diff options
| author | EuAndreh <eu@euandre.org> | 2019-06-05 18:16:28 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2019-06-05 18:19:38 -0300 |
| commit | eb2d25dfc09c2c29e107a290c9daa84b969f54e2 (patch) | |
| tree | 96ece170cdf0cf0d07d98de2102915a1fd5104db /TODOs.org | |
| parent | Add note on SSH logs (diff) | |
| download | server-eb2d25dfc09c2c29e107a290c9daa84b969f54e2.tar.gz server-eb2d25dfc09c2c29e107a290c9daa84b969f54e2.tar.xz | |
TODOs.org
Diffstat (limited to 'TODOs.org')
| -rw-r--r-- | TODOs.org | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -80,6 +80,23 @@ A reasonable alternative would be to redeploy everything on a different node, wi In this situation, I if go on with automating the deployment I'd rather pick the downtime option. I'll start with other services other than email and consider alternatives later. +** DONE Correctly load the SSH keypair using =user_data= +CLOSED: [2019-06-05 Wed 18:16] +*** DONE Disable the =user_data= +CLOSED: [2019-06-05 Wed 17:39] +*** DONE Generate and manually copy the =user-data.env= file +CLOSED: [2019-06-05 Wed 17:39] +*** CANCELLED Run it on the system +*** DONE Run each step individually and check them +CLOSED: [2019-06-05 Wed 18:15] +Check the content of the generated key files. +*** DONE Try to login +CLOSED: [2019-06-05 Wed 18:15] +Problem was on file typo and private key permissions. + +Bonus: change SSH port +** TODO Test key rotation +See if it is actually working as expected. ** TODO Use Digital Ocean's Volumes for persistent extended storage ** TODO Make VPS provisioning more robust *** DONE Use Ansible (or an equivalent tool) instead of custom Bash scripts @@ -115,6 +132,7 @@ Right now, secrets are scattered between the two repositories. By moving I can c ** TODO Explicitly destroy Droplets before running Terraform apply? ** TODO Store updated =.tfstate= even in case of deployment failure Right now the script fails on Terraform commands before reaching git commands. I should trap the error, store on git and only then fail. +** TODO Fix alias in =bash-profile.sh= * Must ** Fully deployable from code Use NixOps and Terraform to fully automate all of the configuration. @@ -249,3 +267,4 @@ Instead, explicitly call =ansible-playbook= after =terraform apply= finished run This way we test the DNS A record -> Floating IP -> Droplet IP path. We can't do that inside Terraform declaration because the =local-exec= provisioning command runs before the =digitalocean_floating_ip_assignment= is created, and we can't create a cyclic dependency between the two resources. We could use the raw Droplet IP instead of the DNS A record, but I prefer calling it later in order to always test the full DNS resolution. +* Scrath |