ansible playbooks for Unglue.it
 
 
Go to file
eric d2ad1eb6c4 at last fix notices! 2021-02-11 13:11:18 -05:00
.github Create FUNDING.yml 2019-11-08 14:16:55 -05:00
group_vars remove goodreads 2021-01-13 15:27:43 -05:00
playbooks remove old cert stuff 2019-01-31 14:27:28 -05:00
private major update to py3! 2020-03-02 17:05:56 -05:00
roles at last fix notices! 2021-02-11 13:11:18 -05:00
.gitignore ignore decrypted 2019-01-31 14:26:39 -05:00
.python-version major update to py3! 2020-03-02 17:05:56 -05:00
Pipfile update ansible and fix acme scripts 2020-04-27 17:30:14 -04:00
Pipfile.lock update ansible and fix acme scripts 2020-04-27 17:30:14 -04:00
README.md final touches 2019-01-31 14:29:02 -05:00
hosts major update to py3! 2020-03-02 17:05:56 -05:00
setup-batterup.yml major update to py3! 2020-03-02 17:05:56 -05:00
setup-dev.yml at last fix notices! 2021-02-11 13:11:18 -05:00
setup-ondeck.retry moved from regluit 2018-06-11 11:46:29 -04:00
setup-ondeck.yml major update to py3! 2020-03-02 17:05:56 -05:00
setup-prod.retry moved from regluit 2018-06-11 11:46:29 -04:00
setup-prod.yml tweaks 2020-03-04 11:31:51 -05:00
setup-regluit.yml moved from regluit 2018-06-11 11:46:29 -04:00

README.md

Deploying Regluit to Production

The current provisioning setup uses Ansible to deploy code to production servers.

Pre-requisites

Before attempting to deploy, ensure you have done the following:

  1. git checkout https://github.com/EbookFoundation/regluit-provisioning
  2. create certs and decrypted directories in private
  3. Install ansible on your local machine
  4. Obtain the ansible-vault password and save it to a file
  5. Set the path to the ansible-vault file via environment variable e.g. export NSIBLE_VAULT_PASSWORD_FILE=[path]
  6. Create/obtain the secret key needed to SSH into the server
  7. (optional) Add the secret key to your ssh agent
    $ ssh-agent bash
    $ ssh-add /path/to/secret.pem
    

Deploy

Deploying is as simple as running the setup-prod ansible playbook.
Navigate to the regluit-provisioning/ directory and run the following:

$ ansible-playbook -i hosts setup-prod.yml

If you successfully completed all the pre-requisite steps, the playbook should begin running through deploy tasks and finally restart apache.

Additional Configuration

Variables and Secrets

The necessary variables are pulled from regluit-provisioning/group_vars/production/vars.yml which in turn pulls certain secret values from vault.yml.
The variables are split into two files to still allow for searching references in playbook tasks. To add or view secret values, you must decrypt the file first: $ ansible-vault decrypt vault.yml however always remember to encrypt secret files before pushing to git. This is done in a similar manner: $ ansible-vault encrypt vault.yml.

Ansible also allows for overriding variables from the command line when running playbooks.
This is useful for ad-hoc playbook runs without editing var files.
For example, deploying code from another branch can be done as so:
$ ansible-playbook -i hosts setup-prod.yml -e git_branch=mybranch

Inventory and Groups

Currently we are using a static inventory file hosts to define target server hosts and groups.
This means that the hosts file must be manually updated to reflect things such as DNS changes or additional hosts being added.
In the future, the static inventory file may be replaced with a dynamic inventory solution, such as ansible's ec2 inventory script

One important aspect of the hosts file is that it defines the groups which a host or hosts are a part of.
Currently, there is one prod host called regluit-prod which is a member of the production group, and another called regluit-ondeck in the ondeck group intended to be a build target that can be swapped in to production. These designations are important, as the setup-prod playbook specifically targets the regluit-prod host, and only that host will inherit the variables in group_vars/production/.