Production mode - Githubissues

snaekobbi / system

Assembly of the complete system in the form of an Ansible script

MIT License

0 stars 0 forks source link

Production mode #3

Closed josteinaj closed 9 years ago

josteinaj commented 9 years ago

Usage:

make production to get a clean ssh config (not sure if needed but I think so)
ansible-playbook production.yml to deploy to root@localhost. passwordless ssh access to root@localhost is assumed to be configured

@bertfrees what do you think of this approach?

bertfrees commented 9 years ago

Looks good, although if possible I would try to combine test-server.yml and production.yml and use host variables to make up for the differences. Also (1) shouldn't be needed I think.

bertfrees commented 9 years ago

I still don't understand why you set sudo to false and changed ansible_ssh_user to root. Doesn't this come down to the same thing? Also if you set ansible_connection to local, SSH shouldn't be needed at all.

dkager commented 9 years ago

Without knowing the context: root via SSH is commonly considered a bad idea and is often disabled, thus sudo is often the only option.

josteinaj commented 9 years ago

When using root I don't need sudo so I set sudo to false. If I set sudo to true, even when using root, I get an error. Using ansible_connection=local has the same issue, ansible needs to be able to run sudo.

josteinaj commented 9 years ago

Actually, sudo might work without a password when running as root. In any case, this is what I get when trying to run with sudo: yes as a normal user:

➜  system git:(production-localhost) ✗ ansible-playbook production.yml

PLAY [production] ************************************************************* 

GATHERING FACTS *************************************************************** 
fatal: [production] => Missing become password

TASK: [apt update_cache=yes] ************************************************** 
FATAL: no hosts matched or all hosts have already failed -- aborting

PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/home/jostein/production.retry

production                 : ok=0    changed=0    unreachable=1    failed=0

josteinaj commented 9 years ago

Hmm, setting ansible_become_pass=*** directly in the hosts file seems to work. I'll have to experiment a bit more with non-root accounts I guess...

bertfrees commented 9 years ago

It is also possible to let Ansible prompt you for the password.

josteinaj commented 9 years ago

Yes, but I'd like to run it non-interactively.

I managed to get it working by enabling passwordless sudo.

bertfrees commented 9 years ago

Merged