Skip to content
Snippets Groups Projects
Commit 47e4cf87 authored by Gallenkamp, Fabian's avatar Gallenkamp, Fabian
Browse files

added key based authentication for git cloning

parent 146ec995
No related branches found
No related tags found
No related merge requests found
...@@ -2,6 +2,7 @@ hosts ...@@ -2,6 +2,7 @@ hosts
templates/nginx_unmodified_confs/ templates/nginx_unmodified_confs/
group_vars/otree_servers.yml group_vars/otree_servers.yml
files/ files/
keys/
*.retry *.retry
*.swp *.swp
*.save *.save
...@@ -71,14 +71,30 @@ otree_users: ...@@ -71,14 +71,30 @@ otree_users:
# app_repo: "https://github.com/oTree-org/oTree.git" # app_repo: "https://github.com/oTree-org/oTree.git"
``` ```
### (optional) upload otree project ### Get the otree project on your server
#### Option A: upload otree project directly into ansible project
1. If no git-repository ``app_repo``-value with your otree configuration is provided, you have to place a copy of the project files (with scp) in ``files/<otree_username>/``. 1. If no git-repository ``app_repo``-value with your otree configuration is provided, you have to place a copy of the project files (with scp) in ``files/<otree_username>/``.
#### Option B: clone via git and provide ssh keys
1. If git-repository ``app_repo`` is provided and the repo is private you have to setup key authentication.
2. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
3. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
And now run the playbook. And now run the playbook.
## change the configuration ## change the configuration
1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook. 1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.
## setup ssh keys
1. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
2. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
## run the playbook ## run the playbook
1. Change directory: ``cd ~/otree-ansible/`` 1. Change directory: ``cd ~/otree-ansible/``
2. Run: ``ansible-playbook site.yml`` 2. Run: ``ansible-playbook site.yml``
## FAQ
### There is an error with redis in apt installation
Solution: Disable ipv6 in ``/etc/redis/redis.conf``
...@@ -21,12 +21,42 @@ ...@@ -21,12 +21,42 @@
with_dict: "{{ otree_users }}" with_dict: "{{ otree_users }}"
when: item.value.override when: item.value.override
- name: copy over ssh key files
synchronize:
src: "keys/{{ item.key }}/"
dest: "/home/{{ item.key }}/.ssh/"
delete: yes
with_dict: "{{ otree_users }}"
when: item.value.override and item.value.app_repo is defined
- name: set owner and group permissions restricted for key files
file:
path: "/home/{{ item.key }}/.ssh/"
state: directory
owner: "{{ item.key }}"
group: "{{ item.key }}"
mode: "0600"
recurse: yes
with_dict: "{{ otree_users }}"
when: item.value.override and item.value.app_repo is defined
- name: set owner and group permissions for folder
file:
path: "/home/{{ item.key }}/.ssh/"
state: directory
owner: "{{ item.key }}"
group: "{{ item.key }}"
mode: "0700"
with_dict: "{{ otree_users }}"
when: item.value.override and item.value.app_repo is defined
- name: clone projects accordingly - name: clone projects accordingly
git: git:
repo: "{{ item.value.app_repo }}" repo: "{{ item.value.app_repo }}"
dest: "/home/{{ item.key }}/otree/" dest: "/home/{{ item.key }}/otree/"
accept_hostkey: yes accept_hostkey: yes
recursive: yes recursive: yes
key_file: "/home/{{ item.key }}/.ssh/id"
become: yes become: yes
become_user: "{{ item.key }}" become_user: "{{ item.key }}"
with_dict: "{{ otree_users }}" with_dict: "{{ otree_users }}"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment