Ansible playbook to set up build server for fsfe.org https://status.fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Max Mehl ecc524c7d5
sync website to both webservers
2 months ago
.reuse make REUSE compliant 1 year ago
LICENSES make REUSE compliant 1 year ago
files make REUSE compliant 1 year ago
group_vars make REUSE compliant 2 years ago
inventory@6704314ee8 bump inventory 2 months ago
roles/certbot-standalone make REUSE compliant 2 years ago
tasks remove duplicated task 2 months ago
templates sync website to both webservers 2 months ago
.gitmodules bumped inventory and changed README.md to reflect dynamic inventory 10 months ago
README.md reflect changed webserver repo name 2 months ago
ansible.cfg make run behind our ip-proxy 5 months ago
setup.yml make REUSE compliant 2 years ago
vaultpw.gpg add reinhard 2 years ago
vaultpw.gpg.license make REUSE compliant 2 years ago
vaultpw.sh make REUSE compliant 2 years ago

README.md

FSFE Build Server

REUSE status

This Ansible playbook automatically sets up the build server for the FSFE website.

Clone this repo:

git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/build-server.git

Update the inventory submodule to reflect the newest changes to the list of our hosts and the groups that they are in:

git submodule update --remote inventory

Features

  • Set up build server from scratch
  • Enable build server to access the webserver(s)
  • Clone the git repos for fsfe-website (master and test branch)
  • Configure the web build status page incl. TLS cert
  • Set up cronjob to make the website build automatically

Deploy

To deploy the while playbook, just run:

ansible-playbook setup.yml \
        -l "buildserver,webserver,gitserver"

This will make all edits as described. Please note that you will have to be able to decrypt vaultpw.gpg.

Playbook Structure

The playbook is logically split in multiple tasks, all initiated from setup.yml. It also includes a role copied from webserver for certbot.

All variables are defined in group_vars/all.

Build server structure

The build runs as an unprivileged user, currently build.

All significant build files reside under /srv/www (or {{ build_dir }} respectively). There also in a crontab file and of course the Apache2 config and Let's Encrypt files.

Notes

  • There is one encrypted string and three files for the LDAP authentication to run a full build. The files are encrypted with the GPG keys of the System Hackers coordinators.
  • The build server's public SSH key needs to be set as deploy key in the Git repo. Instructions will appear in the output if access to Git does not seem to be possible.