{"id":16442397,"url":"https://github.com/richardknop/pinglist-aws-ansible","last_synced_at":"2026-05-09T07:39:18.611Z","repository":{"id":148613134,"uuid":"54318660","full_name":"RichardKnop/pinglist-aws-ansible","owner":"RichardKnop","description":"Ansible manifests to configure the Pinglist platform.","archived":false,"fork":false,"pushed_at":"2017-05-31T22:05:03.000Z","size":1047,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-26T03:37:56.453Z","etag":null,"topics":["ansible","aws"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RichardKnop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-20T13:22:03.000Z","updated_at":"2017-06-05T08:05:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"572997c7-7aeb-488d-b818-d10a510fbbcd","html_url":"https://github.com/RichardKnop/pinglist-aws-ansible","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RichardKnop/pinglist-aws-ansible","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RichardKnop%2Fpinglist-aws-ansible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RichardKnop%2Fpinglist-aws-ansible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RichardKnop%2Fpinglist-aws-ansible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RichardKnop%2Fpinglist-aws-ansible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RichardKnop","download_url":"https://codeload.github.com/RichardKnop/pinglist-aws-ansible/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RichardKnop%2Fpinglist-aws-ansible/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32811656,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"online","status_checked_at":"2026-05-09T02:00:06.633Z","response_time":123,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","aws"],"created_at":"2024-10-11T09:17:17.440Z","updated_at":"2026-05-09T07:39:18.578Z","avatar_url":"https://github.com/RichardKnop.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#having-ec2-create-your-key-pair\n\n# Pinglist AWS Ansible\n\nAnsible manifests to configure the Pinglist platform.\n\nSee also:\n- [pinglist-aws-terraform](https://github.com/RichardKnop/pinglist-aws-terraform)\n- [pinglist-api](https://github.com/RichardKnop/pinglist-api)\n- [pinglist-app](https://github.com/RichardKnop/pinglist-app)\n- [pinglist-ios-app](https://github.com/RichardKnop/pinglist-ios-app)\n\n# Index\n\n* [Pinglist AWS Ansible](#pinglist-aws-ansible)\n* [Index](#index)\n* [Requirements](#requirements)\n  * [Requirements For AWS Provisioning](#requirements-for-aws-provisioning)\n  * [Setting Up GPG-encrypted Vault Support](#setting-up-gpg-encrypted-vault-support)\n  * [Encrypt / Decrypt Vault Password](#encrypt--decrypt-vault-password)\n* [Provisioning](#provisioning)\n* [Resources](#resources)\n\n# Requirements\n\nYou need Ansible. Create a virtual Python environment and install requirements:\n\n```\nvirtualenv .venv\nsource .venv/bin/activate\npip install -r requirements.txt\n```\n\nTo setup CoreOS hosts for Ansible, we will use coreos-bootstrap role:\n\n```\nansible-galaxy install defunctzombie.coreos-bootstrap -p ./roles\n```\n\n## Requirements For AWS Provisioning\n\nTo successfully make an API call to AWS, you will need to configure `boto` (the Python interface to AWS). There are a variety of methods available, but the simplest is just to export two environment variables:\n\n- `AWS_ACCESS_KEY_ID`\n- `AWS_SECRET_ACCESS_KEY`\n\nTest that the dynamic inventory file is working:\n\n```\n./ec2.py --list\n```\n\nRender an SSH configuration file, i.e.:\n\n```\n./render-ssh-config.sh \u003cenv-name-prefix\u003e\n```\n\n## Setting Up GPG-encrypted Vault Support\n\nYou will need to have setup [gpg-agent](https://www.gnupg.org/) on your computer before you start.\n\n```\nbrew install gpg\nbrew install gpg-agent\n```\n\nIf you haven't already generated your PGP key (it's ok to accept the default options if you never done this before):\n\n```\ngpg --gen-key\n```\n\nGet your KEYID from your keyring:\n\n```\ngpg --list-secret-keys | grep sec\n```\n\nThis will probably be pre-fixed with 2048R/ or 4096R/ and look something like 93B1CD02.\n\nSend your public key to PGP key server:\n\n```\ngpg --keyserver pgp.mit.edu --send-keys KEYID\n```\n\nTo import a public key (e.g. when a new engineer joins the team):\n\n```\ngpg --keyserver pgp.mit.edu --search-keys john@doe.com\n```\n\nCreate `~/.bash_gpg`:\n\n```\nenvfile=\"${HOME}/.gnupg/gpg-agent.env\"\n\nif test -f \"$envfile\" \u0026\u0026 kill -0 $(grep GPG_AGENT_INFO \"$envfile\" | cut -d: -f 2) 2\u003e/dev/null; then\n  eval \"$(cat \"$envfile\")\"\nelse\n  eval \"$(gpg-agent --daemon --log-file=~/.gpg/gpg.log --write-env-file \"$envfile\")\"\nfi\nexport GPG_AGENT_INFO  # the env file does not contain the export statement\n```\n\nAdd to `~/.bash_profile`:\n\n```\nGPG_AGENT=$(which gpg-agent)\nGPG_TTY=`tty`\nexport GPG_TTY\n\nif [ -f ${GPG_AGENT} ]; then\n  . ~/.bash_gpg\nfi\n```\n\nStart a new shell or source the current environment:\n\n```\nsource ~/.bash_profile\n```\n\n## Encrypt / Decrypt Vault Password\n\nEncrypt the vault password:\n\n```\necho \"the vault password\" | gpg -e -r \"risoknop@gmail.com\" \u003e vault_password.gpg\n```\n\nAnsible will decrypt the file based using PGP key from your keyring. See `vault_password_file` option in the `ansible.cfg` configuration file.\n\n## Required Secure Variables\n\nThis repository is using `ansible-vault` to secure sensitive information. Secure variables for each environment are stored in a separate file in `environments` directory:\n\n```\n.\n├── environments\n│   ├── stage.yml\n│   └── prod.yml\n│\n└── ...\n```\n\nIf you already know the password you do not need to recreate the `environments/\u003cenv-name-prefix\u003e.yml` file.\n\nYou can edit variables stored in the vault:\n\n```\nansible-vault edit environments/\u003cenv-name-prefix\u003e.yml\n```\n\nRequired contents for `environments/\u003cenv-name-prefix\u003e.yml` (if you don't know the password):\n\n```yml\ndatabase_max_open_conns: 5\ndatabase_max_idle_conns: 5\napi_database_password: \"database_password\"\napp_database_password: \"app_database_password\"\napp_secret: \"session_secret\"\napp_static_storage: \"django.contrib.staticfiles.storage.StaticFilesStorage\"\noauth_client_id: \"oauth_client_id\"\noauth_secret: \"oauth_secret\"\nfacebook_app_id: \"facebook_app_id\"\nfacebook_app_secret: \"facebook_app_secret\"\napns_platform_application_arn: \"apns_platform_application_arn\"\ngcm_platform_application_arn: \"gcm_platform_application_arn\"\nsendgrid_api_key: \"sendgrid_api_key\"\nstripe_secret_key: \"stripe_secret_key\"\nstripe_publishable_key: \"stripe_publishable_key\"\napi_scheme: \"https\"\napi_host: \"\u003cenv-name-prefix\u003e-app.{{ domain_name }}\"\napp_scheme: \"https\"\napp_host: \"\u003cenv-name-prefix\u003e-api.{{ domain_name }}\"\nis_development: false\n```\n\n# Provisioning\n\nIn order to provision an environment, do something like:\n\n```\nmake deploy DEPLOY_ENV=\u003cenv-name-prefix\u003e\n```\n\nIt's recommended to use verbose flags to see more output for debugging:\n\n```\nmake deploy DEPLOY_ENV=\u003cenv-name-prefix\u003e ARGS=-vvv\n```\n\n# Resources\n\n- [How To Use GPG on the Command Line][1]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frichardknop%2Fpinglist-aws-ansible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frichardknop%2Fpinglist-aws-ansible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frichardknop%2Fpinglist-aws-ansible/lists"}