f4e6017566
Bumps [ansible](https://github.com/ansible/ansible) from 2.9.6 to 4.2.0. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> |
||
---|---|---|
.github | ||
group_vars | ||
playbooks | ||
private | ||
roles | ||
.gitignore | ||
.python-version | ||
Pipfile | ||
Pipfile.lock | ||
README.md | ||
hosts | ||
setup-batterup.yml | ||
setup-dev.yml | ||
setup-ondeck.retry | ||
setup-ondeck.yml | ||
setup-prod.retry | ||
setup-prod.yml | ||
setup-regluit.yml |
README.md
Deploying Regluit to Production
The current provisioning setup uses Ansible to deploy code to production servers.
Pre-requisites
Before attempting to deploy, ensure you have done the following:
- git checkout https://github.com/EbookFoundation/regluit-provisioning
- create
certs
anddecrypted
directories inprivate
- Install
ansible
on your local machine - Obtain the
ansible-vault
password and save it to a file - Set the path to the
ansible-vault
file via environment variable e.g.export NSIBLE_VAULT_PASSWORD_FILE=[path]
- Create/obtain the secret key needed to SSH into the server
- (optional) Add the secret key to your ssh agent
$ ssh-agent bash $ ssh-add /path/to/secret.pem
Deploy
Deploying is as simple as running the setup-prod
ansible playbook.
Navigate to the regluit-provisioning/
directory and run the following:
$ ansible-playbook -i hosts setup-prod.yml
If you successfully completed all the pre-requisite steps, the playbook should begin running through deploy tasks and finally restart apache.
Additional Configuration
Variables and Secrets
The necessary variables are pulled from regluit-provisioning/group_vars/production/vars.yml
which in turn pulls certain secret values from vault.yml
.
The variables are split into two files to still allow for searching references in playbook tasks.
To add or view secret values, you must decrypt the file first: $ ansible-vault decrypt vault.yml
however always remember to encrypt secret files before pushing to git. This is done in a similar manner: $ ansible-vault encrypt vault.yml
.
Ansible also allows for overriding variables from the command line when running playbooks.
This is useful for ad-hoc playbook runs without editing var files.
For example, deploying code from another branch can be done as so:
$ ansible-playbook -i hosts setup-prod.yml -e git_branch=mybranch
Inventory and Groups
Currently we are using a static inventory file hosts
to define target server hosts and groups.
This means that the hosts
file must be manually updated to reflect things such as DNS changes or additional hosts being added.
In the future, the static inventory file may be replaced with a dynamic inventory solution, such as ansible's ec2 inventory script
One important aspect of the hosts
file is that it defines the groups which a host or hosts are a part of.
Currently, there is one prod host called regluit-prod
which is a member of the production
group, and another called regluit-ondeck
in the ondeck
group intended to be a build target that can be swapped in to production.
These designations are important, as the setup-prod
playbook specifically targets the regluit-prod
host, and only that host will inherit the variables in group_vars/production/
.