source: darkpeak-services/README.md @ cfcef399

ansiblekeycloakmatrixpleroma
Last change on this file since cfcef399 was cfcef399, checked in by Caolan McMahon <caolan.mcmahon@…>, 2 years ago

Add note about adding ssh public keys for root access before inital deployment

  • Property mode set to 100644
File size: 3.5 KB
Line 
1# Dark Peak Services Repo
2
3Before proceeding, make sure you've cloned this repo and initialised its submodules:
4
5    git clone caolan@git.darkpeak.org:darkpeak-services.git
6    cd darkpeak-services
7    git checkout ansible # Work done on a separate branch until we are ready to switch over from docker
8    git submodule init
9    git submodule update
10   
11## Install Ansible 2.4+
12
13The geerlingguy playbooks for postgresql and mysql (in `roles/community`) use features like `include_tasks` which were introduced in Ansible 2.4. You should make sure your ansible version is >= 2.4.
14
15### Installing a newer ansible on Debian Stretch
16
17Add the following to `sources.list` (or add a new file with the
18`.list` extension to `/etc/apt/sources.list.d/`):
19
20    deb http://ftp.uk.debian.org/debian stretch-backports main
21
22Then run:
23
24    sudo apt-get update
25    sudo apt-get install -t stretch-backports ansible
26
27## Create Your Development Playbook
28
29Make a copy of the production playbook and edit it to include only those services on which you want to work:
30
31    cp prod-playbook.yml dev-playbook.yml
32    sed -i '/mastodon/d' dev-playbook.yml # You're a damn time sink, mastodon
33
34Then set the "development_mode" variable to "true" and the "domain_name" variable to something appropriate, like "darkpeak.dev" and you are ready to go.
35
36You'll also need to replace the ansible-vault encrypted passwords with
37hard=coded development data. For example:
38
39    ttrss_postgresql_password: "correcthorsebatterystaple"
40    sabredav_mysql_password: "correcthorsebatterystaple"
41    trac_postgresql_password: "correcthorsebatterystaple"
42    mediawiki_admin_pass: "correcthorsebatterystaple"
43
44## Developing With Vagrant
45
46Run the playbook:
47
48    vagrant up --provision
49
50If using the libvirt provider, you can avoid being prompted for your password everytime by adding yourself to the appropriate group:
51
52    sudo usermod -aG libvirt $USER
53
54## Developing Without Vagrant
55
56For those that are unable to use Virtual Box due to it requiring you to disable Secure Boot, and if you cannot use libvirt as a Vagrant back-end, you can run the playbook directly at a pre-existing VM, but it needs some preparation first.
57
58Create and install a Debian VM using libvirt (at least 1Gb memory is needed):
59
60    virt-install --connect=qemu:///system --name darkpeak --arch x86_64 --vcpus 2 --memory 4096 --disk size=20 \
61      --location http://ftp.us.debian.org/debian/dists/stretch/main/installer-amd64/
62
63Copy your SSH public key into the machine:
64
65    ssh darkpeak.vm mkdir .ssh
66    scp ~/.ssh/id_vms.pub darkpeak.vm:~/.ssh/authorized_keys
67    ssh darkpeak.vm chmod 600 .ssh/authorized_keys
68
69On the VM, install sudo:
70
71    apt install sudo
72
73On the VM, add your user to the sudo group:
74
75    usermod -aG sudo $USER
76
77On the VM, grant sudoers permission to run commands unprompted by a password by adding the following line to the sudoers file:
78
79    %sudo   ALL=(ALL:ALL) NOPASSWD: ALL
80
81Run the playbook:
82
83    ansible-playbook -i darkpeak.vm, dev-playbook.yml
84
85## Testing
86
87In order to test, you will need to add hostnames to your hosts file. The TLD has to match that which you used earlier when you edited your development playbook. If you set the domain name variable to "darkpeak.dev" and you are working on the wiki and irc bouncer, for example, then add the following to your /etc/hosts file substituting your VM's IP:
88
89    192.168.33.10 wiki.darkpeak.dev irc.darkpeak.dev
90
91## Deploying to production
92
93This ansible file will disable password-based authentication, so make
94sure you add your SSH public keys to /root/.ssh/authorized_keys.
Note: See TracBrowser for help on using the repository browser.