{"id":18338738,"url":"https://github.com/tableflip/tars-infrastructure","last_synced_at":"2025-04-09T20:35:47.664Z","repository":{"id":72911184,"uuid":"53954230","full_name":"tableflip/tars-infrastructure","owner":"tableflip","description":":floppy_disk: Ansible scripts for deploying TARS","archived":false,"fork":false,"pushed_at":"2017-11-08T12:48:10.000Z","size":30,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-15T12:46:43.862Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tableflip.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-15T15:05:30.000Z","updated_at":"2017-11-08T12:44:31.000Z","dependencies_parsed_at":"2023-05-26T01:15:29.732Z","dependency_job_id":null,"html_url":"https://github.com/tableflip/tars-infrastructure","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tableflip%2Ftars-infrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tableflip%2Ftars-infrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tableflip%2Ftars-infrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tableflip%2Ftars-infrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tableflip","download_url":"https://codeload.github.com/tableflip/tars-infrastructure/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248108348,"owners_count":21049116,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T20:15:03.618Z","updated_at":"2025-04-09T20:35:47.642Z","avatar_url":"https://github.com/tableflip.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TARS infrastructure\n\n**Ansible scripts for deploying TARS**\n\n```sh\n├── Vagrantfile        # Test the scripts locally with `vagrant up`\n├── group_vars         # Common variables and deploy secrets\n├── dev                # Inventory of hosts used in local dev\n├── production         # Inventory of LIVE hosts\n├── roles              # Define the tasks that set up a given role.\n├── bootstrap.yml      # Playbook for getting new vms up to spec.\n└── deploy.yml         # Playbook for updating our app.\n```\n\n[Ansible](http://docs.ansible.com/ansible/index.html) works by assigning roles to hosts.\n\n- A **host** is any server in our infrastructure.\n- A **role** can be things like `frontend`, `db`, etc.\n\nRoles contain the tasks and and files to install and configure the services needed.\n\n**e.g**: `frontend` _clones our app code, installs npm deps, and configures nginx as a proxy._\n\nKey to making it work is ensuring tasks are idempotent. We can run all the tasks at any time. Either the task changes the system as required, or has no effect if that change is already in place.\n\nAn **inventory** defines named groups of servers. We use **playbooks** to assign roles those groups. We have a playbook that bootstraps a brand new vm to be used by ansible, which we assume will be run once on against each machine.\n\n```sh\nansible-playbook -i production bootstrap.yml --extra-vars \"ansible_user=root\"\n```\n\nwhere\n- `-i production` limits the hosts affected to just those listed in `production/inventory`\n- `bootstrap.yml` is the playbook to run.\n- `--extra-vars \"ansible_user=root\"` tells ansible to connect as `root` for this run. It's only needed while we don't have an ansible user.\n\n[`bootstrap.yml`](bootstrap.yml) just steps up the ansible user and not much else.\n\n```yaml\n- hosts: app\n  roles:\n    - bootstrap\n```\n\nBy assigning `app` hosts the role `bootstrap`, it's telling ansible to run the tasks defined in [`roles/boostrap/tasks/main.yml`](roles/bootstrap/tasks/main.yml)\n\n```yaml\n- name: Ensure base OS is up-to-date\n  become: yes\n  apt: upgrade=dist update_cache=yes\n\n- name: Ensure ansible user exists\n  become: yes\n  user: name=ansible comment=\"Ansible\" groups=\"ansible,sudo\"\n...\n```\n\nOnce we have an ansible user, we can forget about about bootstrap, and get on with setting up our roles, as defined in [`deploy.yml`](deploy.yml)\n\nAt the start of a project, it's normal to have all the roles on the same host; a single vm dealing with the frontend, api and db, as it's then much easier to roll out additional VMs for staging and test.\n\nWhen we need to scale the infrastructure we can add additional hosts to an inventory, to scale a roll horizontally across many identically configured servers, and we can split roles our to separate hosts, to create optimised VMs with a single purpose; e.g. a separate `db` server.\n\n## Prerequisites\n\n**You will need some secrets.** A `secrets.yaml` file to be precise, from the TABLEFLIP vault.\nDrop it into the `group_vars/all/` dir, and your good to go.\n\n## Usage\n\n**To bootstrap a local test server with vagrant**\n\n- Install ansible\n- Install vagrant (`brew install vagrant`)\n- Add to your local `/etc/hosts`:\n```\n10.100.107.100\tdev.tars.tableflip.io\n```\n\n```sh\n# Download and provision a vm\nvagrant up\n\n# Update app vm\nansible-playbook -i dev deploy.yml\n```\n\nYou now have the app \u0026 ops vm, running locally\n\n**To bootstrap a new production vm**\n\n- Add the new remote to the relevant inventory\n- Add your public ssh key in `/root/.ssh/authorized_keys` on the remote\n\n```sh\n# bootstrap ansible user\nansible-playbook -i production bootstrap.yml --extra-vars \"ansible_user=root\"\n\n# Intall app and dependencies\nansible-playbook -i production deploy.yml\n```\n\n## Secrets - Ansible Vault\n\nSee: http://docs.ansible.com/ansible/playbooks_vault.html\n\n**Creating Encrypting Files**\n\nEncrypt a list of files. You'll be prompted for a passphrase which'll be the key for decrypting them.\n\n```sh\nansible-vault encrypt [files]\n```\n\nFor example, to encrypt our deploy keys and secrets, we do:\n\n```sh\nansible-vault encrypt group_vars/all/keys.yml group_vars/dev/dev_secrets.yml group_vars/next/next_secrets.yml group_vars/production/production_secrets.yml\n```\n\n**Editing Encrypted Files**\n\n```sh\nansible-vault edit group_vars/production/production_secrets.yml\n```\n\nWill prompt you for the passphrase and open the file your default $EDITOR as configured in your shell.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftableflip%2Ftars-infrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftableflip%2Ftars-infrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftableflip%2Ftars-infrastructure/lists"}