sgeboers
/
motief
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
229 Commits
1 Branch
0 Tags
6.0 MiB
 
 
 
Tag: Branch: Tree: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
motief/docs/deployment/ansible-package-deploy.md

2.2 KiB
Raw Permalink Blame History

Ansible package deploy (defaults)

This document describes the default values and recommended steps for deploying the packages/@ansible/example package to a server using the provided Ansible playbooks.

Defaults

  • DEPLOY_HOST: motief.sgeboers.nl
  • DEPLOY_USER: webapps
  • Recommended systemd service name: motief

Secrets / environment variables

  • DEPLOY_SSH_KEY: private SSH key used by CI to connect to the host
  • DEPLOY_HOST: (override) host to deploy to
  • DEPLOY_USER: (override) user to use for deployment (default: webapps)
  • DEPLOY_PATH: (optional) path on the remote host to deploy the package to. If unset, the playbook will use its configured default. Set this value in CI if your installation directory differs from the playbook default.

Granting access (server-side steps)

  1. As the server administrator, ensure the webapps user exists:

    sudo useradd -m -s /bin/bash webapps

  2. Create the .ssh directory and add the public key that matches your CI DEPLOY_SSH_KEY:

    sudo -u webapps mkdir -p /home/webapps/.ssh sudo -u webapps chmod 700 /home/webapps/.ssh

    paste the public key from your CI into /home/webapps/.ssh/authorized_keys

    sudo -u webapps sh -c 'cat >> /home/webapps/.ssh/authorized_keys' sudo -u webapps chmod 600 /home/webapps/.ssh/authorized_keys

  3. If the playbook requires sudo operations, add the necessary sudoers entry (use with care):

    echo "webapps ALL=(ALL) NOPASSWD: /bin/systemctl restart motief" | sudo tee /etc/sudoers.d/webapps-motief

Deployment notes

  • The playbooks assume the above defaults. If your host, user or install path differ, set the appropriate environment variables in your CI (DEPLOY_HOST, DEPLOY_USER, DEPLOY_PATH) before running the deploy job.
  • The recommended systemd service name is motief. If you change the service name in the playbook or systemd unit, ensure any helper scripts or CI steps refer to the same name.

Security

  • Only add trusted public keys to /home/webapps/.ssh/authorized_keys.
  • Limit sudo privileges to only the commands required for deploy/service restart.

Troubleshooting

  • If the CI runner cannot connect, verify the private key in DEPLOY_SSH_KEY matches the public key on the server and the DEPLOY_HOST/DEPLOY_USER values are correct.