Add deploy to staging

jump-group · Mar 14, 2024 · a9e9b2c · a9e9b2c
1 parent 451df87
commit a9e9b2c
Show file tree

Hide file tree

Showing 10 changed files with 231 additions and 1 deletion.
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
@@ -47,4 +47,10 @@ jobs:
 
     - name: Run test
       run: docker-compose run addressbook npm test
-      working-directory: src
+      working-directory: src
+
+    - name: Deploy to Staging
+      run: |
+        ansible-playbook deploy.yml -e env=staging
+      working-directory: ansible
+
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -0,0 +1,9 @@
+[defaults]
+host_key_checking = True
+log_path = /var/log/ansible.log
+force_color = True
+inventory = hosts
+
+[ssh_connection]
+ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms[email protected],[email protected],ssh-ed25519,ssh-rsa
+retries = 1
diff --git a/ansible/deploy.yml b/ansible/deploy.yml
@@ -0,0 +1,29 @@
+# yaml-language-server: $schema='none'
+
+---
+- name: Clone Repository
+  hosts: web:&{{ env }}
+  vars_files:
+    - vars/default.yml
+    - vars/users.yml
+  remote_user: "{{ web_user }}"
+  tasks:
+    - name: Remove Old Directory
+      file:
+        path: "/var/www/{{ http_host }}/giada"
+        state: absent
+
+    - name: Clone Repository
+      git:
+        repo: "{{ project_repo }}"
+        dest: "/var/www/{{ http_host }}/giada"
+        version: "{{ project_branch }}"
+        accept_hostkey: yes
+
+    #start docker compose
+    - name: Start Docker Compose
+      command: docker compose -f /var/www/{{ http_host }}/giada/docker-compose.yml up -d
+      args:
+        chdir: /var/www/{{ http_host }}/giada
+
+
diff --git a/ansible/hosts/staging.yml b/ansible/hosts/staging.yml
@@ -0,0 +1,11 @@
+all:
+  hosts:
+    staging:
+      ansible_host: 165.227.139.136
+  children:
+    staging:
+      hosts:
+        staging:
+    web:
+      hosts:
+        staging:
diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: Ensure requested groups are present
+  group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ users | sum(attribute='groups', start=[]) | list | unique }}"
+
+- name: Ensure sudo group has sudo privileges
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: "^%sudo"
+    line: "%sudo ALL=(ALL:ALL) ALL"
+    validate: "/usr/sbin/visudo -cf %s"
+
+- name: Setup users
+  user:
+    name: "{{ item.name }}"
+    group: "{{ item.groups[0] }}"
+    groups: "{{ item.groups | join(',') }}"
+    password: '{% for user in vault_users | default([]) if user.name == item.name and user.password is defined %}{{ user.password | password_hash("sha512", (user.salt | default(""))[:16] | regex_replace("[^\.\/a-zA-Z0-9]", "x")) }}{% else %}{{ "!" }}{% endfor %}'
+    state: present
+    shell: /bin/bash
+    update_password: "{{ item.update_password | default('always') }}"
+  loop: "{{ users }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Add web user sudoers items for services
+  template:
+    src: sudoers.d.j2
+    dest: "/etc/sudoers.d/{{ web_user }}-services"
+    mode: '0440'
+    owner: root
+    group: root
+    validate: "/usr/sbin/visudo -cf %s"
+  when: web_sudoers[0] is defined
+
+- name: Add user SSH keys
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
+  loop: "{{ users | default([]) | subelements('keys') }}"
+  loop_control:
+    label: "{{ item.0.name }}"
diff --git a/ansible/roles/users/templates/sudoers.d.j2 b/ansible/roles/users/templates/sudoers.d.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for service in web_sudoers %}
+{{ web_user }} ALL=(root) NOPASSWD: {{ service }}
+{% endfor %}
diff --git a/ansible/server.yml b/ansible/server.yml
@@ -0,0 +1,97 @@
+---
+
+- name: Provision Server - Add Users
+  hosts: web:&{{ env }}
+  become: true
+  remote_user: "{{ admin_user }}"
+  vars_files: 
+    - vars/users.yml
+    - vars/default.yml
+  roles:
+     - { role: users, tags: ['users', always] }
+
+
+- name: Provision Server
+  hosts: web:&{{ env }}
+  become: true
+  remote_user: "{{ admin_user }}"
+  vars_files: 
+    - vars/users.yml
+    - vars/default.yml
+  tasks:
+    - name: Install aptitude
+      apt:
+        name: aptitude
+        state: latest
+        update_cache: true
+
+    - name: Install required system packages
+      apt:
+        pkg:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - software-properties-common
+          - python3-pip
+          - virtualenv
+          - python3-setuptools
+        state: latest
+        update_cache: true
+
+    - name: Add Docker GPG apt Key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Repository
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu focal stable
+        state: present
+
+    - name: Update apt and install docker-ce
+      apt:
+        name: docker-ce
+        state: latest
+        update_cache: true
+
+    - name: Install Docker Module for Python
+      pip:
+        name: docker
+
+    - name: Install docker-compose
+      pip:
+        name: docker-compose
+        state: present
+
+    - name: Create Web Directory
+      file:
+        path: /var/www/
+        state: directory
+        owner: "{{ web_user }}"
+        group: "{{ web_group }}"
+
+    - name: Create Document root
+      file:
+        path: /var/www/{{ http_host}}
+        state: directory
+        owner: "{{ web_user }}"
+        group: "{{ web_group }}"
+
+    - name: Create docker group
+      group:
+        name: docker
+        state: present
+
+    - name: Add user to docker group
+      user:
+        name: "{{ web_user }}"
+        groups: docker
+        append: yes
+
+    # - name: Restart shell for group membership changes to take effect
+    #   command: "su -s {{ web }}"
+    #   become: yes
+    #   become_user: "{{ web_user }}"
+
+
+
diff --git a/ansible/vars/default.yml b/ansible/vars/default.yml
@@ -0,0 +1,7 @@
+---
+http_host: "ansible.sitointest.it"
+http_conf: "ansible.sitointest.it.conf"
+http_port: 80
+disable_default: true
+project_repo: "[email protected]:jump-group/devops-full-exercise.git"
+project_branch: "development"
diff --git a/ansible/vars/users.yml b/ansible/vars/users.yml
@@ -0,0 +1,20 @@
+---
+admin_user: root
+
+users:
+  - name: "{{ web_user }}"
+    groups: 
+      - "{{ web_group }}"
+    keys:
+      - https://github.com/giade.keys
+      - https://github.com/giadabot.keys
+
+  - name: "{{ admin_user }}"
+    groups: 
+      - sudo
+    keys:
+      - https://github.com/giade.keys
+      - https://github.com/giadabot.keys
+
+web_user: web
+web_group: www-data
diff --git a/src/.env b/src/.env
@@ -0,0 +1 @@
+DB_HOST=postgres