| 1 | # Dark Peak Services Repo |
|---|
| 2 | |
|---|
| 3 | Before proceeding, make sure you've cloned this repo and initialised its submodules: |
|---|
| 4 | |
|---|
| 5 | git clone --recurse-submodules https://git.darkpeak.org/darkpeak/darkpeak-services.git |
|---|
| 6 | cd darkpeak-services |
|---|
| 7 | |
|---|
| 8 | If you didn't use `--recurse-submodules`, then you still need to initialise the git submodules: |
|---|
| 9 | |
|---|
| 10 | git submodule init |
|---|
| 11 | git submodule update |
|---|
| 12 | |
|---|
| 13 | If you have push access to the repo then you should instead clone from `ssh://darkpeak@git.darkpeak.org/darkpeak-services.git` |
|---|
| 14 | |
|---|
| 15 | ## Install Ansible 2.4+ |
|---|
| 16 | |
|---|
| 17 | The geerlingguy playbooks for postgresql and mysql (in `roles/community`) use features like `include_tasks` which were introduced in Ansible 2.4. You should make sure your ansible version is >= 2.4. |
|---|
| 18 | |
|---|
| 19 | ### Installing a newer ansible on Debian Stretch |
|---|
| 20 | |
|---|
| 21 | Add the following to `sources.list` (or add a new file with the |
|---|
| 22 | `.list` extension to `/etc/apt/sources.list.d/`): |
|---|
| 23 | |
|---|
| 24 | deb http://ftp.uk.debian.org/debian stretch-backports main |
|---|
| 25 | |
|---|
| 26 | Then run: |
|---|
| 27 | |
|---|
| 28 | sudo apt-get update |
|---|
| 29 | sudo apt-get install -t stretch-backports ansible |
|---|
| 30 | |
|---|
| 31 | ## Create Your Development Playbook |
|---|
| 32 | |
|---|
| 33 | Make a copy of the template playbook and edit it to include only those services on which you want to work: |
|---|
| 34 | |
|---|
| 35 | cp dev-playbook-template.yml dev-playbook.yml |
|---|
| 36 | |
|---|
| 37 | Make sure the "development_mode" variable is set to "true" and the "domain_name" variable is set to the development domain "darkpeak.localhost" and you are ready to go. |
|---|
| 38 | |
|---|
| 39 | For some services you may also need to set "first_run" to "true", then immediately set it back to "false" after you've first provisioned the vm. |
|---|
| 40 | |
|---|
| 41 | ## Developing With Vagrant |
|---|
| 42 | |
|---|
| 43 | Run the playbook: |
|---|
| 44 | |
|---|
| 45 | vagrant up |
|---|
| 46 | |
|---|
| 47 | If using the libvirt provider, you can avoid being prompted for your password everytime by adding yourself to the appropriate group: |
|---|
| 48 | |
|---|
| 49 | sudo usermod -aG libvirt $USER |
|---|
| 50 | |
|---|
| 51 | If you have issues with the self-signed TLS cert see the instructions in roles/tls/files/ssl/README for how to set up a new file. |
|---|
| 52 | |
|---|
| 53 | ## Developing Without Vagrant |
|---|
| 54 | |
|---|
| 55 | For those that are unable to use Virtual Box due to it requiring you to disable Secure Boot, and if you cannot use libvirt as a Vagrant back-end, you can run the playbook directly at a pre-existing VM, but it needs some preparation first. |
|---|
| 56 | |
|---|
| 57 | Create and install a Debian VM using libvirt (at least 1Gb memory is needed): |
|---|
| 58 | |
|---|
| 59 | virt-install --connect=qemu:///system --name darkpeak --arch x86_64 --vcpus 2 --memory 4096 --disk size=20 \ |
|---|
| 60 | --location http://ftp.us.debian.org/debian/dists/buster/main/installer-amd64/ |
|---|
| 61 | |
|---|
| 62 | Copy your SSH public key into the machine: |
|---|
| 63 | |
|---|
| 64 | ssh darkpeak.vm mkdir .ssh |
|---|
| 65 | scp ~/.ssh/id_vms.pub darkpeak.vm:~/.ssh/authorized_keys |
|---|
| 66 | ssh darkpeak.vm chmod 600 .ssh/authorized_keys |
|---|
| 67 | |
|---|
| 68 | On the VM, install sudo: |
|---|
| 69 | |
|---|
| 70 | apt install sudo |
|---|
| 71 | |
|---|
| 72 | On the VM, add your user to the sudo group: |
|---|
| 73 | |
|---|
| 74 | usermod -aG sudo $USER |
|---|
| 75 | |
|---|
| 76 | On the VM, grant sudoers permission to run commands unprompted by a password by adding the following line to the sudoers file: |
|---|
| 77 | |
|---|
| 78 | %sudo ALL=(ALL:ALL) NOPASSWD: ALL |
|---|
| 79 | |
|---|
| 80 | Run the playbook: |
|---|
| 81 | |
|---|
| 82 | ansible-playbook -i darkpeak.vm, dev-playbook.yml |
|---|
| 83 | |
|---|
| 84 | ## Testing |
|---|
| 85 | |
|---|
| 86 | In order to test, you will need to add hostnames to your hosts file. The TLD has to match that which you used earlier when you edited your development playbook. If you set the domain name variable to "darkpeak.localhost" then add the following to your /etc/hosts file substituting your VM's IP: |
|---|
| 87 | |
|---|
| 88 | 192.168.33.10 darkpeak.localhost wiki.darkpeak.localhost irc.darkpeak.localhost issues.darkpeak.localhost idp.darkpeak.localhost git.darkpeak.localhost reader.darkpeak.localhost dav.darkpeak.localhost pages.darkpeak.localhost social.darkpeak.localhost |
|---|
| 89 | |
|---|
| 90 | ## Deploying to production |
|---|
| 91 | |
|---|
| 92 | This ansible file will disable password-based authentication, so make |
|---|
| 93 | sure you add your SSH public keys to /root/.ssh/authorized_keys before |
|---|
| 94 | doing the first deployment. |
|---|
| 95 | |
|---|
| 96 | After the first deployment you must make sure that you set `first_run` |
|---|
| 97 | to `false` in `prod-playbook.yml`. |
|---|
| 98 | |
|---|
| 99 | Create a `hosts` file which includes the hostname(s) to deploy to, one |
|---|
| 100 | per line. |
|---|
| 101 | |
|---|
| 102 | You will need the vault password and an authorized SSH key in order to |
|---|
| 103 | deploy. |
|---|
| 104 | |
|---|
| 105 | |
|---|
| 106 | ansible-playbook -i hosts --ask-vault-pass --user root prod-playbook.yml |
|---|
