.yml` to include:
   ```yaml
   scrape_configs:
     - job_name: 'seaweedfs-telemetry'
       static_configs:
         - targets: ['localhost:8353']
       metrics_path: '/metrics'
   ```

### Grafana Setup

1. Install Grafana on your server
2. Import the dashboard from `~/seaweedfs-telemetry/grafana-dashboard.json`
3. Configure Prometheus as a data source pointing to your Prometheus instance

## Troubleshooting

### Deployment Fails

1. Check GitHub Actions logs for detailed error messages
2. Verify SSH connectivity: `ssh user@host`
3. Ensure all required secrets are configured in GitHub

### Service Won't Start

1. Check service logs: `sudo journalctl -u telemetry.service`
2. Verify binary permissions: `ls -la ~/seaweedfs-telemetry/bin/`
3. Test binary manually: `~/seaweedfs-telemetry/bin/telemetry-server -help`

### Port Conflicts

If port 8353 is already in use:

1. Edit the systemd service: `sudo systemctl edit telemetry.service`
2. Add override configuration:
   ```ini
   [Service]
   ExecStart=
   ExecStart=/home/user/seaweedfs-telemetry/bin/telemetry-server -port=8354
   ```
3. Reload and restart: `sudo systemctl daemon-reload && sudo systemctl restart telemetry.service`

## Security Considerations

1. **Firewall**: Consider restricting access to telemetry ports
2. **SSH Keys**: Use dedicated SSH keys with minimal permissions
3. **User Permissions**: Run the service as a non-privileged user
4. **Network**: Consider running on internal networks only

## Monitoring

Monitor the deployment and service health:

- **GitHub Actions**: Check workflow runs for deployment status
- **System Logs**: `sudo journalctl -u telemetry.service`
- **Application Logs**: `tail -f ~/seaweedfs-telemetry/logs/telemetry.log`
- **Health Endpoint**: `curl http://localhost:8353/health`
- **Metrics**: `curl http://localhost:8353/metrics`