Continuous delivery with Travis CI and Ansible
Configure Continuous Delivery CD for your project from github.com
Necessary:
- Repository on github.com
- Server for Ansible (for example ip: 1.1.1.1)
- Server to deploy your project (for example ip: 2.2.2.2)
- Local machine with customized project
- Basic command line knowledge, Travis CI and Ansible
Setting up the server on which we will deploy the project
[ root@2.2.2.2 ] adduser ansible # , Ansible [ root@2.2.2.2 ] su - ansible [ ansible@2.2.2.2 ] ssh-keygen -t rsa -b 4096 -C 'github' -f ~/.ssh/github_key # passphrase [ ansible@2.2.2.2 ] eval "$(ssh-agent -s)" [ ansible@2.2.2.2 ] ssh-add ~/.ssh/github_key [ ansible@2.2.2.2 ] cat ~/.ssh/github_key.pub # github_key.pub Add the public key github_key.pub to the keys for repository deployment on github.com
(In the github.com repository settings the “Deploy keys” tab)
')
Setting up the server with Ansible
[ root@1.1.1.1 ] yum install ansible [ root@1.1.1.1 ] adduser ansible # , Travis [ root@1.1.1.1 ] su - ansible [ ansible@1.1.1.1 ] ssh-keygen -t rsa -b 4096 -C 'ansible' -f ~/.ssh/ansible_key # passphrase [ ansible@1.1.1.1 ] eval "$(ssh-agent -s)" [ ansible@1.1.1.1 ] ssh-add ~/.ssh/ansible_key [ ansible@1.1.1.1 ] cat ~/.ssh/ansible_key.pub # ansible_key.pub Add the public key ansible_key.pub to the server of our project
[ ansible@2.2.2.2 ] mcedit .ssh/authorized_keys [ ansible@2.2.2.2 ] chmod 600 .ssh/authorized_keys Add our project's server ip to the hosts.yml file
[ ansible@1.1.1.1 ] mcedit /path/to/ansible/hosts.yml hosts.yml
[ansible] 2.2.2.2 Write a small playbook that will upload the current version of the master branch
[ ansible@1.1.1.1 ] mcedit /path/to/ansible/playbook.yml playbook.yml
- hosts: all user: ansible tasks: - name: Clone git repo git: repo: ssh://git@github.com/{github_username}/{github_repo}.git dest: /home/ansible/var/www/{github_repo} version: master accept_hostkey: yes force: yes Travis setup
Register online at travis-ci.org through your github.com account
Enable integration for the desired repository.
In the Travis repository settings, enable:
- Build only if .travis.yml is present
- Build branch updates
On your local machine, where you have a project deployed, install the travis utility and log in:
[ user@local ] gem install travis [ user@local ] travis login --auto Generate ssh key without passphrase with which Travis will connect to the Ansible server.
[ user@local ] ssh-keygen -t rsa -b 4096 -C 'travis' -f travis_key # passphrase Travis Ansible [ user@local ] cat travis_key.pub # travis_key.pub Add the public key travis_key.pub to the Ansible server in the /home/ansible/.ssh/authorized_keys file
[ ansible@1.1.1.1 ] mcedit /home/ansible/.ssh/authorized_keys [ ansible@1.1.1.1 ] chmod 600 /home/ansible/.ssh/authorized_keys Encrypt the travis utility private key:
[ user@local ] travis encrypt-file travis_key --add At the output should appear the file travis_key.enc and .travis.yml . In the .travis.yml file there will be a string to decrypt our key like this
openssl aes-256-cbc -K $encrypted_412afa050e5f_key -iv $encrypted_412afa050e5f_iv -in travis_key.enc -out /tmp/travis_key -d Add both files to git :
[ user@local ] git add travis_key.enc .travis.yml Edit the .travis.yml file:
[ user@local ] mcedit /path/to/repo/.travis.yml .travis.yml
language: node_js # node_js install: true # sudo: false branches: # master only: - master script: - openssl aes-256-cbc -K $encrypted_412afa050e5f_key -iv $encrypted_412afa050e5f_iv -in travis_key.enc -out /tmp/travis_key -d # - eval "$(ssh-agent -s)" - chmod 600 /tmp/travis_key - ssh-add /tmp/travis_key - ssh -o "StrictHostKeyChecking no" ansible@1.1.1.1 'ansible-playbook playbook.yml' # Ansible playbook Pour changes to git :
[ user@local ] git push origin master After that, something like this Build should appear on the repository page in Travis .
Travis build
The command "openssl aes-256-cbc -K $encrypted_412afa050e5f_key -iv $encrypted_412afa050e5f_iv -in travis_key.enc -out /tmp/travis_key -d" exited with 0. 0.01s$ eval "$(ssh-agent -s)" Agent pid 1842 The command "eval "$(ssh-agent -s)"" exited with 0. 0.01s$ chmod 600 /tmp/travis_key The command "chmod 600 /tmp/travis_key" exited with 0. 0.01s$ ssh-add /tmp/travis_key Identity added: /tmp/travis_key (/tmp/travis_key) The command "ssh-add /tmp/travis_key" exited with 0. 16.68s$ ssh -o "StrictHostKeyChecking no" ansible@2.2.2.2 'ansible-playbook playbook.yml' Warning: Permanently added '2.2.2.2' (ECDSA) to the list of known hosts. PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [2.2.2.2] TASK [Clone git repo] ********************************************************** changed: [2.2.2.2] PLAY RECAP ********************************************************************* 2.2.2.2 : ok=1 changed=1 unreachable=0 failed=0 The command "ssh -o "StrictHostKeyChecking no" ansible@2.2.2.2 'ansible-playbook playbook.yml" exited with 0. Done. Your build exited with 0. Now, with changes in the master branch, Travis will start, which will call Ansible , and he will upload the latest version of your code to the server with the project.
I hope that this instruction is useful to someone.
Source: https://habr.com/ru/post/325438/
All Articles