...
- Check out $TIS-DEVOPS
- Create a new directory under ansible/roles/docker-compose/templates/:stack_name, these files are treated like Jinja2 templates so variables can be used throughout.
Add a docker-compose.yml in that new directory. If your application needs environment variables then use an environment section, i.e.
Code Block environment: DATABASE_HOST: "{{ database['host'] }}"
Create new playbook under ansible/ directory that matches your service name
- Add the hosts to the Ansible inventory file for platforms you are targeting.
Commit and push your changes to Github.
- Create a deploy job in Jenkins by copying the 'revalidation-dev-deploy' job and changing the export STACK=revalidation to match your stack name.
Encrypted Content with Vault
We use Ansible Vault to encrypt sensitive settings in configuration files. The process for encrypting, decrypting and rekeying is well documented on the Ansible site so this section simply outlines how we are configuring it internally.
Our build server is configured to use a user called jenkins so we have added a password file in /etc/ansible/vault_password which is only readable by that user. We then configure Ansible to use that file for any encrypted setting files by using an /etc/ansible/ansible.cfg that looks like this;
Code Block |
---|
[defaults]
# some basic default values...
vault_password_file = /etc/ansible/vault_password |
When Jenkins runs any Ansible playbooks that contain encrypted content then Ansible will pick up the password automatically.