From ffa7e1a4de4a973ccf115bd83e5f730fd4c5ba1f Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jonathan@jdbernard.com>
Date: Sun, 19 May 2019 01:28:22 -0500
Subject: [PATCH] Documentation around new deployed environments.

---
 deploy/doc.md | 78 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 76 insertions(+), 2 deletions(-)

diff --git a/deploy/doc.md b/deploy/doc.md
index f165c74..5bd5325 100644
--- a/deploy/doc.md
+++ b/deploy/doc.md
@@ -1,2 +1,76 @@
-Web app is deployed to s3://personal-measure.jdbernard.com
-API is served from razgriz on https://pmapi.jdbernard.com
+### Web App Hosting (static HTML)
+
+Web app is deployed to an S3 bucket. Each top level directory in this bucket
+represents a different deployed environment. For example:
+
+    s3://pm.jdb-labs.com
+    ├── prod
+    │   ├── logs
+    │   │   └── cloudfront
+    │   └── webroot
+    │       ├── css
+    │       ├── img
+    │       ├── js
+    │       ├── index.html
+    │       └── ...
+    └── dev
+        ├── logs
+        └── webroot
+
+### API Hosting
+
+API is served from razgriz:
+* dev:  https://pmapi-dev.jdb-labs.com (:80 -> :8281)
+* prod: https://pmapi.jdb-labs.com (:80 -> :8280)
+
+#### Server Setup Notes
+
+The home folder of the `pmapi` user, like the S3 bucket, contains one folder
+for each environment:
+
+    /home/pmapi
+    ├── dev
+    │   ├── personal_measure_api
+    │   └── personal_measuer_api.config.json
+    └── prod
+        ├── personal_measure_api
+        └── personal_measuer_api.config.json
+
+As part of the automated deployment process, pmapi.jdb-labs.com has one systemd
+service definitions for each environment. The sudoers file allows the `pmapi`
+user to manage these without a password.
+
+    # Allow pmapi to manage the personal_measure_api service
+    pmapi ALL=NOPASSWD: /bin/systemctl stop personal_measure_api.prod.service
+    pmapi ALL=NOPASSWD: /bin/systemctl start personal_measure_api.prod.service
+    pmapi ALL=NOPASSWD: /bin/systemctl stop personal_measure_api.dev.service
+    pmapi ALL=NOPASSWD: /bin/systemctl start personal_measure_api.dev.service
+
+two systemd
+service definitions, one for 
+
+### Database
+
+razgriz-db.jdb-labs.com RDS instance maintains databases for each environment:
+* dev: `personal_measure_dev`
+* prod: `personal_measure`
+
+### Routing
+
+CloudFront manages the routing of all of the external facing URLs.
+
+    https://pm.jdb-labs.com (CloudFront)
+      ├── /api/<path>
+      │   └── https://pmapi.jdb-labs.com/api/
+      │       ├── nginx:80 --> nim/jester:8280
+      │       └── razgriz-db: database personal_measure
+      └── s3://pm.jdb-labs.com/prod/webroot (static HTML)
+
+    https://pm-dev.jdb-labs.com (CloudFront)
+      ├── /api/<path>
+      │   └── https://pmapi-dev.jdb-labs.com/api/
+      │       ├── nginx:80 --> nim/jester:8281
+      │       └── razgriz-db: database personal_measure_dev
+      └── s3://pm.jdb-labs.com/dev/webroot (static HTML)
+
+