Skip to content

Deploying Server Applications with Ansible

Deploying an application server with lt-server-deploy

Before we deploy our applicaiton servers, we must learn how our SovereignTechStack repository is set up. Here is the layout of the repository. (This needs to be edited once file structure is finalized.)

[lt-server-setup]$ tree   
.
├── ansible.cfg
├── bootstrap_script.sh
├── group_vars
│   └── all
│       └── vaulted_vars.yml
├── inventory.ini
├── lt_server_bootstrap.yml
├── lt_server_deploy.yml
└── roles
    ├── 0_updateubuntu
    │   └── tasks
    │       └── main.yml
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ├── 5_installdocker
    │   └── tasks
    │       └── main.yml
    └── proxy_npm
        ├── tasks
        │   └── main.yml
        └── templates
            └── docker-compose.yml

While the sts_baseline.yml playbook calles Ansible roles starting with the numbers (0_updateubuntu through 5_installdocker), the lt-server-deploy.yml playbook only references the roles that install the apps.

Building your Infrastructure

In this snippet from lt-server-deploy.yml, we see that if we run the playbook with --tags npm, it will install NGINX Proxy Manager and Netbird to the hosts listed under [proxy] in the inventory file. Those tasks are part of the proxy_npm role.

- hosts: proxy
  name: Insalling NGINX Proxy Manager with Netbird
  tags: npm
  become: true
  roles:
    - proxy_npm

Let's start building out our infrastructure in the world of Ansible. First, let's adjust our inventory.ini file and put the server we just bootstrapped into a host group that relates to its purpose. We can simply just move the server to the from the [bootstraps] group to the [proxy] group. If we want to bootstrap a different server, we can add it to the [bootstraps]

[bootstraps]

[local]
localhost ansible_connection=local

[proxy]
203.0.113.74 server_tag=nextcloud ansible_user=serveradmin ansible_become_pass="{{ bootstrap_nonroot_user_password }}" ansible_ssh_private_key_file="~/.ssh/id_ed25519_<server_tag>_<bootstrap_nonroot_user>"
According to the reference at (NPM Proxy Manager page), we'll need to configure some additional variables. Follow the steps on the page to add variables to either the Ansible Vault or the inventory file or both.

Once your setting are configured, you can run the playbook with the relevant tag.

ansible-playbook lt_server_deploy.yml --ask-vault-pass --tags npm

Some considerations

Management of users and passwords

Consider how you want to manage the non-root user accounts across all your servers. Would you have the same user/password for ever server? If not, make sure that the ansible_userand ansible_become_pass="{{ xxx_become_pass }}" are properly sorted and align with what's in the Ansible Vault.

Management of SSH keys

This guide creates a unique SSH key for each server, but you may want to use a single key. In either case, you will have to adjust the variables in the inventory file and in the Ansible Vault to accommodate your setup.