added key based authentication for git cloning

47e4cf87 · Gallenkamp, Fabian · 146ec995 · 47e4cf87 · 47e4cf87 · 47e4cf87
Commit 47e4cf87 authored 5 years ago by Gallenkamp, Fabian
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ hosts
 templates/nginx_unmodified_confs/
 group_vars/otree_servers.yml
 files/
+keys/
 *.retry
 *.swp
 *.save
--- a/README.md
+++ b/README.md
@@ -71,14 +71,30 @@ otree_users:
    # app_repo: "https://github.com/oTree-org/oTree.git"  
 ```

-### (optional) upload otree project
+### Get the otree project on your server
+
+#### Option A: upload otree project directly into ansible project
 1. If no git-repository ``app_repo``-value with your otree configuration is provided, you have to place a copy of the project files (with scp) in ``files/<otree_username>/``.

+#### Option B: clone via git and provide ssh keys
+1. If git-repository ``app_repo`` is provided and the repo is private you have to setup key authentication.
+2. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
+3. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
+
 And now run the playbook.

 ## change the configuration
 1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.

+## setup ssh keys
+1. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
+2. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
+
 ## run the playbook
 1. Change directory: ``cd ~/otree-ansible/``
-2. Run: ``ansible-playbook site.yml``
\ No newline at end of file
+2. Run: ``ansible-playbook site.yml``
+
+## FAQ
+
+### There is an error with redis in apt installation
+Solution: Disable ipv6 in ``/etc/redis/redis.conf``
--- a/configure_otree.yml
+++ b/configure_otree.yml
@@ -21,12 +21,42 @@
      with_dict: "{{ otree_users }}"
      when: item.value.override

+    - name: copy over ssh key files
+      synchronize:
+        src: "keys/{{ item.key }}/"
+        dest: "/home/{{ item.key }}/.ssh/"
+        delete: yes
+      with_dict: "{{ otree_users }}"
+      when: item.value.override and item.value.app_repo is defined
+
+    - name: set owner and group permissions restricted for key files
+      file:
+        path: "/home/{{ item.key }}/.ssh/"
+        state: directory
+        owner: "{{ item.key }}"
+        group: "{{ item.key }}"
+        mode: "0600"
+        recurse: yes
+      with_dict: "{{ otree_users }}"
+      when: item.value.override and item.value.app_repo is defined
+
+    - name: set owner and group permissions for folder
+      file:
+        path: "/home/{{ item.key }}/.ssh/"
+        state: directory
+        owner: "{{ item.key }}"
+        group: "{{ item.key }}"
+        mode: "0700"
+      with_dict: "{{ otree_users }}"
+      when: item.value.override and item.value.app_repo is defined
+
    - name: clone projects accordingly
      git:
        repo: "{{ item.value.app_repo }}"
        dest: "/home/{{ item.key }}/otree/"
        accept_hostkey: yes
        recursive: yes
+        key_file: "/home/{{ item.key }}/.ssh/id"
      become: yes
      become_user: "{{ item.key }}"
      with_dict: "{{ otree_users }}"