/aws_court-booker_ansible

court-booker_headlessのAWS用ansible

Primary LanguageRuby

MyAnsibleTemplate


Preparation

  • make the account for exec ssh $ useradd deploy_user $ usermod -G wheel deploy_user $ passwd deploy_user

  • if use PasswordAuthentication

  • modify target host's/etc/ssh/sshd_config => PasswordAuthentication no -> PasswordAuthentication yes
  • add ansible.cfg => [defaults] ask_pass = True
  • if use PortForwarding
  • modify target host's/etc/ssh/sshd_config => #AllowAgentForwarding yes -> AllowAgentForwarding yes
  • If you use AWS as infrastructure, you need plus $ sudo cp -arp /home/<ec2-user or centos>/.ssh /home/deploy_user/ $ sudo chown -R deploy_user /home/deploy_user/.ssh $ sudo visudo -f /etc/sudoers.d/cloud-init deploy_user ALL = (ALL) ALL #<- 追記

  • Check this vars for your project vars/all.yml

Files

  • Playbook file : site.yml
  • Inventory files : deployment / production
  • Config file : ansible.cfg
  • under tasks always read the vars file, vars/all.yml
    • common
    • git
    • ruby
    • postgres

Check List

  • target hosts in /site.yml
  • target IP in Inventory files, /developer or /production
  • vars else in Var files, /vars/all, /vars/development or /vars/production
  • secret vars (like password) in Var files, /secrets.yml
    • how to edit
      1. $ ansible-vault decrypt secrets.yml
      2. $ vi secrets.yml
      3. $ ansible-vault encrypt secrets.yml

How to use

  • $ ansible-playbook site.yml -i development -vvvv
  • $ ansible-playbook site.yml -i development -K -vvvv --ask-vault-pass

Config

  • 対象ホストへのSSHユーザはdeploy_userとしています. 対象ホストにこのアカウントを作成してください.
  • SSH秘密鍵名はid_rsaとしています. 実行ホストに$HOME/.ssh/id_rsa, 対象ホストに/home/deploy_user/.ssh/id_rsa.pubを用意してください. ※ ansible.cfgにて設定

Appendix

  1. Select the inventory file with option -i $ ansible -i <Inventory file name> <hosts or groups name> ex. $ ansible -i development all -m ping $ ansible-playbook site.yml -i production

  2. 対象ホストに指定ユーザを作成

  • 設定したいパスワードのハッシュを作成
  • ansibleでユーザ作成 $ ansible development web -m user -a "name=tomcat_user group=wheel password=xxxxxxxxxx shell=/bin/zsh createhome=no" $ ansible development hosts -m user -a "name=testuser group=wheel password=xxxxxxxxxx shell=/bin/bash createhome=yes"