Server: Add Ansible playbook to deploy backend, use it in CI

This avoids a bunch of manual one-time set-up for the server, e.g. installing Docker and creating a systemd service. This also removes a dependency on some third party GitHub actions which do not support IPv6.
StenAL · Jul 6, 2024 · 2fbeb0b · 2fbeb0b
1 parent d0089e5
commit 2fbeb0b
Show file tree

Hide file tree

Showing 3 changed files with 109 additions and 21 deletions.
diff --git a/.github/workflows/server-cd.yml b/.github/workflows/server-cd.yml
@@ -73,25 +73,18 @@ jobs:
           push: true
           tags: stenal/baltic-stock-server:latest
 
-      - name: deploy production docker-compose.yml
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          source: "server/docker/prod/docker-compose.yml"
-          target: "~"
-          strip_components: 3
+      - name: setup SSH
+        shell: bash
+        run: |
+          eval `ssh-agent -s`
+          mkdir -p /home/runner/.ssh/
+          touch /home/runner/.ssh/id_rsa
+          echo -e "${{secrets.SSH_KEY}}" > /home/runner/.ssh/id_rsa
+          chmod 700 /home/runner/.ssh/id_rsa
+          ssh-keyscan -t rsa,dsa,ecdsa,ed25519 ${{secrets.SSH_HOST}} >> /home/runner/.ssh/known_hosts
 
-      - name: Deploy published images
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          protocol: tcp6
-          script: |
-            docker compose pull
-            docker compose up -d
+      - name: run Ansible deployment playbook
+        shell: bash
+        run: |
+          cd ansible  
+          ansible-playbook -vv --private-key /home/runner/.ssh/id_rsa -u ${{secrets.SSH_USER}} -i ${{ secrets.SSH_HOST }}, main.yml
diff --git a/ansible/files/baltic-stocks.service b/ansible/files/baltic-stocks.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Baltic Stocks running in Docker Compose (https://github.com/StenAL/Baltic-stocks)
+Requires=docker.service
+
+After=docker.service
+
+[Service]
+Type=oneshot
+User=baltic-stocks
+RemainAfterExit=true
+WorkingDirectory=/usr/local/share/baltic-stocks
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose down
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/main.yml b/ansible/main.yml
@@ -0,0 +1,79 @@
+---
+
+- name: deploy backend
+  hosts: all
+  tasks:
+    - name: apt update && apt upgrade
+      become: true
+      apt:
+        update_cache: yes
+        upgrade: yes
+
+    - name: download Docker APT repository key
+      become: true
+      ansible.builtin.get_url:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        dest: /etc/apt/keyrings/docker.asc
+
+    - name: add Docker APT repository
+      become: true
+      ansible.builtin.apt_repository:
+        repo: deb [{% if ansible_architecture == "aarch64" %}arch=arm64{% endif %} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
+        state: present
+        filename: docker
+
+    - name: install Docker
+      become: true
+      apt:
+        pkg:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+        - docker-buildx-plugin
+        - docker-compose-plugin
+
+    - name: create deployment directory
+      become: true
+      ansible.builtin.file:
+        path: /usr/local/share/baltic-stocks
+        state: directory
+        mode: '0755'
+
+    - name: deploy docker-compose.yml
+      become: true
+      copy:
+        src: ../server/docker/prod/docker-compose.yml
+        dest: /usr/local/share/baltic-stocks/docker-compose.yml
+
+    - name: create baltic-stocks service user
+      become: true
+      ansible.builtin.user:
+        name: baltic-stocks
+        group: docker
+
+    - name: deploy systemd service
+      become: true
+      copy:
+          src: baltic-stocks.service
+          dest: /etc/systemd/system/baltic-stocks.service
+      register: service_deploy_result
+
+    - name: reload systemd daemon if necessary
+      become: true
+      ansible.builtin.systemd_service:
+        daemon_reload: true
+      when: service_deploy_result.changed
+
+
+    - name: docker compose pull
+      command:
+        cmd: "docker compose -f /usr/local/share/baltic-stocks/docker-compose.yml pull"
+
+    # missing manual step: deploy .env file to same directory as docker-compose
+    - name: enable and run systemd service
+      become: true
+      ansible.builtin.systemd_service:
+        name: baltic-stocks.service
+        enabled: true
+        state: restarted
+    # TODO: deploy frontend