Skip to content
/ hfw_ansible Public

Ansible playbook to prepare a server that can run app based on the hfw library.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dhontecillas/hfw_ansible

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
ansible
ansible
 
 
example
example
 
 
local/virtual_box
local/virtual_box
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
env.sh
env.sh
 
 
requirements.pip
requirements.pip
 
 

Repository files navigation

hfw_ansible

Ansible playbook to prepare a server that can run apps based on the hfw library.

Create a local environment to test the deployment

Prepare a server for deployment

Under the ansible/server there is the playbook to prepare the server with some basic software:

  • nginx server: to forward each domain for each deployed app and server the static files for those apps
  • postgresql: to be shared across different apps running in the server
  • redis: to have some cache and other functionality available for the apps
  • docker: in order to run the apps in a dockerized way
eval `ssh-agent`
ssh-add hfw_local_server
cd ansible/server
source ./depl.sh [hosts_file] [extra_vars_file]

Docker repository

S3

Create a new user and provide attach a policy that gives it access to the created bucket

Security policy for the created account

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::S3_BUCKET_NAME"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload"
      ],
      "Resource": "arn:aws:s3:::S3_BUCKET_NAME/*"
    }
  ]
}

Deploy an app

An app consists of:

  • docker image
  • static assets

The docker image could serve the static files too, to simplify the deployment, but we can leverage the existing nginx server to deploy those files.

How the server gets configured

Nginx

A single instance is running for all the apps, and for each app an entry into the /etc/nginx/conf.d directory is created.

For the access logs (the general nginx one and the per app access log) a new formatter is set, to log the output in json format, so it can be queried with the jq tool, and it can also be easily feed into grafana loki or some other service.

Postgresql

A single instance is configured.

In order to bind postgres to the docker network interface, the systemd unit is changed to wait for the docker unit to be started (instead of waiting for the network unit).

Redis

A single shared instance is configured.

In order to bind postgres to the docker network interface, the systemd unit is changed to wait for the docker unit to be started (instead of waiting for the network unit).

App logs

A directory is created in /var/log/apps/{{app_name}}, ownerd by the unprivileged user, so it can be mounted into the running container, to write logs. This way, the stdout can be redirected to a file, or additional log files can be written there (so, there is no need to docker exec -ti {{container}} /bin/sh to look at them, or check the docker stdout with docker logs {{container}}. And those files can also be scrapped by a log reporting agent.

About

Ansible playbook to prepare a server that can run app based on the hfw library.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages