Buy

git & Variables

With PHP setup, it's time to actually pull down our code onto the server. Let's think about what this process will look like. First, we need to create a directory. Then we need to clone our code with Git. Well there are several ways to get code onto a machine - but using Git is a really nice option.

The file Module

Let's create that directory. Not surprisingly, Ansible has module for this. Search for the "Ansible file module". Yes! This helps set attributes on files, symlinks and directories. If you need to create any of these or set permissions, this is your friend.

The most important option is path, but there are few other we'll need, like state, where you choose what type of "thing" the path should be, and also, owner, group and mode for permissions goodness.

You know the drill: create a new task: Create a project directory and set its permissions. Use become: true, use file and set path to, how about, /var/www/project. The state should be directory and add owner: vagrant and group: vagrant:

79 lines ansible/playbook.yml
---
- hosts: vb
tasks:
... lines 5 - 70
- name: Create project directory and set its permissions
become: true
file:
path: "/var/www/project"
state: directory
owner: "vagrant"
group: "vagrant"
... lines 78 - 79

This will let our SSH user write these files.

Tip

In some setups, you might want to have your web-server user - e.g. www-data - be the owner if this directory. Then, you can use become: www-data on future calls to become that user.

Oh, and set recurse: true - in case /var/www doesn't exist, it'll create that!

79 lines ansible/playbook.yml
---
- hosts: vb
tasks:
... lines 5 - 70
- name: Create project directory and set its permissions
become: true
file:
path: "/var/www/project"
state: directory
owner: "vagrant"
group: "vagrant"
recurse: yes

Referencing Variables

But don't try this yet! Thanks to our hosts.ini setup, we've told Ansible that we want to SSH as the user vagrant. We did that by overriding a built-in variable called ansible_user. Well, guess what? We can reference that same variable in our playbook! Instead of hardcoding vagrant, use Jinja: {{ ansible_user }}. Repeat that next to group:

79 lines ansible/playbook.yml
---
- hosts: vb
tasks:
... lines 5 - 70
- name: Create project directory and set its permissions
... line 72
file:
... lines 74 - 75
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
... lines 78 - 79

Start up your playbook!

ansible-playbook ansible/playbook.yml -i ansible/hosts.ini

The git Module

While we're waiting, let's move to the next step: cloning our code via Git. Unfortunately, Ansible does not have a Git module to help us... bah! Just kidding, it totally does! Search for the "Ansible git module" to find it.

The module does have Git as a requirement - but we already installed that. So our job is pretty simple: pass it the repo we want to clone, and the dest-ination we want to clone to.

Do it! Go to http://github.com/symfony/symfony-standard. To start, we'll pull down the Symfony Standard Edition instead of our MooTube code. But that's just temporary. I'll click the "Clone" button and copy the URL.

Now, add a task: Checkout Git repository:

85 lines ansible/playbook.yml
---
- hosts: vb
tasks:
... lines 5 - 79
- name: Checkout Git repository
... lines 81 - 85

We do not need become: true because we own the destination directory. Go straight to git, then repo set to the URL we just copied. For dest, put /var/www/project. Add force: yes: that'll discard uncommitted changes if there are any:

85 lines ansible/playbook.yml
---
- hosts: vb
tasks:
... lines 5 - 79
- name: Checkout Git repository
git:
repo: https://github.com/symfony/symfony-standard.git
dest: "/var/www/project"
force: yes

Head back to your terminal. Sweet! The directory was created! In the VM, the /var/www/project directory is empty.

Creating a Variable

Before we run the new git task, I want to solve one last thing: we have duplication! The directory name - /var/www/project is in two places:

85 lines ansible/playbook.yml
---
- hosts: vb
tasks:
... lines 5 - 70
- name: Create project directory and set its permissions
... line 72
file:
path: "/var/www/project"
... lines 75 - 79
- name: Checkout Git repository
git:
... line 82
dest: "/var/www/project"
... lines 84 - 85

Lame!

Well, good news: in addition to overriding variables - like ansible_user - we can create new variables.

Go all the way to the top of the file - right below hosts - though the order doesn't matter. Add a new vars: key, then below, set symfony_root_dir: /var/www/project:

88 lines ansible/playbook.yml
---
- hosts: vb
vars:
symfony_root_dir: /var/www/project
... lines 6 - 88

Copy that new variable name and use it just like before: {{ symfony_root_dir }}. Repeat that next to dest:

88 lines ansible/playbook.yml
---
- hosts: vb
vars:
symfony_root_dir: /var/www/project
tasks:
... lines 8 - 73
- name: Create project directory and set its permissions
... line 75
file:
path: "{{ symfony_root_dir }}"
... lines 78 - 82
- name: Checkout Git repository
git:
... line 85
dest: "{{ symfony_root_dir }}"
... lines 87 - 88

Ok, now I'm happy. Move over and try the playbook!

ansible-playbook ansible/playbook.yml -i ansible/hosts.ini

Looks good! Check the directory in the VM:

ls /var/www/project

Got it! The code is here, but it's not working yet: we need to install our Composer dependencies!

Leave a comment!

  • 2017-05-29 Victor Bocharsky

    Hey Jian,

    Ansible has a really great solution for it - the Vault, which helps you to store sensitive data like your DB credentials, passwords, secret tokens, etc. - you will discover it a bit later in this course, check it out here: https://knpuniversity.com/s... . But if we talk about connection to the server - you probably won't use plain passwords. Instead, SSH key is something that you need. And anyway, you need to configure connection to each of 1000 servers if they have different passwords / SSH keys on them.

    Cheers!

  • 2017-05-29 jian su

    well, that is kinda suck. For pulling down bitbucket I can use SSH keys no problem. Think about this situation. In a large enterprise, it is reasonable to ask sysadmins to have different passwords on each node. let's say have different passwords on 1000 nodes. Implementing that would be near impossible. we need a solution to store those keys or password inside Ansible , then when we deploy 1000 nodes we don't need to enter password. when configure server, you need to do alot interactive user prompts for other tasks. Just my thought and I think this is valid question.

  • 2017-05-29 Victor Bocharsky

    Hey Jian,

    Unfortunately, Ansible not able to fill interactive user prompts, that's why we add "--no-interactive" option in some Symfony commands. So you need to handle private repositories in a bit different way, i.e. use SSH key - you can add it in Bitbucket Settings / SSH keys. Also Bitbucket has another cool feature: "Access keys" - in your *repository* settings go to "Access keys" and add one. This access keys provide read-only access to your repository which is perfect for deployment.

    Cheers!

  • 2017-05-27 jian su

    hi Guys:

    When I checkout bitbucket, it will require me to enter my account password my checkout will stuck forever and waiting me to enter password. How Do I automatic that in Ansible?