2020-05-01 13:40:16 +00:00
|
|
|
# Deployer: deploy your shit and make it run
|
|
|
|
|
|
|
|
So lame to have to configure nginx, MySQL, and your filesystem to install a stupid Wordpress instance.
|
|
|
|
|
|
|
|
**Deployer** does my config for me like the slave it is.
|
|
|
|
|
|
|
|
All the configuration is defined in `group_vars/all/vars.yml`, go check.
|
|
|
|
|
|
|
|
Create a side `group_vars/all/vault.yml` for your secrets, and encrypt it with Ansible Vault:
|
|
|
|
|
2020-05-01 13:41:07 +00:00
|
|
|
```bash
|
|
|
|
ansible-vault encrypt group_vars/all/vault.yml
|
|
|
|
# other sub-commands: edit, decrypt...
|
|
|
|
```
|
2020-05-01 13:40:16 +00:00
|
|
|
|
|
|
|
I usually run the following command:
|
|
|
|
|
|
|
|
ansible-playbook --ask-vault-pass sites.yml -i inventory -v
|
|
|
|
|
2020-04-09 15:29:12 +00:00
|
|
|
## Required packages on remote
|
|
|
|
|
2020-05-01 13:40:16 +00:00
|
|
|
Python modules:
|
2020-04-09 15:29:12 +00:00
|
|
|
|
|
|
|
* docker
|
|
|
|
* docker-compose
|
|
|
|
* pymysql
|
|
|
|
|
|
|
|
TODO: Ansible task to install that before the rest
|
|
|
|
|
2020-05-02 05:51:39 +00:00
|
|
|
## Features
|
2020-04-09 15:29:12 +00:00
|
|
|
|
2020-05-01 13:40:16 +00:00
|
|
|
* Creating Wordpress instances (yoohoo, da best)
|
2020-04-09 15:29:12 +00:00
|
|
|
|
2020-05-01 13:40:16 +00:00
|
|
|
* That send mail!!11!1!
|
2020-05-02 05:51:39 +00:00
|
|
|
* Supports existing and new installs
|
|
|
|
|
|
|
|
* Creating Drupal instances
|
|
|
|
|
|
|
|
* Only existing ones (no new installs)
|
2020-05-01 13:40:16 +00:00
|
|
|
|
2020-05-19 14:40:15 +00:00
|
|
|
* Create Gitea instances
|
|
|
|
|
|
|
|
* Nginx and docker-compose configurations
|
|
|
|
* Most of the work is by hand, because there is quite a lot of interaction between the host and the container (for forwarding ssh).
|
|
|
|
|
|
|
|
|
2020-05-01 13:40:16 +00:00
|
|
|
### Does not support
|
|
|
|
|
|
|
|
* Setting up the host
|
|
|
|
|
|
|
|
* SSL certificate creation (bro, do it yourself!). That is:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
# Make an nginx file for certbot
|
|
|
|
cat << EOF > /etc/nginx/sites-enabled/yoursite.com
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name www.yoursite.com yoursite.com;
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
nginx -t # Is everything alright?
|
|
|
|
# If so, restart nginx
|
|
|
|
service nginx restart
|
|
|
|
# Create the certificate
|
|
|
|
certbot certonly --webroot -w /var/www/letsencrypt -d yoursite.com -d www.yoursite.com
|
|
|
|
# Remove the stupid file
|
|
|
|
rm /etc/nginx/sites-enabled/yoursite.com
|
|
|
|
service nginx restart
|
2020-05-02 05:51:39 +00:00
|
|
|
```
|
|
|
|
|
2020-05-23 09:41:26 +00:00
|
|
|
## Misc
|
|
|
|
|
|
|
|
### Ansible
|
|
|
|
|
|
|
|
* You can create passwords/keys in templates using the following Jinja2 command:
|
|
|
|
|
|
|
|
{{ lookup('password', '/dev/null length=20') }}
|
|
|
|
|
|
|
|
See https://docs.ansible.com/ansible/latest/plugins/lookup/password.html ans https://docs.ansible.com/ansible/latest/user_guide/playbooks_lookups.html
|
|
|
|
|
|
|
|
|
|
|
|
### Useful SQL commands
|
2020-05-02 05:51:39 +00:00
|
|
|
|
|
|
|
```sql
|
|
|
|
select host, user, password from mysql.user order by user;
|
|
|
|
create user 'arvuhez'@'172.26.0.2' identified by 'kjhs';
|
|
|
|
grant all on arvuhez.* to 'arvuhez'@'172.26.0.2';
|
|
|
|
show grants for 'arvuhez'@'172.26.0.2';
|
|
|
|
```
|