►
From YouTube: Post-deployment Patch (hotpatch) Firedrill
Description
An SRE who has never done the process before will walk through creating the patch and applying it, from this will take a look at ways we can improve the process and the documentation.
https://docs.google.com/document/d/1SrsVEjlsS5NWSUFmbKQCEqOsCabmMyhOj3q6l4M8_h8 (doc is internal only)
A
Okay,
let's
get
started
we're
going
to
be
doing
a
post
deployment
patch
fire
drill,
and
what
this
will
be
is
a
hot
patch
that
is
going
to
be
applied
to
staging
henry
here
has
graciously
volunteered
to
be
the
person
who
applies
the
patch,
and
I
wanted
to
start
off
with
just
a
quick
introduction
of
what
hot
patching
is
and
a
little
q
a
so
first
off.
What
is
a
hotbatch
hot
patch
is
a
way
for
us
to
apply
patch
files
to
our
production
environment.
This
was
done
a
while
ago
before
we
had
kubernetes
clusters.
A
It
was
done
when
we
were
only
running
an
omnibus
and
we
created
it
because
we
needed
a
quick
way
to
get
changes
to
our
production
fleet
and
at
that
time,
that
was
even
worse
than
it
is
now
where
it
just
takes
a
very
long
time
to
build
packages
and
deploy
them
and
rolling
back
is
also
difficult.
So
that's
why
this
process
exists.
It's
gone
through
a
few
iterations.
A
This
is
the
current
iteration.
This
is
probably
the
last
iteration,
because
I
expect
this
process
to
go
away
entirely
once
we
fully
transition
to
kubernetes,
but
for
now
it's
still
something
that
we
use,
and
I
created
this
fire
drill
just
so
that
you
know
everyone
can
be
familiar
with
this
process.
We
can
put
this
recording
up
on
youtube
for
other
people
to
watch,
because
we
don't
patch
as
much
as
we
used
to
and
when
we
do
need
to
do
this.
A
lot
of
times
like
those
brain
cells
have
been
deactivated.
A
So
we
don't
really
remember
how
to
do
it.
I
want
to
start
off
with
the
q
a
this
is
actually
just
supposed
to
be
an
interactive
thing.
So
I'll
ask
the
first
question:
when
do
we
issue
a
hot
patch?
Does
anyone
have
the
answer
to
that.
B
I
can
say
on
weekends,
because
I
was
once
in
this
situation
that
we
found
a
bug
and
on
weekends,
it's
hard
to
find
enough
people
to
make
a
release
right
and
it's
a
lot
of
more
work,
so
on
weekends.
I
think
it's
more
likely
to
do
a
hot
patch
to
come
over
the
weekend
and
then
on
the
next
monday
to
have
somebody
really
prepare
release
for
the
fixes.
That
was
the
situation
I
was
once
in,
and
I
guess
also
when
we
really
need
to
hurry
up
because
releases
take
long
to
build.
C
D
C
As
as
far
as
I
know,
we
do
have
a
separate
security
patch
process
with,
like
a
private
clone
of
the
of.
A
The
most
important
repos
yeah
we
we,
I
can't
think
in
recent
memory
us
using
the
hot
batch
process,
but
it
does,
it
is
private,
so
they're
like
the
patches,
aren't
exposed
anywhere
we
used
to.
We
definitely
used
to
do
this
quite
frequently.
I
don't
think
it
just
happens
as
much
recently
because
it
used
to
be
well
right
now
it
used
to
be
that
we
didn't
deploy
our
security.
Our
security
fixes
get
deployed
to
gitlab.com
before
the
security
release
goes
out.
A
A
A
We
only
want
to
do
this
process
in
extraordinary
search
situations
not
like
for
just
getting
a
fix
out
to
get
that
quickly.
Second,
question:
does
anyone
know
at
the
top
of
their
head
what
components
were
able
to
hot
patch.
A
Yeah
and
that's
and
that's
the
answer-
we
can't
patch
anything
except
the
rails
code
base.
That's
just
the
way
that
the
batcher
works,
so
this
is
limited
to
components
that
run
rails.
Other
things
like
web
shell,
workforce
pages
cast
registry.
Those
can't
be
patched
so
it's
something
to
keep
in
mind.
C
A
We're
you
know
we're
doing
nothing
more
than
slamming
patch
files
on
our
servers
and
hupping
puma.
That's
it
and
that's
how
it
was
designed
a
long
time
ago,
we've
carried
forward
that
design
and
we're
hopefully
going
to
be
deprecating
this
thing.
So
I
don't
think
that's
going
to
change.
How
do
we
initiate
a
hot
patch.
A
Okay,
anyone,
I
think
henry
knows
but
he's
doing
the
demo.
If
no
one
else
knows.
B
E
B
To
get
informed
of
all
of
that,
and
so
my
first
answer
would
be
to
look
for
documentation
because
normally
I
would
have
been
in
situations
that
I
wouldn't
know
exactly
just
have
some
clues.
There's
some
automation
somewhere
so
finding
documentation.
And
then
I
found
that
we
need
to
run
a
chatbot
command
and
then
prepare
a
patch
and
put
it
in
the
right
directory.
A
But
the
whole
thing
is
initiated
with
shout
outs.
This
was
you
know,
implemented
recent
well
recently
like
in
the
last
year.
There
should
already
be
an
incident
open.
If
there
isn't
an
incident
open,
then
you
just
put
a
placeholder
number
for
the
instant
number,
so
we'll
show
this
later,
when
we
do
the
demo
and
where
is
the
hot
patch
documentation,
I'm
just
going
to
reveal
this
since
we
kind
of
already
answered
it.
A
This
is
in
the
release,
docs
project,
which
is
you
know,
not
where
our
other
runbooks
are,
but
if
you
go
to
our
run
books
you'll
see
a
pointer
to
this.
This
explains
the
process
for
well.
This
project
is
used
for
all
of
our
release.
Documentation.
That's
why
post
deployment
patches
lives
there.
A
This
kind
of
this
documentation
will
go
through
the
process,
both
for
the
sre
and
the
developer,
creating
the
patch,
in
this
case
henry,
is
going
to
be
doing
both
playing
the
part
of
both
the
developer
and
the
sre
and
walking
through
the
process
of
creating
a
hot
patch
for
staging.
B
For
a
hot
patch
he
was
chosen
for
not
being
prepared,
so
then
we
will
just
get
started.
I
guess
right
and
I
should
share
my
screen
sure.
Yes,
please.
B
So
how
should
we
get
the
start?
So
maybe,
let's
suppose
we
just
created
an
incident
right?
I
already
created
an
incident.
B
Right
and
I
think
we're
in
the
situation-
let's
say
I'm
the
sre
on
the
weekend,
because
during
business
days
I
probably
would
just
reach
out
to
people
and
find
somebody
who
could
do
all
of
this.
For
me
as
an.
E
B
So
in
this
case
house
is
going
because
right
now
I
would
need
to
figure
out
what's
going
wrong
and
I
need
to
figure
out
what
I
need
to
fix
right
and
that's
the
next
big
question.
I
would
have
in
this
scenario
because
it
didn't
give
this
year
right.
A
Yeah-
and
I
guess
for
the
purpose
of
this-
let's
just
assume
it's
an
s1-
I
didn't
label
it
as
an
s1
for
obvious
reasons,
but
it's
an
s1
issue
and
we
need
to
fix
some
code
in
rails.
B
B
Also
something
which
I
always
need
to
look
up
again,
because
I
forget
about
it:
I'm
not
doing
that
often
enough,
but
that's
in
most
cases
necessary.
If
we
do
this
kind
of
hot
patching
right,
we
need
to
identify
an
mr
and
in
most
cases,
just
in
my
experience,
so
that
would
be
an
important
part
to
document
and
train.
B
I
guess
yeah.
So
the
next
thing
would
be
that
I
I
know
what
to
what
code
to
change,
but
I
need
to
figure
out
how
to
get
this
into
production,
and
for
that
I
would
go
to
look
for
the
run
book
and,
as
you
mentioned,
there's
this
run
book
link.
B
But
from
that
I
could
figure
out.
There
is
actually
a
one-run
book
entry
in
our
sre
handbook
directory,
and
that
is
pointing
to
the
link
you
gave
here
in
this
documentation,
so
that
was
more
or
less
working
to
find
the
documentation
for
that.
One.
B
And
from
that
I
started
reading,
so
in
this
case
that's
also
a
problem.
I
think
you
do
hot
patches
when
you're
under
a
time
pressure.
So
right
now,
I'm
on
a
time
pressure,
there's
an
urgent
problem.
I
don't
have
many
people
to
help
me
and
I
need
to
figure
out
how
to
get
this
in
as
fast
as
possible.
But
now
I
need
to
read
all
of
this,
but
I
think
it's
still
fair,
but
it's
giving
me
the
background
information
that
I
need
for
that
mostly,
but
it's
still
a
lot
to
read.
B
So
I
would
now
spend
at
least
10
minutes
to
read
and
understand
this.
If
I
wouldn't
have
done
this
before
under
pressure.
B
A
Shift
shift
paste.
B
A
A
A
A
B
B
Now
reading
through
this,
I
think
I
need
to
prepare
patch
for
that.
I
would
need
to
go
in
the
gitlab
ee
project
and
do
some
code
change
and
then.
B
B
B
B
B
I
guess
one
of
the
last
ones
here
would
be
the
directory
for
the
release
that
we
need
to
patch.
So
so
we
want
to
patch
staging.
B
Here
I
mean
for
what
I
thought:
how
the
process
is
working,
that
the
the
patcher
would
go
through
the
different
stages
right
in
the
pipeline,
and
I
would
need
to
figure
out
what
version
we
are
running
right
now.
I
think
that
was
given
the
run
book.
B
Oh,
if
I
remember
correctly,
we
can
do
the
chat
ups
command
for
auto
deploy
status.
Yeah
it's
mentioned
even
so.
This
one.
B
A
So
just
one
comment
here:
you
can
see
that
the
chat
ops
gives
you
the
directories
in
the
response,
the
chat,
ops
command
for
creating
the
hotbatch,
but
you
don't
see
staging
there
and
the
reason
for
that
is
that
staging
is
running
the
same.
I
assume
staging
is
running
the
same
version
as
production
and
canary,
but
let's,
let's
validate
that
with
the
auto
deploy
status.
A
Right
so
so
what
we'll
need
to
do
is
use
the
canary
version,
but
this
doesn't
mean
we're
actually
going
to
patch
canary.
A
B
A
Yeah,
but
evidently
not
very
successful
at
that,
so
we
would
use
the
if,
if
we
want
to
patch
staging,
we
have
to
use
the
canary
version
because
it's
the
the
same
as
staging.
E
A
Exactly
so,
for
example,
if
you
prep
a
patch
for
if
we
were
to
keep
this
patch
for
canary,
it
eventually
would
get
applied
to
production,
because
eventually,
productions
can
be
running
the
same
version
as
canary,
which
is
why
we'll
we'll,
probably
just
roll
back
this
patch
when
we're
done.
C
A
Patches
are
not
applied
by
chef
at
all
they're
only
applied
during
deploy
they're
applied
both
by
the
post-deployment
patcher,
which
is
this
process,
and
also
by
the
regular
deploy
when
we
like
when
you,
when
you
do
a
deploy
on
production,
we'll
first
see
if
there
are
any
outstanding
patches
for
the
version
we
are
upgrading
and
if
there
are,
then
it
will
apply
those
after
the
upgrade.
A
B
I
have
to
say
that
I
wouldn't
have
looked
at
the
helpful
links
here
in
the
chat
ups
response,
because
I
anyway,
I
need
to
check
out
the
code
locally
in
my
console
right
and
I
anyway,
I
need
to
look
up
the
auto
deploy
status
to
see
in
which
environment
we
have
which
version,
and
I
would
have
taken
the
numbers
from
there
later
for
looking
through
the
right
directories.
B
If
we
go
through
staging
first,
we
need
to
get
into
this
directory
for
sure,
and
then
that
would
work
for
here
and
for
um.com.
I
would
have
thought
either.
We
don't
have
the
problem
there,
because
we
are
in
a
earlier
version
here
or
if
you
also
need
to
patch
there,
then
I
would
have
put
the
same
patch
into
this
other
directory
too
right.
That
would
have
been
my
assumption.
A
E
E
B
But
of
course
it's
just
about
versions
so
yeah.
I
think
I
would
have
gotten
it
from
the
run
book.
What
is
meant
okay,
so
we
have
this
created
for
the
hot
picture.
The
directories
to
go
on
with
that,
I
would
read
how
to
create
the
patch
actually,
and
that
would
mean
I
need
to
do
some
changes
to
gita
by
e
and
create
the
patch
out
of
that
and
that's
proposing
that
I
check
out
the
recent
release
number,
so
I
would
need
to
check
the
number
I
found
in
the
chat
ups
command.
A
Yeah,
that's
the
legacy
name
for
the
it
used
to
be.
We
had
two
projects,
one
for
gitlab
ce
and
one
for
gitlab
e.
That
was
when
we
had
the
split
and
we
would
do
merges
between
the
two.
Eventually
we
collapsed,
gitlab
e
became
git
lab,
and
then
we
had
to
get
lab
foss,
which
is
this.
The
gitlab
project,
with
all
the
non-free
code
removed.
C
It
was
a
much
worse
system
than
we
have
now
so
henry.
This
is
just
your
old
checkout
of
the
the
old
repo
I'm
guessing.
B
Maybe
so
I
need
to
go
into
the
gitlab
doctor.
You
think
sorry,
I'm
confused
with
the
versions
of.
D
A
B
B
B
Am
I
right,
I
think
so
yeah
and
I
think
also
I
just
found
this
somewhere
linked
here,
maybe
not
sure.
If
I
found
some
reference
of
ee
yeah
from
this
link
here
I
got
it.
I
think
that's.
B
Getting
to
ee
and
if
you
click
that
link,
is
it
gonna
redirect
probably
all
right
for
sure
because,
as
I
would
have
also
seen
something
else
right
now
and
that's
yeah
yeah
nice,
but
we
didn't
break
anything
so,
and
I
think
jeff
just
suggested
that
I
change
do
a
trivial
change
right
now,
which
would
be
something
like.
B
And
let's
create
a
patch
out
of
that,
there
was
a
command
for
convenience
already.
B
B
Nothing
I
didn't
commit
right.
No,
I
I
would
have
expected
to
get
a
patch
right
now.
A
I
don't
think
so,
and
the
reason
for
that
is,
you
haven't
committed
your.
I
know
you
did
all
right.
A
Do
a
git
diff
as
well,
and
that
that's
fine,
but
if
you
want
to
use
that
command
you're
going
to
need
to
commit
your
changes.
Hopefully.
A
A
The
exclusions
here
the
exclusions
here
are
just
for,
if
like
you're
picking,
if
you're
picking
an
mr
or
a
commit-
and
it
has
spec
test
updates,
you
don't
want
to
include
those
in
the
patch
because
it
won't
get
applied.
I
think
because
we
don't
include
spec
tests,
you
know
in
in
our
deployment
package.
B
So,
let's
see
where
we
are,
I
wanted
to
check
use
version
fd7,
something.
B
So
there's
nothing
inside
so
I
can
just
copy
it
into
a
file
called
patch
there.
That's
now,
my
I
don't
know
it's
and
maybe
a
better
name.
Let
me
see,
do
you
have
something
in
the
documentation
for
naming
patches
here
so
numbered?
If,
if
there
are
several
of
them
to
determine
the
order
of
the
patches,
I
patch
okay,
that
should
work
and
give
it
the
issue
number
so
should
we
say
pitchfork
match.
B
Or
I
think
it
could
be
a
lot
easier,
I
think
in
in
the
real
situation,
not
having
read
this
document
half
an
hour
ago.
I
would
be
very
stressed
right
now
and
first
read
it
two
times
and
feel
like.
I
don't
have
time
to
read
it
really.
So
that
would
stress
me
a
lot.
B
That's
a
personal
thing
for
me,
I
guess.
But
after
you
have
read
it,
it's
it's
not
not
too
hard
to
do.
I
mean
the
steps
are
not
very
difficult
once
you
figure
out,
which
are
the
right
repositories
and
checking
out
code
and
stuff.
Isn't
that
hard
and
running
the
chat
ups
commands?
So
I
think
it
would
source
me
a
lot,
and
maybe
I
would
be
good
would
take
more
time
right
now
for
that
in
a
real
incident,
but
it
would
work.
So
I
think
that's
okay,
really.
B
For
for
a
runbook,
I
think
that's
a
different
discussion.
I
I'd
like
to
have
something
without
a
lot
of
explanations,
just
steps
that
work
right
because
reading
a
lot
of
things
during
an
incident
when
you
need
it,
it's
stressful
and
taken
a
lot
of
time.
B
B
B
B
B
A
Yeah
this
is
we
can.
We
can
skip
this
because
I've
decided
not
to
we're
not
going
to
actually
apply
this
patch
to
staging
we're
just
going
to
go
up
until
the
dry
run,
because
we're
in
the
middle
of
trying
to
get
the
security
release
finished.
B
Yeah,
but
in
reality
I
would
just
need
to
set
this
the
right
now
and
yeah.
Actually,
this
project
here
right,
yeah,
it's
the
one,
I'm
playing
the
code,
not
the
one
which
is
running
the
pipelines
right:
okay,
developer,
picking
to
auto,
deploy,
okay.
A
Question
how
about
we
try
android
just
just
to
see
this
is
the
deployer
project.
B
B
Yep-
okay,
assuming
I
did
that
this
can
wait
on
a
weekend
because
there's
no
developer
here
right
now,
because
we
still
don't
have
development
escalation
on
weekends.
I
think
it
will
start
on
february.
B
A
Yeah,
usually
a
developer
is
prepping
the
patch.
Hopefully,
actually
the
developer
drives
this
process,
but
you
might
need
to
drive
it.
The
developer
spits
the
patch
and
it's
best
to
have
another
developer
review
it
if
possible,
because
it's
a
code
change
and
it's
a
code
change,
that's
going
to
go
directly
to
production,
so
normally
there
would
be
another
review.
A
C
What's
up
with
those
git
keep
additional
yeah.
A
These
are
the
other
environments
that
we're
not
changing,
so
I
this
was
kind
of
a
hacky
change.
We
made
recently
that
just
made
it
a
little
bit
easier
by
prepping
these
directories
for
you,
instead
of
having
to
create
them
yourselves,
so
chat
apps
created
these
directories.
These
are
just
the
places.
A
A
A
Before
merge,
I
prefer
not
to
merge
this,
but
instead
look
at
the
dry
run
pipeline
to
kind
of
see
what
it
looks
like
in
fact.
Can
you
just
mark
this
as
draft,
so
I.
A
A
So
maybe
this
could
be
improved
there
aren't.
There
are
two
projects:
the
engineering
project
and
the
patcher
project.
Patcher
project
is
where
the
pipelines
actually
run.
If
you
go
to
the
comments
on
the
mr
scroll
down
a
bit,
you
can
see
that
there
are
links
to
the
actual
pipeline
that
runs
on
ops.
A
A
B
B
So
I
would
have
just
checked
the
pipelines
in
the
other
project
following
the
runbook
now,
but
if
you
can
go
from
here,
this
is
the.
B
A
So
this
is
the
dry
run.
We
can
just
take
a
look
at
this.
This
is
doing
a
dry
run
against
staging
it'll.
Do
this,
even
if
you
only
prepped
the
patch
for
production,
in
which
case
it's
a
no-up
since
we're
actually
doing
a
patch
for
what's
running
on
staging,
we
should
see
interesting
output
here
in
which.
B
A
So
the
yellow
text
is
the
stuff,
that's
changing
it's
showing
you
that
it
would
have
applied
the
patch
and
what
it
does
for
the
dry
run
is
it
applies
it
in
force
check
mode
to
see
if
it
actually
would
successfully
apply
there
are.
A
If
you
see
the
where
it
says
the
following
hosts
will
have
the
patch
applied
these.
These
have
to
all
be
true,
so
the
patch
directory
has
to
exist
that
equals
true
rails
has
to
exist.
In
other
words,
the
you
know
box
we're
deploying
to
has
to
be
running
rails
and
the
patch
has
to
be
a
change
so
the
when
it
runs
it
in
dry
run.
It
will
see
if
it
actually
changes
the
file.
A
So
when
you're
troubleshooting,
if,
for
example,
you
create
a
patch
that
doesn't
seem
to
be
getting
applied,
you
can
look
at
this
debug
output,
and
you
know
you
can
see
the
reason
for
it.
It
could
be
any
one
of
those
reasons
why
it
doesn't
get
applied,
but
more
often
it's
the
patch
structure
doesn't
exist
than
the
past
directory
for
the
version
that
were
that's
running
on
the
box.
A
B
B
I
mean
this
is
a
nice
manual
here
the
run
book
itself,
so
we
can
add
more
information
to
that,
but
that
we
should
maybe
have
a
very
short
tlgr
just
with
the
steps
to
follow
as
a
run
book
too
in
these
situations.
B
But
but
I
think
I
would
have
followed
this
so
far
without
problems
great,
so
I
would
see
the
pipelines
run
and
I
think
later.
Well,
let's
let's
go
through
this,
because
this
is
the
part
which
we
just
executed
here.
E
B
As
is
an
sre,
would
you
know
run
this
now
view
the
pipelines
of
the
patch
repository
the
patches
deployed
to
canary
and
verified
advanced
the
patch
to
production
by
manual
initiating
gpro
prepare
job
okay,
but
we
anyway
only
wanted
to
go
to
canary
right
now
to
fix
it.
So
that's
not
to
be
done
now.
A
Yeah
and
we're
not
going
to
merge
this
patch
anyway,
so,
but
but
what
we
could
see
is
well
actually
before
we
do
that
maybe
go
back
to
the
pipeline,
because
I
also
want
to
show
the
kubernetes.
A
So
if
you
scroll
up
to
the
top,
what
it
does
is
it
takes
a
look
at
what
image
is
running
in
the
environment?
Pulls
the
image
creates.
A
new
docker
file
applies
the
patch
file
uploads
the
image
to
dev
and
then
triggers
a
gate's
workloads
by
blind
dry
run
and
when
you
merge
this
to
master
it'll,
actually
do
a
kubernetes
deployment.
A
This
is
a
bit
hacky,
but
it
was
the
only
way
we
could
think
of
to
unify
this
patch
file
process
where
you
create
a
patch
file,
and
then
you
want
to
create
an
image
from
the
patch
file.
B
Yeah
and
then
I
would
need
to
the
real
pipeline.
I
think
it
would
go
further
right.
A
Yeah
so
I'll
give
you
an
example
of
a
real
pipeline
in
the.
A
A
A
So
you
get
like
a
very
a
very
big
pipeline
that
has
a
bunch
of
jobs
manual
jobs
for
well.
I
think
some
of
these
are
automatic,
but
you.
A
Apply
we
apply
to
both
staging
and
production
in
the
same
stage,
and
I
think
the
way
this
works
is
that
the
productions
are
manual
and
the
stagings
are
automatic.
So
when
you,
when
you
promote
to
the
deploy
stage,
all
the
staging
jobs
will
run
and
then
you
can
also
then,
in
that
stage
you
can
hit
the
manual
jobs
for
production.
A
If
you
want
to,
you
can
wait
for
qa
to
complete,
but
it's
optional
and
the
reason
for
this
is
there
have
been
some
situations
where
we
desperately
need
to
get
a
patch
on
production,
and
we
can't
afford
to
wait
20
minutes
for
qa
to
complete
on
staging.
So
we
leave
it
up
to
the
sre
and
the
developer
to
decide
on.
B
A
Yeah,
I
think
it
is
very
dangerous.
This
whole
process
is
very
dangerous.
I
would
say,
and
that's
why
we
hopefully
will
get
rid
of
it
soon
to
make
it
safer.
I'm
not
sure
what
would
be
your
suggestion
for
making
this.
I.
A
So
if
you
were
following
the
runbook
as
it
is
right
now,
you
would
hit
the
the
gprod
prepare
stage,
which
would
then
promote
to
the
deploy
stage,
and
then
the
staging
jobs
would
run
automatically
and
then
you
would
have
to
manually
run
the
production
jobs,
but
I
don't
think
that's
that's
yeah
based
this
is
not.
This
is
not
very
clear
in
the
docs,
because
I
think
this
changed
recently.
So
we
should
update
that.
A
B
Yeah,
so
I
assume
I
was
successful,
so
everything
applied
and
was
deployed
and
things
getting
been
hubbed
and
we
fixed
the
issue
for
now.
Let's
see
what
the
runebook
is
saying
here
to
do
after
that.
B
Here
also
is
listed.
What
is
determining
what,
if
patches,
being
applied
right?
What
you
just
mentioned
before
it's
saying
that
it's
checking,
if
it's
a
real
patch
and
so
on.
A
No
front
end
as
in
javascript.
B
C
A
A
B
I
think
after
that
I
would
then
just
I
don't
know,
do
some
cleanup,
I
guess,
writing
issues
and
pinging
people
and
trying
to
make
sure
that
on
monday,
that
would
be
picked
up
as
soon
as
possible
by
release
engineers
and
developers
to
get
out
a
real
fix
and
release
and
monitoring.
If
everything
is
right
and
then
I
would
be
done
for
the
weekend
right,
yeah.
A
Nice,
great
igor,
you
have
one
question
about
safety.
Do
you
want
to
ask
it.
C
Sure
I
can
read
it
out
so
yeah
just
kind
of
the
the
risk
of
this
process,
because
we're
bypassing
a
lot
of
our
existing
pipelines
right,
we're
bypassing
our
regular
unit
tests,
we're
bypassing
all
of
ci.
B
A
Yeah
I
mean
normally,
these
changes
are
very
targeted,
so
we
haven't
had
any
problems
where
you
know
things
like
the
application
couldn't
even
run
after
applying
a
patch.
You
do
have
the
health
check.
It's
not
great,
but
it's
something
same
for
kubernetes,
where
we
have
the
same
readiness
check,
so
pods
won't
come,
you
know,
won't
come
up
if
the
readiness
fails
and
then
it
would
just
roll
back
yeah.
Our
best
bet
really
is
the
staging
qa.
That's
the
best
way
we
can
validate
things
and
that
just
takes
a
long
time.
E
I
suppose
the
other
aspect
is
this
would
hopefully
mostly
only
be
used
when
something
is
catastrophically
broken
already,
so
it
is
risky.
But
it's
kind
of
our
last
ditch
like
in
an
ideal
world
we'd
have
like
we'd,
refer
and
deploy
again.
It
would
be
a
better
one
to
go
through
the
full
pipelines
or
something
that
gives
us
a
bit
more
safety.
So
this
one
is
a
it
just
a
lot
of
risk
around
it,
so
hopefully
only
needed
to
be
used
when
things
are
like
s1
level,
broken.
A
C
Okay,
so
we've
we've
decreased
the
frequency
of
these
quite
a
bit
because
I
know
about
half
a
year
ago
we
were
doing
several
of
these
every
month.
A
Yes,
yeah,
that
is,
and
I
and
this
is
great-
it's
also
a
problem,
because
the
tooling
tends
to
break
right.
A
Which
is
one
of
the
reasons
why
we
decided
to
start
this
fire
drill,
so
what
we'll
do
is
I'm
going
to
open
up?
Some
issues
to
you
know
fix
some
of
the
things
we
discussed
and
we'll
probably
do
another
one,
but
not
for
probably
at
least
a
month.
I
think
we're
not
going
to
do
these
like
every
every
week
or
anything
like
that
cool.
I
think
we're
out
of
time.
Does
anyone
else
have
questions
before
we
wrap
up.
E
Thank
you
for
running
it
and
thanks
henry
thanks.