Setup and provision a server and a development machine with ansible effortlessly.
It sets up the following:
Along with:
- SSL cerificates provided by Let’s Encrypt
- Fail2ban
It's meant to work in production and development environments (in the VM). It also provides a certain set of useful aliases.
It uses ansible-vault to manage secrets. It uses [Grive][Grive] and Google Drive for backup storage. It installs htop and iftop to monitor through CLI.
Warning: It suits my particular needs but might not be suitable for others. It is not perfect and it is not meant to be. It's also currently set up in a way that is not the most secure thing one might come up with. See [Drawbacks][#Drawbacks] for details.
It is currently used to provision the following projects:
- Movies
- Words
- IT Blog
- desecho.org
- GitHub Contrib
- Instagram Helper (It is temporarily not available to provision)
It has an initial provisioning which is run before everything else which is responsible for the base of the server. Then it has separate provisioning for each project.
It installs ipdb, yarn, git, pip, tox, isort, npm and other packages globally. Ntp is enabled. Locale is set to en_US.UTF-8
.
The backups are being run every day. The logs are in /root/logs
.
Security packages are being updated constantly automatically and if restart is required it is done right after the backup script is finished.
Install Vagrant and VirtualBox.
mkdir vm
git clone git@github.com:desecho/ansible-playbook-server.git
cp ansible-playbook-server/Vagrantfile .
vagrant plugin install vagrant-vbguest
vagrant plugin install vagrant-disksize
vagrant up
Install ubuntu by using a CD-ROM.
ssh-copy-id -i ~/.ssh/id_rsa.pub vagrant@127.0.0.1 -p 2222
ssh-add ~/.ssh/id_rsa
cp /Users/desecho/.ssh/id_rsa /Users/desecho/.vagrant.d/insecure_private_key
vagrant ssh
sudo su
echo "vagrant ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
init 0
vagrant up
vagrant ssh
ssh-keygen -t rsa -C desecho@gmail.com -N ''
cat ~/.ssh/id_rsa.pub
sudo su
ssh-keygen -t rsa -C desecho@gmail.com -N ''
cat ~/.ssh/id_rsa.pub
Add keys on the github key settings page
cd /vagrant/ansible-playbook-server
./init/provision.sh
./bootstrap.sh
./init/init_password.sh password # password for ansible-vault
./init/clone_dev.sh
./provision.sh init dev
exit
exit
vagrant ssh
provisionall
ssh-copy-id -i ~/.ssh/id_rsa.pub prod # Set up connection with your production server
ssh-copy-id -i ~/.ssh/id_rsa.pub proxy # Set up connection with your proxy server
exit
ssh-copy-id -i ~/.ssh/id_rsa.pub prod # Set up connection with your production server
ssh-copy-id -i ~/.ssh/id_rsa.pub proxy # Set up connection with your proxy server
ssh-keygen -t rsa -C desecho@gmail.com -N ''
cat ~/.ssh/id_rsa.pub
Add a key on the github key settings page
git clone git@github.com:desecho/ansible-playbook-server.git
cd /root/ansible-playbook-server
apt-get update
./init/clone_prod.sh
./init/provision.sh
./bootstrap.sh
./init/init_password.sh password # Password for ansible-vault
./provision.sh init prod # You might need to run it twice in case of an error
exit
Reconnect to the server
provisionall
Install [Dropbox Uploader][Dropbox Uploader].
curl "https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh" -o /usr/bin/dropbox_uploader.sh
chmod +x /usr/bin/dropbox_uploader.sh
Open https://www.dropbox.com/developers/apps
Click "Create app"
Select Dropbox API
Select App folder
Enter BackupDesecho
as a name
Generated access token
Run dropbox_uploader.sh
Enter access token
dropbox_uploader.sh mkdir Backups
# Full provisioning of each service
provision init
provision movies
provision words
provision site
provision blog
provision ghcontrib
provisionall
- https://requires.io/settings/repositories/
- Change makemessages2 file
- Modify init/clone_dev.sh and init/clone_prod.sh
Here is a short list of available aliases. For the full list, run ?
.
Can be run only from the "home" directory: (it is in fact /root
for root and /home/ubuntu
for ubuntu but we make it really cozy inside /vagrant
)
. workon movies
manage migrate
Aliases to be run from anywhere.
develop movies # Start development server
deploy movies # Light version of provisioning. (if there are no changes to the ansible playbook related to the project)
tox movies
makemessages movies
blogdeploy
blogpost
blogpreview
sitedeploy
- ansible-nginx
- ansible-role-fail2ban
- ansible-django
- ansible-swapfile
- ansible-role-mysql
- acme-nginx
- ansible-role-nodejs
- Grive installation
- It does not set up connection to your production server
- It does not create the ssh key
- It only uses root user to simplify things. Note: there is still ubuntu user in the VM but it is currently there only because I didn't find a way to get rid of it
- No real CI/CD
- Deployment happens manualy. It is easy to do but you still have to connect directly to the server and run commands
- Questionable backup solution
- There are a few issues which have not been resolved for the moment
- Ansible event statuses shows change in places it shouldn't do so sometimes
- It restarts nginx multiple times while provisioning
- It is not optimized.
- It breaks the server for some time while provisioning.