source: darkpeak-services/README.md @ 8b7e2c00

ansiblekeycloakmatrixpleroma
Last change on this file since 8b7e2c00 was 8b7e2c00, checked in by Caolan McMahon <caolan.mcmahon@…>, 2 years ago

Add deployment instructions for production

  • Property mode set to 100644
File size: 4.0 KB
Line 
1# Dark Peak Services Repo
2
3Before proceeding, make sure you've cloned this repo and initialised its submodules:
4
5    git clone caolan@git.darkpeak.org:darkpeak-services.git
6    cd darkpeak-services
7    git checkout ansible # Work done on a separate branch until we are ready to switch over from docker
8    git submodule init
9    git submodule update
10   
11## Install Ansible 2.4+
12
13The geerlingguy playbooks for postgresql and mysql (in `roles/community`) use features like `include_tasks` which were introduced in Ansible 2.4. You should make sure your ansible version is >= 2.4.
14
15### Installing a newer ansible on Debian Stretch
16
17Add the following to `sources.list` (or add a new file with the
18`.list` extension to `/etc/apt/sources.list.d/`):
19
20    deb http://ftp.uk.debian.org/debian stretch-backports main
21
22Then run:
23
24    sudo apt-get update
25    sudo apt-get install -t stretch-backports ansible
26
27## Create Your Development Playbook
28
29Make a copy of the production playbook and edit it to include only those services on which you want to work:
30
31    cp prod-playbook.yml dev-playbook.yml
32    sed -i '/mastodon/d' dev-playbook.yml # You're a damn time sink, mastodon
33
34Then set the "development_mode" variable to "true" and the "domain_name" variable to something appropriate, like "darkpeak.dev" and you are ready to go.
35
36You'll also need to replace the ansible-vault encrypted passwords with
37hard=coded development data. For example:
38
39    ttrss_postgresql_password: "correcthorsebatterystaple"
40    sabredav_mysql_password: "correcthorsebatterystaple"
41    trac_postgresql_password: "correcthorsebatterystaple"
42    mediawiki_admin_pass: "correcthorsebatterystaple"
43
44## Developing With Vagrant
45
46Run the playbook:
47
48    vagrant up --provision
49
50If using the libvirt provider, you can avoid being prompted for your password everytime by adding yourself to the appropriate group:
51
52    sudo usermod -aG libvirt $USER
53
54## Developing Without Vagrant
55
56For those that are unable to use Virtual Box due to it requiring you to disable Secure Boot, and if you cannot use libvirt as a Vagrant back-end, you can run the playbook directly at a pre-existing VM, but it needs some preparation first.
57
58Create and install a Debian VM using libvirt (at least 1Gb memory is needed):
59
60    virt-install --connect=qemu:///system --name darkpeak --arch x86_64 --vcpus 2 --memory 4096 --disk size=20 \
61      --location http://ftp.us.debian.org/debian/dists/stretch/main/installer-amd64/
62
63Copy your SSH public key into the machine:
64
65    ssh darkpeak.vm mkdir .ssh
66    scp ~/.ssh/id_vms.pub darkpeak.vm:~/.ssh/authorized_keys
67    ssh darkpeak.vm chmod 600 .ssh/authorized_keys
68
69On the VM, install sudo:
70
71    apt install sudo
72
73On the VM, add your user to the sudo group:
74
75    usermod -aG sudo $USER
76
77On the VM, grant sudoers permission to run commands unprompted by a password by adding the following line to the sudoers file:
78
79    %sudo   ALL=(ALL:ALL) NOPASSWD: ALL
80
81Run the playbook:
82
83    ansible-playbook -i darkpeak.vm, dev-playbook.yml
84
85## Testing
86
87In order to test, you will need to add hostnames to your hosts file. The TLD has to match that which you used earlier when you edited your development playbook. If you set the domain name variable to "darkpeak.dev" and you are working on the wiki and irc bouncer, for example, then add the following to your /etc/hosts file substituting your VM's IP:
88
89    192.168.33.10 wiki.darkpeak.dev irc.darkpeak.dev
90
91## Deploying to production
92
93This ansible file will disable password-based authentication, so make
94sure you add your SSH public keys to /root/.ssh/authorized_keys before
95doing the first deployment.
96
97After the first deployment you must make sure that you set `first_run`
98to `false` in `prod-playbook.yml`.
99
100Create a `hosts` file which includes the hostname(s) to deploy to, one
101per line. Copy the production SSL certificate to
102`roles/tls/files/ssl/darkpeak.org.pem` (this will not be necessary
103after we switch to Let's Encrypt).
104
105You will need the vault password and an authorized SSH key in order to
106deploy.
107
108
109    ansible-playbook -i hosts --ask-vault-pass --user root prod-playbook.yml
Note: See TracBrowser for help on using the repository browser.