Skip to main content

Deployment configuration tool for Octopize Avatar platform

Project description

Octopize Avatar Deployment Tool

This package provides the octopize-deploy-tool CLI for operating a self-hosted Octopize Avatar deployment. It bundles deployment templates for each release so it works without fetching files from GitHub.

Available subcommands:

  • deploy — generates the Docker Compose configuration files needed to run the platform.
  • generate-env — generates per-component .env files for local development.
  • authentik-migrate — migrates existing user data from CSV exports into authentik, the identity provider bundled with Avatar.

Installation

Option 1 — uvx (no install required, recommended for one-shot use)

uv can run the tool directly from PyPI without a permanent install. If you don't have uv yet:

curl -LsSf https://astral.sh/uv/install.sh | sh

Then run any command directly:

uvx octopize-deploy-tool deploy --output-dir ./app/avatar

Option 2 — virtual environment

Modern Linux distributions and macOS prevent installing packages into the system Python (PEP 668 — "externally managed environment"). A virtual environment avoids that:

python -m venv .venv
source .venv/bin/activate   # Windows: .venv\Scripts\activate
pip install octopize-deploy-tool
octopize-deploy-tool deploy --output-dir ./app/avatar

Option 3 — global pip

If your system Python allows global installs:

pip install octopize-deploy-tool

Verify the CLI is available:

octopize-deploy-tool deploy --help

Docker

If you don't have Python installed, you can use the published Docker image instead.

Interactive mode

Mount a local directory to receive the generated files and pass -it for the interactive prompts:

docker run -it --rm \
  --user "$(id -u):$(id -g)" \
  -v "$(pwd)/avatar:/output" \
  quay.io/octopize/deploy-tool:latest deploy --output-dir /output

Non-interactive mode

Provide a config file via the mounted volume:

docker run --rm \
  --user "$(id -u):$(id -g)" \
  -v "$(pwd)/avatar:/output" \
  quay.io/octopize/deploy-tool:latest deploy \
    --output-dir /output/config \
    --config /output/config.yaml \
    --non-interactive

Note: For bind-mounted output directories, run the container with --user "$(id -u):$(id -g)" so generated files are owned by your host user.

Quick Start

Generate a Docker deployment configuration interactively:

octopize-deploy-tool deploy --output-dir ./app/avatar

Then start the deployment:

cd ./app/avatar
docker compose down --volumes --remove-orphans
docker compose up -d

Commands

octopize-deploy-tool deploy [options]
octopize-deploy-tool generate-env [options]
octopize-deploy-tool authentik-migrate [options]

Running the CLI without a subcommand is not supported — use --help on a subcommand:

octopize-deploy-tool deploy --help
octopize-deploy-tool generate-env --help
octopize-deploy-tool authentik-migrate --help

deploy

Use deploy to generate a full Docker Compose deployment.

Example:

octopize-deploy-tool deploy --output-dir ./app/avatar

Common deploy options:

--output-dir DIR           Output directory for generated files
--config FILE              YAML configuration file to load
--non-interactive          Run without prompts, using config/defaults
--save-config              Save the resolved configuration to deployment-config.yaml
--verbose                  Show detailed progress output
--mode {production,dev}    Generate production or dev deployment assets

generate-env

Use generate-env to create per-component .env files for local development without generating the full deployment bundle.

Example:

octopize-deploy-tool generate-env \
  --component api \
  --api-output-path ./avatar-local/api/.env \
  --component web \
  --web-output-path ./avatar-local/web/.env

Common generate-env options:

--config FILE              YAML configuration file to load
--non-interactive          Run without prompts, using config/defaults
--verbose                  Show detailed progress output
--component NAME           Generate only the selected component (repeatable; defaults to all)
--api-output-path PATH     Override the API env output path for this run
--web-output-path PATH     Override the web env output path for this run
--python-client-output-path PATH
                           Override the python_client env output path for this run
--output-path COMPONENT=PATH
                           Repeatable generic output-path override
--target NAME              Load named URLs from the environments config section
--api-url URL              Override the API URL
--storage-url URL          Override the storage public URL
--sso-url URL              Override the SSO provider URL

Non-Interactive Usage

You can provide configuration through a YAML file:

PUBLIC_URL: avatar.example.com
ENV_NAME: prod
ORGANIZATION_NAME: MyCompany

Then run:

octopize-deploy-tool deploy \
  --output-dir ./app/avatar \
  --config config.yaml \
  --non-interactive

Generated Files

The deploy command typically writes:

./app/avatar/
├── .env
├── docker-compose.yml
├── nginx/nginx.conf
├── authentik/
│   ├── octopize-avatar-blueprint.yaml
│   ├── custom-templates/
│   └── branding/
└── .secrets/

The generate-env command writes component env files directly to their resolved destinations, for example:

./avatar-local/
├── api/.env
└── web/.env

Typical Deployment Workflow

  1. Generate configuration:

    octopize-deploy-tool deploy --output-dir ./app/avatar
    
  2. Review the generated files:

    cd ./app/avatar
    cat .env
    ls -la .secrets/
    
  3. Add any required TLS certificates for production.

  4. Start the services:

    docker compose up -d
    
  5. Verify the deployment:

    docker compose ps
    docker compose logs -f
    

Troubleshooting

Bundled templates fail to provision or validate

Retry with verbose output:

octopize-deploy-tool deploy --output-dir ./app/avatar --verbose

Existing containers cause bind-mount or startup issues

Clean up old containers and volumes before retrying:

docker compose down --volumes --remove-orphans
docker compose up -d

Migrating Users to authentik

When upgrading from an older Avatar deployment that managed users directly in the Avatar API database, use octopize-deploy-tool authentik-migrate to import those users into authentik.

Overview

The tool reads three CSV exports from the Avatar database and creates the equivalent users, groups, and group assignments in authentik via its REST API:

Source CSV authentik entity
organizations.csv Groups (one per org)
licenses.csv Group attributes.license
users.csv Users with attributes.role

Users that already have an authentik_id value in the CSV are automatically skipped, making the tool safe to run incrementally.

Extracting CSV Data

Exec into the API container and export the required tables:

docker compose exec -it api bash
cd /app/avatar
python bin/dbtool.py shell

Then in the pgcli shell:

\copy (SELECT * FROM licenses) TO '/tmp/licenses.csv' WITH CSV HEADER
\copy (SELECT * FROM users) TO '/tmp/users.csv' WITH CSV HEADER
\copy (SELECT * FROM organizations) TO '/tmp/organizations.csv' WITH CSV HEADER

Usage

Dry run — preview all operations without making any changes:

octopize-deploy-tool authentik-migrate \
  --users /tmp/users.csv \
  --orgs /tmp/organizations.csv \
  --licenses /tmp/licenses.csv \
  --dry-run

Full migration — execute against a live authentik instance:

octopize-deploy-tool authentik-migrate \
  --users /tmp/users.csv \
  --orgs /tmp/organizations.csv \
  --licenses /tmp/licenses.csv \
  --authentik-url https://avatar.example.com/sso \
  --authentik-token YOUR_API_TOKEN

The authentik URL is the /sso path of your Avatar instance. The API token is generated automatically by the deploy tool and stored in the .env file.

Every run writes a JSONL log (migration_log.jsonl by default). If some operations fail, retry just the failed ones:

octopize-deploy-tool authentik-migrate \
  --from-log migration_log.jsonl \
  --failed-only \
  --authentik-url https://avatar.example.com/sso \
  --authentik-token YOUR_API_TOKEN

Getting an authentik API Token

  1. Log in to your authentik instance
  2. Navigate to AdminTokens & App passwords
  3. Create a token with the following permissions:
    • core:groups:create
    • core:users:create
    • core:groups:update (for user assignments)

Migration CLI Reference

octopize-deploy-tool authentik-migrate [options]

  --users PATH           Path to users CSV file
  --orgs PATH            Path to organizations CSV file
  --licenses PATH        Path to licenses CSV file
  --authentik-url URL    Base URL of the authentik instance
                         (e.g. https://avatar.example.com/sso)
  --authentik-token TOK  API token for authentik
  --dry-run              Preview operations without executing
  --log PATH             JSONL log output path (default: migration_log.jsonl)
  --from-log PATH        Replay operations from a previous log instead of CSV
  --failed-only          With --from-log, only replay previously-failed ops

Further Information

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

octopize_deploy_tool-2.3.1.tar.gz (468.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

octopize_deploy_tool-2.3.1-py3-none-any.whl (128.8 kB view details)

Uploaded Python 3

File details

Details for the file octopize_deploy_tool-2.3.1.tar.gz.

File metadata

  • Download URL: octopize_deploy_tool-2.3.1.tar.gz
  • Upload date:
  • Size: 468.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.15 {"installer":{"name":"uv","version":"0.11.15","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for octopize_deploy_tool-2.3.1.tar.gz
Algorithm Hash digest
SHA256 a1df3f8a18cc69fdb238db9d66d4bf01095c77911e947320d891528fcca7fde8
MD5 7f5cc39cd3180e85b9db3ce83880a9fd
BLAKE2b-256 4c0f12a0021461ebabf6d03990e5a97cb465e94b6405ca6b6347b78c094d0323

See more details on using hashes here.

File details

Details for the file octopize_deploy_tool-2.3.1-py3-none-any.whl.

File metadata

  • Download URL: octopize_deploy_tool-2.3.1-py3-none-any.whl
  • Upload date:
  • Size: 128.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.15 {"installer":{"name":"uv","version":"0.11.15","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for octopize_deploy_tool-2.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f66c858cfefa3e0bf2505a04d87aaa8e7957efa1136c7732ce8df7f17b9313ee
MD5 5f1f6e2c129c3cc9b48342dede412b5e
BLAKE2b-256 2c20a9fe4c686ce4d2a681aa15c25094f7d3661f93cf49f30812074b0c4d8c8a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page