49 lines
3.0 KiB
Markdown
49 lines
3.0 KiB
Markdown
# Deploying Regluit to Production
|
|
|
|
The current provisioning setup uses [Ansible](https://www.ansible.com/resources/get-started) to deploy code to production servers.
|
|
|
|
## Pre-requisites
|
|
Before attempting to deploy, ensure you have done the following:
|
|
1. git checkout https://github.com/EbookFoundation/regluit-provisioning
|
|
1. create `certs` and `decrypted` directories in `private`
|
|
1. Install `ansible` on your local machine
|
|
1. Obtain the `ansible-vault` password and save it to a file
|
|
1. Set the path to the `ansible-vault` file via environment variable e.g. `export NSIBLE_VAULT_PASSWORD_FILE=[path]`
|
|
1. Create/obtain the secret key needed to SSH into the server
|
|
1. (optional) Add the secret key to your ssh agent
|
|
```
|
|
$ ssh-agent bash
|
|
$ ssh-add /path/to/secret.pem
|
|
```
|
|
|
|
|
|
## Deploy
|
|
Deploying is as simple as running the `setup-prod` ansible playbook.
|
|
Navigate to the `regluit-provisioning/` directory and run the following:
|
|
```
|
|
$ ansible-playbook -i hosts setup-prod.yml
|
|
```
|
|
If you successfully completed all the pre-requisite steps, the playbook should begin running through deploy tasks and finally restart apache.
|
|
|
|
|
|
## Additional Configuration
|
|
|
|
### Variables and Secrets
|
|
The necessary variables are pulled from `regluit-provisioning/group_vars/production/vars.yml` which in turn pulls certain secret values from `vault.yml`.
|
|
The variables are split into two files to still allow for searching references in playbook tasks.
|
|
To add or view secret values, you must decrypt the file first: `$ ansible-vault decrypt vault.yml` however **always remember to encrypt secret files before pushing to git**. This is done in a similar manner: `$ ansible-vault encrypt vault.yml`.
|
|
|
|
Ansible also allows for overriding variables from the command line when running playbooks.
|
|
This is useful for ad-hoc playbook runs without editing var files.
|
|
For example, deploying code from another branch can be done as so:
|
|
`$ ansible-playbook -i hosts setup-prod.yml -e git_branch=mybranch`
|
|
|
|
### Inventory and Groups
|
|
Currently we are using a static inventory file `hosts` to define target server hosts and groups.
|
|
This means that the `hosts` file must be manually updated to reflect things such as DNS changes or additional hosts being added.
|
|
In the future, the static inventory file may be replaced with a dynamic inventory solution, such as ansible's [ec2 inventory script](http://docs.ansible.com/ansible/latest/user_guide/intro_dynamic_inventory.html#example-aws-ec2-external-inventory-script)
|
|
|
|
One important aspect of the `hosts` file is that it defines the groups which a host or hosts are a part of.
|
|
Currently, there is one prod host called `regluit-prod` which is a member of the `production` group, and another called `regluit-ondeck` in the `ondeck` group intended to be a build target that can be swapped in to production.
|
|
These designations are important, as the `setup-prod` playbook specifically targets the `regluit-prod` host, and only that host will inherit the variables in `group_vars/production/`.
|