Closed michaelBenin closed 6 years ago
The comment here sums it up why it's useful:
About time they added such option!
Yeah, please provide a backwards compatible PR (not 100% sure about what will happen in older versions without the option) and we will merge it
Hey so TBH - I'm kinda an ansible newb. I'll do my best on making a PR.
Also, maybe we could help users with the documentation on deploying with the s3 method. Here's an example of what I set up for a local wordpress deploy:
# For debug:
# SHA=$(eval 'git rev-parse HEAD') WP_DIR=$(eval 'pwd') AWS_ACCESS_KEY=key AWS_ACCESS_SECRET_KEY=key ansible-playbook -u ubuntu --private-key /path/to/private.pem ./ansible/deploy/deploy.yml -vvv
---
- name: Tar the directory and upload to s3
hosts: localhost
connection: local
gather_facts: no
tasks:
- command: git rev-parse HEAD
args:
chdir: "{{ lookup('env','WP_DIR') }}"
register: gitresult
- file:
path: "{{ lookup('env','WP_DIR') }}/releases"
state: directory
mode: 0775
- archive:
path: "{{ lookup('env','WP_DIR') }}/*"
dest: "{{ lookup('env','WP_DIR') }}/releases/{{ lookup('env','SHA') }}.tgz"
- name: Simple S3 Put
s3:
aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY') }}"
aws_secret_key: "{{ lookup('env','AWS_ACCESS_SECRET_KEY') }}"
permission: authenticated-read
region: us-east-1
bucket: wp-artifacts
object: "artifacts/{{ lookup('env','SHA') }}.tgz"
src: "{{ lookup('env','WP_DIR') }}/releases/{{ lookup('env','SHA') }}.tgz"
mode: put
- hosts: wp-site
sudo: yes
roles:
- role: carlosbuenosvinos.ansistrano-deploy
ansistrano_deploy_from: "." # Where my local project is (relative or absolute path)
ansistrano_deploy_to: "/var/www/wp-site" # Base path to deploy to.
ansistrano_version_dir: "releases" # Releases folder name
ansistrano_current_dir: "current" # Softlink name. You should rarely changed it.
ansistrano_current_via: "symlink" # Deployment strategy who code should be deployed to current path. Options are symlink or rsync
ansistrano_shared_paths: [] # Shared paths to symlink to release dir
ansistrano_keep_releases: 1 # Releases to keep after a new deployment. See "Pruning old releases".
ansistrano_deploy_via: "s3_unarchive" # Method used to deliver the code to the server. Options are copy, rsync, git, s3 or download.
ansistrano_allow_anonymous_stats: no
ansistrano_s3_bucket: wp-artifacts
ansistrano_s3_object: "artifacts/{{ lookup('env','SHA') }}.tgz" # Add the _unarchive suffix to the ansistrano_deploy_via if your object is a package (ie: s3_unarchive)
ansistrano_s3_region: us-east-1
ansistrano_s3_aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY') }}"
ansistrano_s3_aws_secret_key: "{{ lookup('env','AWS_ACCESS_SECRET_KEY') }}"
ansistrano_after_symlink_tasks_file: "{{ playbook_dir }}/after-symlink-tasks.yml"
- name: Remove items from S3 and locally
hosts: localhost
connection: local
gather_facts: no
tasks:
- command: git rev-parse HEAD
args:
chdir: "{{ lookup('env','WP_DIR') }}"
register: gitresult
- name: Clean artifact path
file:
state: absent
path: "{{ lookup('env','WP_DIR') }}/releases/"
- name: Simple S3 Delete
s3:
aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY') }}"
aws_secret_key: "{{ lookup('env','AWS_ACCESS_SECRET_KEY') }}"
region: us-east-1
bucket: wp-artifacts
object: "artifacts/{{ lookup('env','SHA') }}.tgz"
mode: delobj
And on the bucket - people need to make sure they have List explicitly:
{
"Version": "2012-10-17",
"Id": "Policy1465149348999",
"Statement": [
{
"Sid": "Stmt1465149345736",
"Effect": "Allow",
"Principal": {
"AWS": "<USER ARN>"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:*"
],
"Resource": [
"arn:aws:s3:::wp-artifacts",
"arn:aws:s3:::wp-artifacts/*"
]
}
]
}
Also the host needs to have boto installed and configured correctly. I ran into some weird issues with buckets that weren't on us-east-1 though. Didn't think opening an issue would help as it's unrelated to this project.
An example without keys would also be good. This wp thing isn't getting executed from a bastion host though so this made sense for deployment for devs locally.
Sorry about the massive delay here
https://github.com/ansible/ansible/pull/20501
https://github.com/ansistrano/deploy/blob/9433202698dc6aef1af08e961a258246e38822a6/tasks/update-code/s3.yml#L13
Would you be open in supporting this option?