This is a collection of Ansible playbooks used in the deployment of the MITOC Trips web site. The project allows local development on a setup closely mirroring that of production as well as a streamlined way to deploy changes.
There are playbooks supporting three separate environments:
For local development, all services run within a virtual machine. Vagrant is used to automate the creation and modification of this virtual machine. To create a new virtual machine and provision it with Ansible, simply run:
vagrant up
After that, you will have a fully functional web server accessible at 192.168.33.15
This playbook allows running all infrastructure an AWS. By default, it runs a Postgres server on the same instance as the webserver, but could easily be configured to use RDS instead.
Just like a local development machine, the EC2 instance can easily be created using Vagrant.
-
Store AWS credentials in
.aws/credentials
or directly in theVagrantfile
-
Create a keypair or import an existing one
-
Install and configure vagrant-aws
vagrant plugin install vagrant-aws vagrant box add dummy https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box
-
Launch a new EC2 instance:
vagrant up --provider=aws
The production playbook contains various secrets used in production, including (but not limited to):
- The Django
SECRET_KEY
- Full SSL certificate for mitoc-trips.mit.edu
- Usernames, hostnames, and passwords for various services
- RabbitMQ
- Postgres
- SES
It also uses some more time-intensive plays that wouldn't be necessary in development (for example - generating a strong Diffie-Hellman group).
For obvious reasons, this file is encrypted using Ansible vault.
In the public version of this repository, I have used git filter-branch
to
completely remove this sensitive file:
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch env_vars/production.yml' --tag-name-filter cat -- --all
Production (an EC2 instance running Ubuntu server) is deployed directly with Ansible:
ansible-playbook -i hosts production.yml -u ubuntu --private-key=<path_to_iam_user_key>
The repository was modified from Johnathan Calazan's ansible-django-stack.
- Nginx
- Gunicorn
- PostgreSQL
- Supervisor
- Virtualenv
- Celery
- RabbitMQ