sgeboers
/
motief
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69 Commits
1 Branch
0 Tags
6.0 MiB
 
 
 
Tag: Branch: Tree: 445f0bfb24
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '445f0bfb24'
${ noResults }
motief/docs/deployment/ansible-package-deploy.md

42 lines
2.2 KiB
Raw Blame History

# Ansible package deploy (defaults)
This document describes the default values and recommended steps for deploying the `packages/@ansible/example` package to a server using the provided Ansible playbooks.
Defaults
- DEPLOY_HOST: `motief.sgeboers.nl`
- DEPLOY_USER: `webapps`
- Recommended systemd service name: `motief`
Secrets / environment variables
- DEPLOY_SSH_KEY: private SSH key used by CI to connect to the host
- DEPLOY_HOST: (override) host to deploy to
- DEPLOY_USER: (override) user to use for deployment (default: `webapps`)
- DEPLOY_PATH: (optional) path on the remote host to deploy the package to. If unset, the playbook will use its configured default. Set this value in CI if your installation directory differs from the playbook default.
Granting access (server-side steps)
1. As the server administrator, ensure the `webapps` user exists:
sudo useradd -m -s /bin/bash webapps
2. Create the `.ssh` directory and add the public key that matches your CI `DEPLOY_SSH_KEY`:
sudo -u webapps mkdir -p /home/webapps/.ssh
sudo -u webapps chmod 700 /home/webapps/.ssh
# paste the public key from your CI into /home/webapps/.ssh/authorized_keys
sudo -u webapps sh -c 'cat >> /home/webapps/.ssh/authorized_keys'
sudo -u webapps chmod 600 /home/webapps/.ssh/authorized_keys
3. If the playbook requires sudo operations, add the necessary sudoers entry (use with care):
echo "webapps ALL=(ALL) NOPASSWD: /bin/systemctl restart motief" | sudo tee /etc/sudoers.d/webapps-motief
Deployment notes
- The playbooks assume the above defaults. If your host, user or install path differ, set the appropriate environment variables in your CI (DEPLOY_HOST, DEPLOY_USER, DEPLOY_PATH) before running the deploy job.
- The recommended systemd service name is `motief`. If you change the service name in the playbook or systemd unit, ensure any helper scripts or CI steps refer to the same name.
Security
- Only add trusted public keys to `/home/webapps/.ssh/authorized_keys`.
- Limit sudo privileges to only the commands required for deploy/service restart.
Troubleshooting
- If the CI runner cannot connect, verify the private key in `DEPLOY_SSH_KEY` matches the public key on the server and the `DEPLOY_HOST`/`DEPLOY_USER` values are correct.