This repository holds Ansible playbooks and roles for configuring Python 3 & Django servers. You should be able to clone the repository and follow these steps to get a server up and running; this has been tested with Digital Ocean droplets, and can be adapted to other infrastructures as well.
These instructions assume the following:
- You have a working knowledge of how SSH keypairs work.
- You have a Django project to deploy. You can deploy it with a Django app such as Django SSH Deployer.
The destination server will need to be kickstarted with Ubuntu 20.04; be sure you've uploaded your public key to Digital Ocean, and included it during droplet creation. Be sure to copy the commands below line-by-line; some command require interaction, and if you're learning, it will help you figure out what each command does.
- First, log in as root to your freshly created Digital Ocean droplet
- Then, create a service account to run Ansible. I'll call this service account user
ansible_deploy
, but feel free to name it something different. If you name it something different, you'll want to change it inansible.cfg
as well. Here are the command to create the user:
adduser --disabled-password --gecos "" ansible_deploy
usermod -aG sudo ansible_deploy
chmod 640 /etc/sudoers
Then edit /etc/sudoers
. Find this line:
%sudo ALL=(ALL:ALL) ALL
...and change it to:
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
Then let's become the ansible_deploy
user, and generate keys:
su - ansible_deploy
ssh-keygen -b 4096
After issuing the ssh-keygen
command, hit enter three times to use the defaults. You will then need to add your public key from your host control machine to ansible_deploy
's authorized keys in ~/.ssh/authorized_keys
:
echo "ssh-ed25519 AAAADummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDu you@yourdomain.com" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
exit
We'll want to create a separate service user account with less privileges to deploy your Django project. I'll call this account web_deploy
, but you can choose whatever name you like. The echo
command will add your public key from your host control machine, just like it did for ansible_deploy
.
adduser --disabled-password --gecos "" web_deploy
usermod -aG www-data web_deploy
su - web_deploy
ssh-keygen -b 4096
ssh-keygen -t ed25519
echo "ssh-ed25519 AAAADummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDu you@yourdomain.com" >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
cat .ssh/id_ed25519.pub
Then copy your id_ed25519.pub
key as a deployment key. Under GitHub, this is found under your repository, Settings
, Deploy Keys
. After adding the key, make sure you can clone your repository to your home directory. This will also allow you to add your version control host's RSA key fingerprint, required the first time you connect.
Now, let's ensure we can connect as our service accounts from our control machine, and that our web deployment account can connect to our code repository. In this example, I'll test whether we can connect to GitHub.
# Connect to your Digital Ocean Droplet server as the Ansible service user
ssh ansible_deploy@yourserver.com
# Exit back to your control machine
exit
# Connect to your Digital Ocean Droplet server as the web service user
ssh web_deploy@yourserver.com
# Connect from your Digital Ocean Droplet server to GitHub to test your deployment key
ssh git@github.com
You should see something like this; type yes
to add the key permanently:
web_deploy@ubuntu-django-prod-1:~$ ssh git@github.com
The authenticity of host 'github.com (140.82.114.4)' can't be established.
RSA key fingerprint is SHA256:DummyDummyDummyDummyDummyDummyDummyDummyDum.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com' (RSA) to the list of known hosts.
PTY allocation request failed on channel 0
Hi YourUsername/YourSite! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
Your server is now ready to go! We can now built the server with Ansible and deploy our code.
Clone this repository.
git clone git@github.com:YourUsername/ansible-ubuntu18-python3-django.git
cd ansible-ubuntu18-python3-django.git
Edit the inventory
file and add the destination servers.
[web_py]
dev.yourserver.com
123.34.56.789
Edit the ansible.cfg
file and change the remote_user
to the one you created above on the destination server.
remote_user = ansible_deploy
Deploy the server:
ansible-playbook playbooks/web-py.yml
NOTE: if you're using Vagrant, you may get an error about the config file being world-writable due to Vagrant's shared folders. You can issue commands with an environment variable as a work-around:
ANSIBLE_CONFIG=./ansible.cfg ansible-playbook playbooks/web-py.yml
Show some servers:
ansible ubuntu_20 --list-hosts
ansible web_py --list-hosts
Run some commands; shell
is required for arguments and shell functions (command
runs without the target user's shell):
ansible all -m command -a uptime -i inventory
ansible all -m shell -oa 'ps -eaf'
ansible ubuntu_18 -m copy -a 'content="Welcome to your server, Ansiblized.\n" dest=/etc/motd' -u apache --become --become-user root
Documentation: list help section, show documentation for specific command (with examples!):
ansible-doc -l
ansible-doc yum