The current provisioning setup uses Ansible to deploy code to production servers.
Before attempting to deploy, ensure you have done the following:
- git checkout https://github.com/EbookFoundation/regluit-provisioning
- create
certsanddecrypteddirectories inprivate - Install
ansibleon your local machine - Obtain the
ansible-vaultpassword and save it to a file - Set the path to the
ansible-vaultfile via environment variable e.g.export NSIBLE_VAULT_PASSWORD_FILE=[path] - Create/obtain the secret key needed to SSH into the server
- (optional) Add the secret key to your ssh agent
$ ssh-agent bash $ ssh-add /path/to/secret.pem
Deploying is as simple as running the setup-prod ansible playbook.
Navigate to the regluit-provisioning/ directory and run the following:
$ ansible-playbook -i hosts setup-prod.yml
If you successfully completed all the pre-requisite steps, the playbook should begin running through deploy tasks and finally restart apache.
The necessary variables are pulled from regluit-provisioning/group_vars/production/vars.yml which in turn pulls certain secret values from vault.yml.
The variables are split into two files to still allow for searching references in playbook tasks.
To add or view secret values, you must decrypt the file first: $ ansible-vault decrypt vault.yml however always remember to encrypt secret files before pushing to git. This is done in a similar manner: $ ansible-vault encrypt vault.yml.
Ansible also allows for overriding variables from the command line when running playbooks.
This is useful for ad-hoc playbook runs without editing var files.
For example, deploying code from another branch can be done as so:
$ ansible-playbook -i hosts setup-prod.yml -e git_branch=mybranch
Currently we are using a static inventory file hosts to define target server hosts and groups.
This means that the hosts file must be manually updated to reflect things such as DNS changes or additional hosts being added.
In the future, the static inventory file may be replaced with a dynamic inventory solution, such as ansible's ec2 inventory script
One important aspect of the hosts file is that it defines the groups which a host or hosts are a part of.
Currently, there is one prod host called regluit-prod which is a member of the production group, and another called regluit-ondeck in the ondeck group intended to be a build target that can be swapped in to production.
These designations are important, as the setup-prod playbook specifically targets the regluit-prod host, and only that host will inherit the variables in group_vars/production/.