autonomic-cooperative
/
dokku-ansible-playbook
Archived
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Run ansible playbooks during deployment
This repository has been archived on 2020-05-08. You can view files and clone it, but cannot push or open issues or pull requests.
38 Commits 1 Branch 0 Tags 165 KiB
Shell 100%
Go to file
Luke Murphy 83cf0538c0
Update README about vault setup 		2020-03-21 01:08:57 +01:00
LICENSE Another push to get this out the door 2020-03-19 01:43:41 +01:00
README.md Update README about vault setup 2020-03-21 01:08:57 +01:00
dependencies Add common functions 2020-03-19 23:45:06 +01:00
functions Don't always force it 2020-03-21 00:08:58 +01:00
plugin.toml Bootstrap this plugin 2020-03-19 01:13:54 +01:00
post-deploy Get roles path working 2020-03-20 00:11:35 +01:00
post-extract Don't run empty outputs 2020-03-19 23:47:05 +01:00
pre-deploy Get roles path working 2020-03-20 00:11:35 +01:00

README.md

dokku-ansible-playbook

Run ansible playbooks during deployment.

This plugin can be useful when you need to provision your server before or after a deployment of your application (or on any hook, just raise an issue and let's add it) and you prefer to use Ansible instead of Bash. For example, you make use of the ansible-dokku roles.

Requirements

  • dokku 0.19.13+
  • Debian based system (uses apt package manager for installing dependencies)

Installation

$ dokku plugin:install https://github.com/decentral1se/dokku-ansible-playbook.git
$ dokku plugin:install-dependencies

Usage

All files must be placed within the ansible folder of your git repository.

  • requirements.yml: what role dependencies to download before running your plays.

  • pre-deploy.yml: play run before a deployment

  • post-deploy.yml: play run after a deployment

  • Everything is copied into $DOKKU_LIB_ROOT/data/ansible/$APP on the post-extract hook.

  • Dokku will make sure that your Ansible plays are run on the right hook against the Dokku server localhost.

Passwords

You can place a ansible/.vault.sh script (don't forget to chmod +x it) that looks like this:

#!/bin/bash

set -eu -o pipefail

echo "my-cool-vault-password"

This file will be copied over to $DOKKU_LIB_ROOT/data/ansible/$APP and locked down with the correct read-only permissions for the Dokku user account. This will then be used as the Ansible Vault password file which can be used to decrypt secrets.

So, if you then encrypt a secret:

$ ansible-vault \
  encrypt_string \
  --vault-password-file ansible/.vault.sh \
  --name mysecretname \
  mysecretvalue

You can place this in your plays and it can be successfully decrypted on the host.

Example

ansible/requirements.yml

---
- src: dokku_bot.ansible_dokku
  version: v2020.3.15

ansible/pre-deploy.yml

---
- hosts: all
  tasks:
    - name: Configure the foobar environment
      dokku_config:
        app: foobar
        restart: false
        config:
          FOO: BAR
      become: true
      become_user: dokku