search

ansistrano / deploy

Ansible role to deploy scripting applications like PHP, Python, Ruby, etc. in a capistrano style
https://ansistrano.com
MIT License
2.37k stars 343 forks source link

Add ignore_nonexistent_bucket for s3 options #248

Closed michaelBenin closed 6 years ago

michaelBenin commented 7 years ago

https://github.com/ansible/ansible/pull/20501

https://github.com/ansistrano/deploy/blob/9433202698dc6aef1af08e961a258246e38822a6/tasks/update-code/s3.yml#L13

Would you be open in supporting this option?

michaelBenin commented 7 years ago

The comment here sums it up why it's useful:

https://github.com/Infectsoldier/ansible/commit/91b009d74e07a24e8ad745c5f268838796c51168#diff-68ba194b6312d1232756a1ecb586474bR155

ricardclau commented 7 years ago

About time they added such option!

Yeah, please provide a backwards compatible PR (not 100% sure about what will happen in older versions without the option) and we will merge it

michaelBenin commented 7 years ago

Hey so TBH - I'm kinda an ansible newb. I'll do my best on making a PR.

Also, maybe we could help users with the documentation on deploying with the s3 method. Here's an example of what I set up for a local wordpress deploy:

# For debug:
# SHA=$(eval 'git rev-parse HEAD') WP_DIR=$(eval 'pwd') AWS_ACCESS_KEY=key AWS_ACCESS_SECRET_KEY=key ansible-playbook -u ubuntu --private-key /path/to/private.pem ./ansible/deploy/deploy.yml -vvv

---
- name: Tar the directory and upload to s3
  hosts: localhost
  connection: local
  gather_facts: no

  tasks:
    - command: git rev-parse HEAD
      args:
        chdir: "{{ lookup('env','WP_DIR') }}"
      register: gitresult
    - file:
        path: "{{ lookup('env','WP_DIR') }}/releases"
        state: directory
        mode: 0775
    - archive:
       path: "{{ lookup('env','WP_DIR') }}/*"
       dest: "{{ lookup('env','WP_DIR') }}/releases/{{ lookup('env','SHA') }}.tgz"
    - name: Simple S3 Put
      s3:
        aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY') }}"
        aws_secret_key: "{{ lookup('env','AWS_ACCESS_SECRET_KEY') }}"
        permission: authenticated-read
        region: us-east-1
        bucket: wp-artifacts
        object: "artifacts/{{ lookup('env','SHA') }}.tgz"
        src: "{{ lookup('env','WP_DIR') }}/releases/{{ lookup('env','SHA') }}.tgz"
        mode: put

- hosts: wp-site
  sudo: yes
  roles:
    - role: carlosbuenosvinos.ansistrano-deploy
      ansistrano_deploy_from: "." # Where my local project is (relative or absolute path)
      ansistrano_deploy_to: "/var/www/wp-site" # Base path to deploy to.
      ansistrano_version_dir: "releases" # Releases folder name
      ansistrano_current_dir: "current" # Softlink name. You should rarely changed it.
      ansistrano_current_via: "symlink" # Deployment strategy who code should be deployed to current path. Options are symlink or rsync
      ansistrano_shared_paths: [] # Shared paths to symlink to release dir
      ansistrano_keep_releases: 1 # Releases to keep after a new deployment. See "Pruning old releases".
      ansistrano_deploy_via: "s3_unarchive" # Method used to deliver the code to the server. Options are copy, rsync, git, s3 or download.
      ansistrano_allow_anonymous_stats: no
      ansistrano_s3_bucket: wp-artifacts
      ansistrano_s3_object: "artifacts/{{ lookup('env','SHA') }}.tgz" # Add the _unarchive suffix to the ansistrano_deploy_via if your object is a package (ie: s3_unarchive)
      ansistrano_s3_region: us-east-1
      ansistrano_s3_aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY') }}"
      ansistrano_s3_aws_secret_key: "{{ lookup('env','AWS_ACCESS_SECRET_KEY') }}"
      ansistrano_after_symlink_tasks_file:  "{{ playbook_dir }}/after-symlink-tasks.yml"

- name: Remove items from S3 and locally
  hosts: localhost
  connection: local
  gather_facts: no

  tasks:
    - command: git rev-parse HEAD
      args:
        chdir: "{{ lookup('env','WP_DIR') }}"
      register: gitresult
    - name: Clean artifact path
      file:
        state: absent
        path: "{{ lookup('env','WP_DIR') }}/releases/"
    - name: Simple S3 Delete
      s3:
        aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY') }}"
        aws_secret_key: "{{ lookup('env','AWS_ACCESS_SECRET_KEY') }}"
        region: us-east-1
        bucket: wp-artifacts
        object: "artifacts/{{ lookup('env','SHA') }}.tgz"
        mode: delobj

And on the bucket - people need to make sure they have List explicitly:

{
    "Version": "2012-10-17",
    "Id": "Policy1465149348999",
    "Statement": [
        {
            "Sid": "Stmt1465149345736",
            "Effect": "Allow",
            "Principal": {
                "AWS": "<USER ARN>"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::wp-artifacts",
                "arn:aws:s3:::wp-artifacts/*"
            ]
        }
    ]
}

Also the host needs to have boto installed and configured correctly. I ran into some weird issues with buckets that weren't on us-east-1 though. Didn't think opening an issue would help as it's unrelated to this project.

An example without keys would also be good. This wp thing isn't getting executed from a bastion host though so this made sense for deployment for devs locally.

ricardclau commented 6 years ago

Sorry about the massive delay here