From 47e4cf87179afca1f766bc67c8f5770b0dfb98fa Mon Sep 17 00:00:00 2001
From: bax1489 <fabian.gallenkamp@uni-hamburg.de>
Date: Thu, 26 Sep 2019 11:51:16 +0200
Subject: [PATCH] added key based authentication for git cloning
---
.gitignore | 1 +
README.md | 20 ++++++++++++++++++--
configure_otree.yml | 30 ++++++++++++++++++++++++++++++
3 files changed, 49 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
index 7999768..5998b01 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ hosts
templates/nginx_unmodified_confs/
group_vars/otree_servers.yml
files/
+keys/
*.retry
*.swp
*.save
diff --git a/README.md b/README.md
index 2a4fb13..8bfa294 100644
--- a/README.md
+++ b/README.md
@@ -71,14 +71,30 @@ otree_users:
# app_repo: "https://github.com/oTree-org/oTree.git"
```
-### (optional) upload otree project
+### Get the otree project on your server
+
+#### Option A: upload otree project directly into ansible project
1. If no git-repository ``app_repo``-value with your otree configuration is provided, you have to place a copy of the project files (with scp) in ``files/<otree_username>/``.
+#### Option B: clone via git and provide ssh keys
+1. If git-repository ``app_repo`` is provided and the repo is private you have to setup key authentication.
+2. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
+3. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
+
And now run the playbook.
## change the configuration
1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.
+## setup ssh keys
+1. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
+2. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
+
## run the playbook
1. Change directory: ``cd ~/otree-ansible/``
-2. Run: ``ansible-playbook site.yml``
\ No newline at end of file
+2. Run: ``ansible-playbook site.yml``
+
+## FAQ
+
+### There is an error with redis in apt installation
+Solution: Disable ipv6 in ``/etc/redis/redis.conf``
diff --git a/configure_otree.yml b/configure_otree.yml
index 84082a9..d7396dc 100644
--- a/configure_otree.yml
+++ b/configure_otree.yml
@@ -21,12 +21,42 @@
with_dict: "{{ otree_users }}"
when: item.value.override
+ - name: copy over ssh key files
+ synchronize:
+ src: "keys/{{ item.key }}/"
+ dest: "/home/{{ item.key }}/.ssh/"
+ delete: yes
+ with_dict: "{{ otree_users }}"
+ when: item.value.override and item.value.app_repo is defined
+
+ - name: set owner and group permissions restricted for key files
+ file:
+ path: "/home/{{ item.key }}/.ssh/"
+ state: directory
+ owner: "{{ item.key }}"
+ group: "{{ item.key }}"
+ mode: "0600"
+ recurse: yes
+ with_dict: "{{ otree_users }}"
+ when: item.value.override and item.value.app_repo is defined
+
+ - name: set owner and group permissions for folder
+ file:
+ path: "/home/{{ item.key }}/.ssh/"
+ state: directory
+ owner: "{{ item.key }}"
+ group: "{{ item.key }}"
+ mode: "0700"
+ with_dict: "{{ otree_users }}"
+ when: item.value.override and item.value.app_repo is defined
+
- name: clone projects accordingly
git:
repo: "{{ item.value.app_repo }}"
dest: "/home/{{ item.key }}/otree/"
accept_hostkey: yes
recursive: yes
+ key_file: "/home/{{ item.key }}/.ssh/id"
become: yes
become_user: "{{ item.key }}"
with_dict: "{{ otree_users }}"
--
GitLab