Isleward’s infrastructure has changed. I wrote a new post about it which you can read here.
This basically involves two things:
- Setting up and maintaining the server VMs
- Deploying the Isleward application
If you are interested in how this all works, read on :)
Setting up and Maintaining the VMs
To provision and maintain the VMs hosted on Vultr, I am using Ansible.
Ansible is a tool that automates software provisioning, configuration management and application deployment in a state-aware manner over SSH. All it needs on the target machine is an enabled SSH service (or WinRM in case of Windows targets) and Python installed.
While Ansible can handle application deployment, I am actually using a separate tool for that, more on that below.
The whole thing is orchestrated by an Ansible playbook, the playbook is a collection of so-called roles, which consist of individual tasks; it is configuration as code.
The playbook can be found here, the roles are included as git submodules. Let’s look at them a bit closer.
First thing that should be mentioned is that the roles are as independent of eachother as possible and all of them were written with only CentOS 7 in mind but changing them to work on Ubuntu/Debian or even Windows should be fairly trivial.
The users role sets up and secures the users necessary to run isleward; one maintenance user with passwordless sudo enabled and one user to run isleward, sans sudo.
The node-lts role is a very simple role that only adds the nodesource repository and installs/updates the 8.x LTS version of NodeJS.
The stagecoach role installs stagecoach on the VM. Stagecoach is the framework used to actually deploy Isleward, more on that below.
This role sets up misc stuff needed to run Isleward, minus nodejs and forever. It also schedules the hourly database backup.
And finally, the sshd role secures sshd by changing the default port, turning off ssh for the root user and disables password authentication (meaning you can only use ssh keys to authenticate).
Currently work in progress and therefore not included as of yet. Nginx configuration is handled manually for now. I am as disappointed as you are :p
Deploying the Isleward Application
To actually deploy the application, I am using stagecoach which is a very clever framework made by the developers of ApostropheCMS.
My fork of stagecoach is a bit cleaned up and doesn’t contain the example application or deprecated code and can be found here.
Stagecoach is basically just a set of bash scripts. It needs to be present on the server and on the machine you deploy from to work correctly.
Stagecoach handles deployment of the application over ssh, installs dependencies (like for example npm packages) and by default keeps 5 last deployments as backup that can be restored using a single command.
The whole framework actually consists of three parts:
- Stagecoach scripts installed on the server
- Stagecoach scripts installed on the deploying machine
- A few configuration scripts that run pre and post deploy, those reside in a
deploymentfolder of the application you are deploying.
Since the last part is kind of sensitive - Isleward’s
deployment configuration actually copies over some sensitive files before Isleward is deployed on a server, it’s cloned from a private repository into the Isleward checkout on runtime, so you can’t find this folder in the Isleward repo.
Currently, I am running the deployment script manually, but we’re looking into ways to remove that dependency, which would make it possible automate this even more (continuous deployment is neat after all).
And that’s all folks, if you have any questions, comments, or other feedback do not hesitate to let me know, you can find the contact in the footer :)
~ Vildravn>> Home