diff --git a/README.md b/README.md index 20d07343fa..255e7e5822 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,8 @@ Other playbooks include: * `backup.yml` - Backup database and image files on the server to the local machine. * `rollback.yml` - Rollback the database and codebase to the previous version. * `db_transfer.yml` - Transfer the database directly from one host to another (see [Refreshing a staging server](https://github.com/openfoodfoundation/ofn-install/wiki/Refreshing-a-staging-server)) +* `setup_remote_deployment.yml` - Set up a staging server to allow remote triggering of the deploy playbook (eg from a GitHub Action) +* and more... You may want to use the [ansible option "checkrun"](http://docs.ansible.com/playbooks_checkmode.html) to do a dry-run of the playbooks. With this option, Ansible will run the playbooks, but not actually make changes on the server. diff --git a/playbooks/setup_semaphore_deployment.yml b/playbooks/setup_remote_deployment.yml similarity index 53% rename from playbooks/setup_semaphore_deployment.yml rename to playbooks/setup_remote_deployment.yml index 959842a371..90e2342784 100644 --- a/playbooks/setup_semaphore_deployment.yml +++ b/playbooks/setup_remote_deployment.yml @@ -1,8 +1,8 @@ --- -- name: setup_semaphore_deployment +- name: setup_remote_deployment hosts: ofn_servers remote_user: "{{ user }}" become: yes roles: - - role: semaphore_deployment + - role: remote_deployment diff --git a/roles/semaphore_deployment/tasks/main.yml b/roles/remote_deployment/tasks/main.yml similarity index 72% rename from roles/semaphore_deployment/tasks/main.yml rename to roles/remote_deployment/tasks/main.yml index 0df42d6786..a616c50133 100644 --- a/roles/semaphore_deployment/tasks/main.yml +++ b/roles/remote_deployment/tasks/main.yml @@ -1,4 +1,4 @@ ---- # Set up Ansible and restricted deployment user for deployment via Semaphore +--- # Set up Ansible and restricted user for deployment via CI runner (eg GitHub Actions) - name: add ansible ppa apt_repository: @@ -48,20 +48,20 @@ owner: "{{ user }}" mode: 0700 -- name: generate semaphore key pair - command: "ssh-keygen -f /home/{{ user }}/keys/semaphore -t rsa -b 4096 -C semaphore -N '' " +- name: generate deployer key pair + command: "ssh-keygen -f /home/{{ user }}/keys/deployer -t rsa -b 4096 -C deployer -N '' " args: - creates: "/home/{{ user }}/keys/semaphore.pub" + creates: "/home/{{ user }}/keys/deployer.pub" - name: copy public key slurp: - src: "/home/{{ user }}/keys/semaphore.pub" - register: semaphore_public_key + src: "/home/{{ user }}/keys/deployer.pub" + register: deployer_public_key changed_when: False -- name: add semaphore public key to deployment user's authorized_keys +- name: add deployer public key to deployment user's authorized_keys authorized_key: user: "{{ deployment_user }}" - key: "{{ semaphore_public_key.content | b64decode }}" + key: "{{ deployer_public_key.content | b64decode }}" state: present key_options: 'restrict,command="sudo /home/{{ deployment_user }}/deploy \"$SSH_ORIGINAL_COMMAND\""' diff --git a/roles/semaphore_deployment/templates/deploy.j2 b/roles/remote_deployment/templates/deploy.j2 similarity index 100% rename from roles/semaphore_deployment/templates/deploy.j2 rename to roles/remote_deployment/templates/deploy.j2 diff --git a/roles/semaphore_deployment/templates/sudoers.j2 b/roles/remote_deployment/templates/sudoers.j2 similarity index 100% rename from roles/semaphore_deployment/templates/sudoers.j2 rename to roles/remote_deployment/templates/sudoers.j2