Setting up a complete server infrastructure
ruby
needs to be installed (version)packer
vagrant
Provisioning is done by creating snapshots with packer. The targets that launch the process are:
./go install-plugin # Installs required plugin first
./go snapshot-{erza,natsu}
The server is set up with ansible, with the following playbooks. There are two servers being provisioned, with the server-specific configuration in the following folders:
to fully provision everything, certain files need to be accessible:
.env
: variables used bydocker-compose
authorized_keys
: deployment usercert
: Existing certificates (letsencrypt)
The provisioning of the actual servers uses terraform, through different modules. It's all in this folder.
vagrant VMs are available to test things locally first. The hosts can be provisioned with:
./go vagrant-{erza,natsu}
These VMs are locally accessible through ssh
and mirror the result of the snapshot.
ServerSpec is used for automated testing. Both the local setup and the remote server can be tested.
rake spec:{natsu,erza} # Remote
rake spec:{natsu,erza}-vagrant # Local
See auth0
TODO: right now it's a bit manual, using the pipeline is the best bet
See the backup script is used for the DBs mainly
Everything is parametrized using gomplate. Adding a new domain should require minimal effort, basicallly a variable for the server_name
. If there is a backend it will need extending the docker-compose configuration.
In order to serve a new subdomain using https, we need to complete the challenge from the certbot
. The call that we are aiming to make from the server looks like this:
docker run -it --rm -v /cert:/etc/letsencrypt -v /var/www/certbot:/var/www/certbot deliverous/certbot certonly --webroot -d ${subdomain}.${domain} --register-unsafely-without-email --agree-tos -w /var/www/certbot
The configuration needs to be started in two steps: First the http part, then the https once we have a certificate.