106 lines
4.5 KiB
YAML
106 lines
4.5 KiB
YAML
uuid:
|
|
- value: f33ae168-76dc-4662-9998-5f6729d19523
|
|
langcode:
|
|
- value: en
|
|
type:
|
|
- target_id: daily_email
|
|
target_type: node_type
|
|
target_uuid: 8bde1f2f-eef9-4f2d-ae9c-96921f8193d7
|
|
revision_timestamp:
|
|
- value: '2025-05-11T09:00:55+00:00'
|
|
revision_uid:
|
|
- target_type: user
|
|
target_uuid: b8966985-d4b2-42a7-a319-2e94ccfbb849
|
|
revision_log: { }
|
|
status:
|
|
- value: true
|
|
uid:
|
|
- target_type: user
|
|
target_uuid: b8966985-d4b2-42a7-a319-2e94ccfbb849
|
|
title:
|
|
- value: 'Automating Ansible deployments in CI'
|
|
created:
|
|
- value: '2022-09-10T00:00:00+00:00'
|
|
changed:
|
|
- value: '2025-05-11T09:00:55+00:00'
|
|
promote:
|
|
- value: false
|
|
sticky:
|
|
- value: false
|
|
default_langcode:
|
|
- value: true
|
|
revision_translation_affected:
|
|
- value: true
|
|
path:
|
|
- alias: /daily/2022/09/10/automating-ansible-deployments-ci
|
|
langcode: en
|
|
body:
|
|
- value: |
|
|
<p>Once you have a deployment that's run using Ansible, rather than running it manually, it's easy to automate it as part of a continuous integration pipeline and have your changes pushed automatically by tools like GitHub Actions and GitLab CI.</p>
|
|
|
|
<p>You'll need to configure SSH by adding a known hosts file and a private key so the tool can connect to your server, but after that, it's just running the same Ansible commands.</p>
|
|
|
|
<p>If you're using Ansistrano or other roles, you can install dependencies by using <code>ansible-galaxy</code>, and <code>ansible-vault</code> to decrypt and use any encrypted variables - securely storing the Vault password and any other secrets as environment variables within your pipeline.</p>
|
|
|
|
<p>Here's an example using GitHub Actions:</p>
|
|
|
|
<pre><code>- name: Download Ansible roles
|
|
run: ansible-galaxy install -r requirements.yml
|
|
|
|
- name: Export the Ansible Vault password
|
|
run: echo $ANSIBLE_VAULT_PASS > .vault-pass.txt
|
|
env:
|
|
ANSIBLE_VAULT_PASS: $
|
|
|
|
- name: Deploy the code
|
|
run: >
|
|
ansible-playbook deploy.yml
|
|
-i inventories/$INVENTORY_FILE.ini
|
|
-e "project_git_branch=$GITHUB_SHA"
|
|
--vault-password-file=.vault-pass.txt
|
|
|
|
- name: Remove the Ansible Vault password file
|
|
run: rm .vault-pass.txt
|
|
</code></pre>
|
|
|
|
<p>Before these steps, I've added the SSH key and determined which inventory file to use by the updated branch. The Vault password is exported and then removed once it has been used.</p>
|
|
|
|
<p>Automated tests and other code quality checks can be run in prior job, ensuring that the deployment only happens if those checks pass, but assuming that all is good, the playbook will be run and the changes will be deployed automatically.</p>
|
|
|
|
|
|
format: full_html
|
|
processed: |
|
|
<p>Once you have a deployment that's run using Ansible, rather than running it manually, it's easy to automate it as part of a continuous integration pipeline and have your changes pushed automatically by tools like GitHub Actions and GitLab CI.</p>
|
|
|
|
<p>You'll need to configure SSH by adding a known hosts file and a private key so the tool can connect to your server, but after that, it's just running the same Ansible commands.</p>
|
|
|
|
<p>If you're using Ansistrano or other roles, you can install dependencies by using <code>ansible-galaxy</code>, and <code>ansible-vault</code> to decrypt and use any encrypted variables - securely storing the Vault password and any other secrets as environment variables within your pipeline.</p>
|
|
|
|
<p>Here's an example using GitHub Actions:</p>
|
|
|
|
<pre><code>- name: Download Ansible roles
|
|
run: ansible-galaxy install -r requirements.yml
|
|
|
|
- name: Export the Ansible Vault password
|
|
run: echo $ANSIBLE_VAULT_PASS > .vault-pass.txt
|
|
env:
|
|
ANSIBLE_VAULT_PASS: $
|
|
|
|
- name: Deploy the code
|
|
run: >
|
|
ansible-playbook deploy.yml
|
|
-i inventories/$INVENTORY_FILE.ini
|
|
-e "project_git_branch=$GITHUB_SHA"
|
|
--vault-password-file=.vault-pass.txt
|
|
|
|
- name: Remove the Ansible Vault password file
|
|
run: rm .vault-pass.txt
|
|
</code></pre>
|
|
|
|
<p>Before these steps, I've added the SSH key and determined which inventory file to use by the updated branch. The Vault password is exported and then removed once it has been used.</p>
|
|
|
|
<p>Automated tests and other code quality checks can be run in prior job, ensuring that the deployment only happens if those checks pass, but assuming that all is good, the playbook will be run and the changes will be deployed automatically.</p>
|
|
|
|
|
|
summary: null
|
|
field_daily_email_cta: { }
|