Introduction to Ansible Transcripts
Lecture: Deploy Keys on GitHub
0:00 We're well on our way to completing our Ansible
0:02 playbook, learning a bunch of new modules
0:04 along the way, and finishing up our deployment.
0:06 Got through a few steps of setting up our DNS
0:09 setting up the web server even though we don't
0:11 have an upstream server yet, grabbing our certificate
0:13 from Let's Encrypt, and now in order to set up
0:16 our upstream server we need to set up
0:17 the source control, which is get is the source
0:19 control implementation we're using
0:21 and we're going to use GitHub, which is serving
0:23 as a central location that we can pull down
0:25 our source code from onto our web server.
0:27 There are a couple of steps for us here.
0:29 First we're going to create a new SSH key pair
0:32 and this will just be used for deploying our code.
0:35 So it'll be a deploy key with read-only access
0:37 to the Git repository that we want to clone.
0:41 We need to let GitHub know that
0:42 that's an authorized key and then we need
0:44 to install Git on our server and actually
0:46 pull down the code.
0:47 So let's give that a try now.
0:49 First step, we'll use ssh-keygen, which hopefully
0:51 you should be comfortable with at this point.
1:00 And we'll save this as a deploy key
1:01 in the current directory. No passphrase.
1:04 Now we can take a look at our deploy key, the public one.
1:10 And copy this. We're going to paste it into GitHub.
1:15 So log into your GitHub account and in my case
1:18 I'm going to do this directly on the full-stack
1:20 Python repository but you should fork
1:22 this repository, hit the fork button
1:25 so that you have your own copy that you can work with.
1:28 Go into settings, deploy keys, add a deploy key
1:34 give it a title that you'll recognize
1:36 paste it in, and don't allow write access
1:39 'cause we don't ever want our production server
1:41 to be pushing code back to our original repository.
1:44 We only want it to obtain the code from this repository.
1:49 Confirm your password and now we have our deploy key
1:52 all set up.
1:54 Next we want to ensure that Git is installed
1:57 on a remote server.
1:58 So head under rules/webserver/tasks, and modify
2:05 And we're going to include git.yml and then
2:08 create a file named git.yml.
2:15 First task will be easy enough.
2:17 We already used this many times before.
2:19 Want to ensure Git is installed.
2:22 apt module, name equals git, present, and yes
2:27 we want to update the cache.
2:29 And we have to have super-user privileges to do this.
2:33 Next, create a directory for our deploy key.
2:46 It's called git_deploy_key.
2:48 That way it's separated out from just our base
2:51 home directory.
2:53 It's under a subdirectory.
2:58 Now we need to upload the key that we just
3:01 generated onto our remote server.
3:03 We use the copy module to do that.
3:08 We'll have to set up a new variable
3:10 for the location of the deploy key and the deploy key name.
3:35 Just set the privileges on this for our deploy user.
3:42 And one last step, we just want to clone
3:44 our repository that we have on GitHub.
3:51 Now, the first time that you work
3:53 with a repository you will clone it
3:55 but in our case we want to either have it
3:57 be cloned if we don't already have the repository
3:59 on our server or we want to pull whatever
4:01 the latest code is every time we do a deployment.
4:07 Create a new variable for this and a variable
4:15 for the directory that we want our application
4:17 to be stored in.
4:33 All right, now this should pull our code from GitHub.
4:36 We just need to set some variables for this.
4:38 There's new variables.
4:39 Well, we already have deploy_user but
4:41 local_deploy_key_dir, read_only_deploy_key_name
4:43 code_repository and app_dir.
4:49 Open up your variables file.
4:59 So app_dir is the absolute path to our application.
5:07 And then local_deploy_key_dir is
5:09 on our local system, where is this deploy key located
5:13 In our case development/flask_deploy.
5:28 Remember, if you have cloned the repository
5:30 you're going to replace full-stack Python
5:32 with your own username.
5:33 Or if you're working with a different project
5:35 you'll put your Flask application or Python
5:38 or other programming language application
5:40 name there, whatever Git repository
5:42 that you want to clone onto the server.
5:49 And our read-only deploy key name is deploy key.