Ansible
The setup and installation procedure will be done exclusively using ansible, a Python-based tool for remote control/installation of servers. The declared objective is to be able to create a production environment without logging into the server itself.
Install ansible (Controller)
The ansible install process is usually operated from a different machine (controller) than the one which shall be installed (target). We will only briefly describe the set-up of the ansible controller here.
Ansible can be installed on almost any Linux machine - a good installation overview is provided by Digital Ocean.
After installation make sure to create the hosts file in /etc/ansible. The hosts provided in this file must be named prod, dev, test respectively as the playbook uses the host names to control the installation process. Here is an example of an appropriate hosts file:
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter host names or ip addresses
# - A hostname/ip can be a member of multiple groups
[test]
192.168.100.211 ansible_user=ubuntu ansible_ssh_private_key_file=/home/ubuntu/.ssh/klhhh
[prod]
45.127.6.212:8288 ansible_user=ubuntu ansible_ssh_private_key_file=/home/ubuntu/.ssh/id_ed25519
[dev]
localhost ansible_user=ubuntu ansible_ssh_private_key_file=/home/ubuntu/.ssh/id_ed25519
[piwigo_prod]
84.235.172.73 ansible_user=ubuntu ansible_ssh_private_key_file=/home/ubuntu/.ssh/id_ed25519
[piwigo_test]
192.168.100.199 ansible_user=ubuntu ansible_ssh_private_key_file=/home/ubuntu/.ssh/id_ed25519Also make sure that the respective keys are added to ~/.ssh/authorized_hosts on the target and that this file has the appropriate permissions.
Implementation
For the implementation ansible's role concept was used, i.e., each block which needs to be installed is held in a separate folder with a standard structure. For further information see here
During installation a number of environment variables and other parameters is required. ansible Roles handle these in the directory rolename/default where a YAML file can be placed holding these variables.
If these files contain sensitive data like passwords or keys, they will be named following a distinct scheme (appname_local_vars.yml) and are added to .gitignore so that we do not expose them on GitHub. A little shell script (collect_local_vars.sh) combines all of these YAML files into an archive which can be easily stored in a safe place and re-distributed if the repository needs to be freshly installed.
The main installer script klhhh_install.yml can take a number of external variables, so that the deployment process can be controlled very granular:
- Allows to parametrize all installation directories
- Sets the timezone as defined
- Defines if containers after installation shall be automatically started
- Categorizes the servers (by their variable name) and adapts the installation process for different servers (Webserver, Piwigo Server) and environments (dev, staging, prod) accordingly
- All installation steps are properly tagged (another ansible feature) so that we can decide to install/update only specific parts of a server install