From 54fd61c887f266f8e2e6b1419a86fc6681116069 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Wed, 5 Jun 2019 16:38:53 -0300 Subject: Use Ansible instead of Bash for provisioning The deployment is not quite working, and I'm unable to test right now: DigitalOcean is returning 503 for my requests. As of this commit, I can run =ansible-playbook provider.yml= more than once and it will actually be idempotent. Notes: - SSH fingerprint are now taken from the public key file instead of manually supplying it in the terraform template using the =digitalocean_ssh_key= resource; - use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets created by Terraform; - use the =filename.env.extension= to create the concrete files in CI; - use the =user_data= to add the know SSH key pair to the newly created Droplet; - add =rotate-ssh-keys.sh= utils; --- scripts/ci/setup.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'scripts/ci/setup.sh') diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh index ee5ecf2..e6e85c9 100755 --- a/scripts/ci/setup.sh +++ b/scripts/ci/setup.sh @@ -18,9 +18,17 @@ popd echo "Done." # git smudge after git-crypt clears file permissions -chmod 600 ./secrets/vps_box -chmod 600 ./secrets/borg_remote +chmod 600 ./secrets/ssh/vps-box-client +chmod 600 ./secrets/borg/borg_remote cat .envrc >> ~/.buildenv source .envrc -envsubst < ./ssh.conf >> ~/.ssh/config + +export SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)" +export SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)" + +envsubst < ./cloud-config.env.yaml > ./cloud-config.yaml +envsubst < ./ssh.env.conf >> ~/.ssh/config +envsubst < ./hosts.env > ./hosts +envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml +envsubst < ./user-data.env.sh > ./user-data.sh -- cgit v1.2.3