From 47e4cf87179afca1f766bc67c8f5770b0dfb98fa Mon Sep 17 00:00:00 2001 From: bax1489 <fabian.gallenkamp@uni-hamburg.de> Date: Thu, 26 Sep 2019 11:51:16 +0200 Subject: [PATCH] added key based authentication for git cloning --- .gitignore | 1 + README.md | 20 ++++++++++++++++++-- configure_otree.yml | 30 ++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7999768..5998b01 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ hosts templates/nginx_unmodified_confs/ group_vars/otree_servers.yml files/ +keys/ *.retry *.swp *.save diff --git a/README.md b/README.md index 2a4fb13..8bfa294 100644 --- a/README.md +++ b/README.md @@ -71,14 +71,30 @@ otree_users: # app_repo: "https://github.com/oTree-org/oTree.git" ``` -### (optional) upload otree project +### Get the otree project on your server + +#### Option A: upload otree project directly into ansible project 1. If no git-repository ``app_repo``-value with your otree configuration is provided, you have to place a copy of the project files (with scp) in ``files/<otree_username>/``. +#### Option B: clone via git and provide ssh keys +1. If git-repository ``app_repo`` is provided and the repo is private you have to setup key authentication. +2. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100`` +3. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo`` + And now run the playbook. ## change the configuration 1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook. +## setup ssh keys +1. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100`` +2. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo`` + ## run the playbook 1. Change directory: ``cd ~/otree-ansible/`` -2. Run: ``ansible-playbook site.yml`` \ No newline at end of file +2. Run: ``ansible-playbook site.yml`` + +## FAQ + +### There is an error with redis in apt installation +Solution: Disable ipv6 in ``/etc/redis/redis.conf`` diff --git a/configure_otree.yml b/configure_otree.yml index 84082a9..d7396dc 100644 --- a/configure_otree.yml +++ b/configure_otree.yml @@ -21,12 +21,42 @@ with_dict: "{{ otree_users }}" when: item.value.override + - name: copy over ssh key files + synchronize: + src: "keys/{{ item.key }}/" + dest: "/home/{{ item.key }}/.ssh/" + delete: yes + with_dict: "{{ otree_users }}" + when: item.value.override and item.value.app_repo is defined + + - name: set owner and group permissions restricted for key files + file: + path: "/home/{{ item.key }}/.ssh/" + state: directory + owner: "{{ item.key }}" + group: "{{ item.key }}" + mode: "0600" + recurse: yes + with_dict: "{{ otree_users }}" + when: item.value.override and item.value.app_repo is defined + + - name: set owner and group permissions for folder + file: + path: "/home/{{ item.key }}/.ssh/" + state: directory + owner: "{{ item.key }}" + group: "{{ item.key }}" + mode: "0700" + with_dict: "{{ otree_users }}" + when: item.value.override and item.value.app_repo is defined + - name: clone projects accordingly git: repo: "{{ item.value.app_repo }}" dest: "/home/{{ item.key }}/otree/" accept_hostkey: yes recursive: yes + key_file: "/home/{{ item.key }}/.ssh/id" become: yes become_user: "{{ item.key }}" with_dict: "{{ otree_users }}" -- GitLab