Skip to content

Instantly share code, notes, and snippets.

@jasperf

jasperf/ansible-hosts-tips.md

Last active May 24, 2017 06:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jasperf/0be4439bbda9a324dd24e7300f357eb4 to your computer and use it in GitHub Desktop.
Save jasperf/0be4439bbda9a324dd24e7300f357eb4 to your computer and use it in GitHub Desktop.
Download ZIP
Tips on using https://github.com/jasperf/stedding playbooks to set up Laravel friendly server
Raw
ansible-hosts-tips.md

Web User

Using a playbook you can do it this way:

- name: Sudo user Creation
  hosts: web
  remote_user: root
  tasks:
    - name: create sudo user
      user: name="{{base_user}}"
          state=present
          createhome=yes
          groups="sudo"
          append=yes
          shell=/bin/bash
          comment="Comment"
    - name: Set up authorized keys for the sudo user
      authorized_key: 
        user: "{{base_user}}"
        key: "{{github_keys}}"
Manual Addition

If you need to manually add a user called web you can do

useradd web -m -s /bin/bash

And then you can add him to the group www-data like so:

adduser web www-data

If you like to add a password you do it so:

passwd web

If you do not appreciate passwords and want to use SSH keys you can block password access at

/etc/ssh/sshd_config.

To add keys you will need an .ssh directory and inside of it authorized_keys as file:

ssh user@domain.com
mkdir .ssh
chmod 700 .ssh/
chown web:www-data .ssh/
cd .ssh/
touch authorized_keys
nano authorized_keys # Add you keys
chown web:www-data authorized_keys
chmod 600 authorized_keys

Optionally Block Root SSH Access

If at a later stage you would like to shut down ssh access for root on your local box do the following:

ssh laravel@ip

Then on the remote do:

sudo su
nano /etc/ssh/sshd_config

Make sure you set root access to no to secure the box

PermitRootLogin no

Then you need to restart the SSH server:

service ssh restart

And log off as root and exit box as laravel:

exit
exit

SSH Agent Forwarding

Then make sure SSH agent forwarding is working to forward the SSH key to access the repository. Add the following to ~/.ssh/config:

Host *
  ForwardAgent yes

I am using * as the Host as called "Laravel" + ip address did not work. May be a configuration issue on my part that can be changed later on. Also, to make sure the ssh agent is running and your ssh key is included you can run:

eval `ssh-agent -s`
ssh-add

Github Deployment

https://gist.github.com/pogorelov-ss/41893e17c7c4776d4d57

#test SSH agent forwarding
- shell: echo "Client= [$SSH_CLIENT] Sock= [$SSH_AUTH_SOCK]"
 remote_user: laravel
 register: myecho
- debug: msg="{{myecho.stdout}}"
- shell: ssh-add -l
 become: no
 register: myecho
- debug: msg="{{myecho.stdout}}"
# - shell: ssh -T -vvvv git@github.com
#   register: myecho
# - debug: msg="{{myecho.stdout}}"

- name: Get app from Github
 remote_user: laravel
 git:
     repo="{{repo_url}}"
     dest=repo/myproject.git
     accept_hostkey=yes
     force=yes
     bare=yes
     update=yes
     version="{{ git_branch }}"
    
- name: Create project folder
 remote_user: root
 file: path=/var/www/{{ project_folder }}
      owner={{ www_user }}
      group={{ www_user }}
      mode=0775
      state=directory

- name: checkout app to project folder
 environment:
     GIT_WORK_TREE: /var/www/{{ project_folder }}
 shell:
     git checkout {{ git_branch}} -f
     chdir=/home/{{base_user}}/repo/myproject.git
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment