Setting up a complete server infrastructure

• ruby needs to be installed (version)
• packer
• vagrant

Provisioning is done by creating snapshots with packer. The targets that launch the process are:

./go install-plugin # Installs required plugin first
./go snapshot-{erza,natsu}

The server is set up with ansible, with the following playbooks. There are two servers being provisioned, with the server-specific configuration in the following folders:

• erza
• natsu

to fully provision everything, certain files need to be accessible:

• .env: variables used by docker-compose
• authorized_keys: deployment user
• cert: Existing certificates (letsencrypt)

The provisioning of the actual servers uses terraform, through different modules. It's all in this folder.

vagrant VMs are available to test things locally first. The hosts can be provisioned with:

./go vagrant-{erza,natsu}

These VMs are locally accessible through ssh and mirror the result of the snapshot.

ServerSpec is used for automated testing. Both the local setup and the remote server can be tested.

rake spec:{natsu,erza} # Remote
rake spec:{natsu,erza}-vagrant # Local

See auth0

TODO: right now it's a bit manual, using the pipeline is the best bet

See the backup script is used for the DBs mainly

Everything is parametrized using gomplate. Adding a new domain should require minimal effort, basicallly a variable for the server_name. If there is a backend it will need extending the docker-compose configuration.

In order to serve a new subdomain using https, we need to complete the challenge from the certbot. The call that we are aiming to make from the server looks like this:

docker run -it --rm -v /cert:/etc/letsencrypt -v /var/www/certbot:/var/www/certbot deliverous/certbot certonly --webroot -d ${subdomain}.${domain} --register-unsafely-without-email --agree-tos -w /var/www/certbot

The configuration needs to be started in two steps: First the http part, then the https once we have a certificate.