aboutsummaryrefslogtreecommitdiff

Dark Peak Services Repo

Before proceeding, make sure you've cloned this repo and initialised its submodules:

git clone --recurse-submodules https://git.darkpeak.org/darkpeak/darkpeak-services.git
cd darkpeak-services

If you didn't use --recurse-submodules, then you still need to initialise the git submodules:

git submodule init
git submodule update

If you have push access to the repo then you should instead clone from ssh://darkpeak@git.darkpeak.org/darkpeak-services.git

Install Ansible 2.4+

The geerlingguy playbooks for postgresql and mysql (in roles/community) use features like include_tasks which were introduced in Ansible 2.4. You should make sure your ansible version is >= 2.4.

Installing a newer ansible on Debian Stretch

Add the following to sources.list (or add a new file with the .list extension to /etc/apt/sources.list.d/):

deb http://ftp.uk.debian.org/debian stretch-backports main

Then run:

sudo apt-get update
sudo apt-get install -t stretch-backports ansible

Create Your Development Playbook

Make a copy of the template playbook and edit it to include only those services on which you want to work:

cp dev-playbook-template.yml dev-playbook.yml

Make sure the "development_mode" variable is set to "true" and the "domain_name" variable is set to the development domain "darkpeak.localhost" and you are ready to go.

For some services you may also need to set "first_run" to "true", then immediately set it back to "false" after you've first provisioned the vm.

Developing With Vagrant

Run the playbook:

vagrant up

If using the libvirt provider, you can avoid being prompted for your password everytime by adding yourself to the appropriate group:

sudo usermod -aG libvirt $USER

If you have issues with the self-signed TLS cert see the instructions in roles/tls/files/ssl/README for how to set up a new file.

Developing Without Vagrant

For those that are unable to use Virtual Box due to it requiring you to disable Secure Boot, and if you cannot use libvirt as a Vagrant back-end, you can run the playbook directly at a pre-existing VM, but it needs some preparation first.

Create and install a Debian VM using libvirt (at least 1Gb memory is needed):

virt-install --connect=qemu:///system --name darkpeak --arch x86_64 --vcpus 2 --memory 4096 --disk size=20 \
  --location http://ftp.us.debian.org/debian/dists/buster/main/installer-amd64/

Copy your SSH public key into the machine:

ssh darkpeak.vm mkdir .ssh
scp ~/.ssh/id_vms.pub darkpeak.vm:~/.ssh/authorized_keys
ssh darkpeak.vm chmod 600 .ssh/authorized_keys

On the VM, install sudo:

apt install sudo

On the VM, add your user to the sudo group:

usermod -aG sudo $USER

On the VM, grant sudoers permission to run commands unprompted by a password by adding the following line to the sudoers file:

%sudo   ALL=(ALL:ALL) NOPASSWD: ALL

Run the playbook:

ansible-playbook -i darkpeak.vm, dev-playbook.yml

Testing

In order to test, you will need to add hostnames to your hosts file. The TLD has to match that which you used earlier when you edited your development playbook. If you set the domain name variable to "darkpeak.localhost" then add the following to your /etc/hosts file substituting your VM's IP:

192.168.33.10 darkpeak.localhost wiki.darkpeak.localhost irc.darkpeak.localhost issues.darkpeak.localhost idp.darkpeak.localhost git.darkpeak.localhost reader.darkpeak.localhost dav.darkpeak.localhost pages.darkpeak.localhost social.darkpeak.localhost

Deploying to production

This ansible file will disable password-based authentication, so make sure you add your SSH public keys to /root/.ssh/authorized_keys before doing the first deployment.

After the first deployment you must make sure that you set first_run to false in prod-playbook.yml.

Create a hosts file which includes the hostname(s) to deploy to, one per line.

You will need the vault password and an authorized SSH key in order to deploy.

ansible-playbook -i hosts --ask-vault-pass --user root prod-playbook.yml