The playbooks were used for the task of migrating Gene Breaker and On Target from CMMT-hosted servers to UBC Edu Cloud. The idea is that should we need to repeat this (for example, migrating to AWS) we can simply run these ansible tasks again with a new hostname and SSH username configured as the destinatino. Perhaps with minimal modification, one could deploy a different python web app with similar structure as well to any available Linux machine.
The definitive playbook for Nginx and general purpose Python app hosting is web-apps.yaml - this one can be used to perform updates on the existing Gene Breaker and On Target deployments safely.
The other playbooks would be run once to initialize the server dependencies and clone the app repos in your home directory.
In general, ansible playbooks can be run over and over again safely. This is a core design feature, you can modify and repeat many times without messing up state or compounding changes - it only does actions when necessary, reading state and determining what steps are necessary to do the task.
General Ansible docs: https://docs.ansible.com/
- password / sudo access setup
Make a file called "pw.txt" and chmod so only you can access it (chmod 600 credentials.txt). Just put your ssh user's password in the file, nothing else. Then, ansible tasks that have "become: yes" can use that account (and sudo if available).
-
Set server's hostname and ssh username in inventory.yaml (copy inventory-example.yaml to inventory.yaml) - If you want to modify Gene Breaker or Ontarget, see Lab confluence page for these exact hostnames
-
Set app repos in apps.yaml, run
ansible-playbook apps.yamlto clone. -
Install all server dependencies using
ansible-playbook packages.yaml- if you need more, add to the list and repeat the command. -
ansible-playbook web-apps.yamlsets up Nginx directives, self-signed ssl, and appropriate permissions and file ownership. If web apps are Single Page Applications, at this time you will need to list all the routes so they are served by index.html instead of trying to find files at directory paths. (Ideally would use some kind of wildcard matching, but Genebreaker and Ontarget apps are served at different host urls rather than domain paths, so this is what happened) -
To deploy frontend code, handling nodeJS and building is not in scope in these playbooks, so you'll SSH manually to do these tasks. Then, point the resulting /dest ( or /build ) folder path in the "copy app build files to /var/www" task in web-apps.yaml to copy to var/www. (Did not have success serving directly from home folder)
ansible-playbook web-apps.yaml -vv
ansible-playbook web-apps.yaml -vv --tags "restart"
ansible-galaxy collection install community.crypto
ansible wlab -a "ufw status" --become -vvv