10ba5b84e4
.settings both abandon django's send_mail(); instead incorporate requests to target Mailgun's HTTP API (DigitalOcean's SMTP blocker thwarted previous magic login link email attempts, but this issue has been resol ved with this commit)
96 lines
3.0 KiB
YAML
96 lines
3.0 KiB
YAML
- hosts: staging
|
|
|
|
tasks:
|
|
- name: Debug django_allowed_host
|
|
debug:
|
|
var: django_allowed_host
|
|
|
|
- name: Install docker
|
|
ansible.builtin.apt:
|
|
name: docker.io
|
|
state: latest
|
|
update_cache: true
|
|
become: true
|
|
|
|
- name: Add our user to the docker group, so we don't need sudo/become
|
|
ansible.builtin.user:
|
|
name: '{{ ansible_user }}'
|
|
groups: docker
|
|
append: true # don't remove any existing groups
|
|
become: true
|
|
|
|
- name: Reset ssh connection to allow the user/group change to take effect
|
|
ansible.builtin.meta: reset_connection
|
|
|
|
- name: Build container image locally
|
|
community.docker.docker_image:
|
|
name: gamearray
|
|
source: build
|
|
state: present
|
|
build:
|
|
path: /mnt/d/cosmovault/latticework/oreilly/percival/python-tdd
|
|
platform: linux/amd64
|
|
force_source: true
|
|
delegate_to: 127.0.0.1
|
|
|
|
- name: Export container image locally
|
|
community.docker.docker_image:
|
|
name: gamearray
|
|
archive_path: /tmp/gamearray-img.tar
|
|
source: local
|
|
delegate_to: 127.0.0.1
|
|
|
|
- name: Upload image to server
|
|
ansible.builtin.copy:
|
|
src: /tmp/gamearray-img.tar
|
|
dest: /tmp/gamearray-img.tar
|
|
|
|
- name: Import container image on server
|
|
community.docker.docker_image:
|
|
name: gamearray
|
|
load_path: /tmp/gamearray-img.tar
|
|
source: load
|
|
force_source: true
|
|
state: present
|
|
|
|
- name: Ensure .secret-key files exists
|
|
# the intention is that this only happens once per server
|
|
ansible.builtin.copy:
|
|
dest: ~/.secret-key
|
|
content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}"
|
|
mode: 0600
|
|
force: false # do not recreate file if it already exists
|
|
|
|
- name: Read secret key back from file
|
|
ansible.builtin.slurp:
|
|
src: ~/.secret-key
|
|
register: secret_key
|
|
|
|
- name: Ensure db.sqlite3 file exists outside container
|
|
ansible.builtin.file:
|
|
path: "{{ ansible_env.HOME }}/db.sqlite3"
|
|
state: touch
|
|
owner: 1234 # so nonroot user can access it in container
|
|
become: true # needed for ownership change
|
|
|
|
- name: Run container
|
|
community.docker.docker_container:
|
|
name: gamearray
|
|
image: gamearray
|
|
state: started
|
|
recreate: true
|
|
env:
|
|
DJANGO_DEBUG_FALSE: "1"
|
|
DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
|
|
DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"
|
|
DJANGO_DB_PATH: "/home/nonroot/db.sqlite3"
|
|
EMAIL_HOST_USER: "{{ email_host_user }}"
|
|
EMAIL_HOST_PASSWORD: "{{ email_host_password }}"
|
|
MAILGUN_API_KEY: "{{ mailgun_api_key }}"
|
|
ports:
|
|
80:8888 # container port 80 (standard http port) maps to server port 8888 (arbitrary internal port)
|
|
|
|
- name: Run migration inside container
|
|
community.docker.docker_container_exec:
|
|
container: gamearray
|
|
command: ./manage.py migrate |