michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e60584848287a84e1bd0a4e0a95cdbe5ba22327
michaelschiemer/deployment/scripts/setup-production.sh

212 lines
5.6 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
set -e
# Setup Production Server
# This script performs initial production server setup with Ansible
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
DEPLOYMENT_DIR="$(dirname "$SCRIPT_DIR")"
ANSIBLE_DIR="$DEPLOYMENT_DIR/ansible"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
echo ""
echo "🚀 Production Server Setup"
echo "=========================="
echo ""
# Function to print colored messages
print_success() {
echo -e "${GREEN}$1${NC}"
}
print_error() {
echo -e "${RED}$1${NC}"
}
print_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
print_info() {
echo -e "${BLUE} $1${NC}"
}
# Check if running from correct directory
if [ ! -f "$ANSIBLE_DIR/ansible.cfg" ]; then
print_error "Error: Must run from deployment/scripts directory"
exit 1
fi
cd "$ANSIBLE_DIR"
# Step 1: Check Prerequisites
echo "Step 1: Checking Prerequisites"
echo "------------------------------"
# Check Ansible installed
if ! command -v ansible &> /dev/null; then
print_error "Ansible is not installed"
echo ""
echo "Install Ansible:"
echo " pip install ansible"
exit 1
fi
print_success "Ansible is installed: $(ansible --version | head -n1)"
# Check Ansible playbooks exist
if [ ! -f "$ANSIBLE_DIR/playbooks/setup-production-secrets.yml" ]; then
print_error "Ansible playbooks not found"
exit 1
fi
print_success "Ansible playbooks found"
# Check SSH key
SSH_KEY="$HOME/.ssh/production"
if [ ! -f "$SSH_KEY" ]; then
print_warning "SSH key not found: $SSH_KEY"
echo ""
read -p "Do you want to create SSH key now? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
ssh-keygen -t ed25519 -f "$SSH_KEY" -C "ansible-deploy"
chmod 600 "$SSH_KEY"
chmod 644 "$SSH_KEY.pub"
print_success "SSH key created"
echo ""
echo "📋 Public key:"
cat "$SSH_KEY.pub"
echo ""
print_warning "You must add this public key to the production server:"
echo " ssh-copy-id -i $SSH_KEY.pub deploy@94.16.110.151"
echo ""
read -p "Press ENTER after adding SSH key to server..."
else
print_error "SSH key is required for Ansible"
exit 1
fi
else
print_success "SSH key found: $SSH_KEY"
fi
echo ""
# Step 2: Setup Ansible Secrets
echo "Step 2: Setup Ansible Secrets"
echo "-----------------------------"
# Check if vault file exists
if [ ! -f "$ANSIBLE_DIR/secrets/production.vault.yml" ]; then
print_warning "Vault file not found"
echo ""
read -p "Do you want to run init-secrets.sh now? (Y/n): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Nn]$ ]]; then
"$ANSIBLE_DIR/scripts/init-secrets.sh"
else
print_error "Vault file is required"
exit 1
fi
else
print_success "Vault file exists"
fi
# Check vault password file
if [ ! -f "$ANSIBLE_DIR/secrets/.vault_pass" ]; then
print_error "Vault password file not found: secrets/.vault_pass"
echo ""
echo "Run init-secrets.sh to create vault password file:"
echo " $ANSIBLE_DIR/scripts/init-secrets.sh"
exit 1
fi
print_success "Vault password file found"
# Verify vault can be decrypted
if ! ansible-vault view "$ANSIBLE_DIR/secrets/production.vault.yml" \
--vault-password-file "$ANSIBLE_DIR/secrets/.vault_pass" > /dev/null 2>&1; then
print_error "Failed to decrypt vault file"
echo "Check your vault password in: secrets/.vault_pass"
exit 1
fi
print_success "Vault file can be decrypted"
echo ""
# Step 3: Test Connection
echo "Step 3: Test Connection to Production"
echo "-------------------------------------"
if ansible production -m ping 2>&1 | grep -q "SUCCESS"; then
print_success "Connection to production server successful"
else
print_error "Connection to production server failed"
echo ""
echo "Troubleshooting steps:"
echo "1. Test SSH manually: ssh -i $SSH_KEY deploy@94.16.110.151"
echo "2. Verify SSH key is added: ssh-copy-id -i $SSH_KEY.pub deploy@94.16.110.151"
echo "3. Check inventory file: cat $ANSIBLE_DIR/inventory/production.yml"
exit 1
fi
echo ""
# Step 4: Deploy Secrets to Production
echo "Step 4: Deploy Secrets to Production"
echo "------------------------------------"
read -p "Deploy secrets to production server? (Y/n): " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Nn]$ ]]; then
print_info "Deploying secrets to production..."
echo ""
if ansible-playbook "$ANSIBLE_DIR/playbooks/setup-production-secrets.yml" \
--vault-password-file "$ANSIBLE_DIR/secrets/.vault_pass"; then
print_success "Secrets deployed successfully"
else
print_error "Failed to deploy secrets"
exit 1
fi
else
print_warning "Skipped secrets deployment"
fi
echo ""
# Step 5: Verify Docker Services
echo "Step 5: Verify Docker Services"
echo "------------------------------"
print_info "Checking Docker services on production..."
echo ""
ssh -i "$SSH_KEY" deploy@94.16.110.151 "docker node ls" || true
echo ""
ssh -i "$SSH_KEY" deploy@94.16.110.151 "docker service ls" || true
echo ""
# Summary
echo ""
echo "✅ Production Server Setup Complete!"
echo "===================================="
echo ""
echo "Next Steps:"
echo ""
echo "1. Verify secrets are deployed:"
echo " ssh -i $SSH_KEY deploy@94.16.110.151 'cat /home/deploy/secrets/.env'"
echo ""
echo "2. Deploy your application:"
echo " $SCRIPT_DIR/deploy.sh <image-tag>"
echo ""
echo "3. Monitor deployment:"
echo " ssh -i $SSH_KEY deploy@94.16.110.151 'docker service logs -f app_app'"
echo ""
echo "📖 For more information, see: $ANSIBLE_DIR/README.md"
echo ""
Reference in New Issue View Git Blame Copy Permalink