Introduction to Ansible Transcripts
Lecture: Deploy Keys on GitHub
0:00 We're well on our way to completing our Ansible playbook, learning a bunch of new modules along the way, and finishing up our deployment.
0:07 Got through a few steps of setting up our DNS setting up the web server even though we don't have an upstream server yet, grabbing our certificate
0:14 from Let's Encrypt, and now in order to set up our upstream server we need to set up the source control, which is get is the source
0:20 control implementation we're using and we're going to use GitHub, which is serving as a central location that we can pull down
0:26 our source code from onto our web server. There are a couple of steps for us here. First we're going to create a new SSH key pair
0:33 and this will just be used for deploying our code. So it'll be a deploy key with read-only access to the Git repository that we want to clone.
0:42 We need to let GitHub know that that's an authorized key and then we need to install Git on our server and actually pull down the code.
0:48 So let's give that a try now. First step, we'll use ssh-keygen, which hopefully you should be comfortable with at this point.
1:01 And we'll save this as a deploy key in the current directory. No passphrase. Now we can take a look at our deploy key, the public one.
1:11 And copy this. We're going to paste it into GitHub. So log into your GitHub account and in my case I'm going to do this directly on the full-stack
1:21 Python repository but you should fork this repository, hit the fork button so that you have your own copy that you can work with.
1:29 Go into settings, deploy keys, add a deploy key give it a title that you'll recognize paste it in, and don't allow write access
1:40 'cause we don't ever want our production server to be pushing code back to our original repository.
1:45 We only want it to obtain the code from this repository. Confirm your password and now we have our deploy key all set up.
1:55 Next we want to ensure that Git is installed on a remote server. So head under rules/webserver/tasks, and modify main.yml.
2:06 And we're going to include git.yml and then create a file named git.yml. First task will be easy enough. We already used this many times before.
2:20 Want to ensure Git is installed. apt module, name equals git, present, and yes we want to update the cache.
2:30 And we have to have super-user privileges to do this. Next, create a directory for our deploy key.
2:47 It's called git_deploy_key. That way it's separated out from just our base home directory. It's under a subdirectory.
2:59 Now we need to upload the key that we just generated onto our remote server. We use the copy module to do that. We'll have to set up a new variable
3:11 for the location of the deploy key and the deploy key name.
3:36 Just set the privileges on this for our deploy user. And one last step, we just want to clone our repository that we have on GitHub.
3:52 Now, the first time that you work with a repository you will clone it but in our case we want to either have it
3:58 be cloned if we don't already have the repository on our server or we want to pull whatever the latest code is every time we do a deployment.
4:08 Create a new variable for this and a variable for the directory that we want our application to be stored in.
4:34 All right, now this should pull our code from GitHub. We just need to set some variables for this. There's new variables.
4:40 Well, we already have deploy_user but local_deploy_key_dir, read_only_deploy_key_name code_repository and app_dir. Open up your variables file.
5:00 So app_dir is the absolute path to our application. And then local_deploy_key_dir is on our local system, where is this deploy key located
5:14 In our case development/flask_deploy. Remember, if you have cloned the repository
5:31 you're going to replace full-stack Python with your own username. Or if you're working with a different project
5:36 you'll put your Flask application or Python or other programming language application name there, whatever Git repository
5:43 that you want to clone onto the server. And our read-only deploy key name is deploy key.