Skip to content

walkthrough.md

Latest commit

 

History

History
426 lines (301 loc) · 8.12 KB

walkthrough.md

File metadata and controls

426 lines (301 loc) · 8.12 KB

Cloud-1 Quick Walkthrough

Quick reference guide for common operations.

Initial Setup

Install Dependencies

# Install Ansible
sudo apt update
sudo apt install ansible

# Install Scaleway collection (if using Scaleway)
ansible-galaxy collection install scaleway.scaleway

# Verify installation
ansible --version

Configure Project

# Clone repository
git clone <your-repo-url>
cd cloud-1

# Copy example files
cp files/.env.example files/.env
cp files/docker-compose.example.yml files/docker-compose.yml
cp files/nginx.example.conf files/nginx.conf

# Edit .env with your credentials
nano files/.env

# Generate strong passwords
openssl rand -base64 32

# Set secure permissions
chmod 600 files/.env

Configure Inventory

# Edit inventory file
nano inventory/hosts

# Add your server
# [scaleway-wordpress]
# YOUR_SERVER_IP ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa

Deployment Commands

Test Connection

# Ping all hosts
ansible all -i inventory/hosts -m ping

# Expected output: SUCCESS with "ping: pong"

Deploy Application

# Syntax check
ansible-playbook site.yml -i inventory/hosts --syntax-check

# Dry run (check mode - doesn't make changes)
ansible-playbook site.yml -i inventory/hosts --check

# Lint playbook
ansible-lint site.yml

# Actual deployment
ansible-playbook site.yml -i inventory/hosts

# Verbose mode (for debugging)
ansible-playbook site.yml -i inventory/hosts -v   # verbose
ansible-playbook site.yml -i inventory/hosts -vv  # more verbose
ansible-playbook site.yml -i inventory/hosts -vvv # debug level

# Deploy with parallel execution (10 forks)
ansible-playbook site.yml -i inventory/hosts -f 10

Tagged Deployment

# Run specific tasks using tags
ansible-playbook site.yml -i inventory/hosts --tags "docker"
ansible-playbook site.yml -i inventory/hosts --tags "docker-compose"
ansible-playbook site.yml -i inventory/hosts --tags "config"

# Skip specific tasks
ansible-playbook site.yml -i inventory/hosts --skip-tags "verify"

# List available tags
ansible-playbook site.yml -i inventory/hosts --list-tags

Provision Server (Optional)

# If using automated provisioning
ansible-playbook provision.yml

# This creates the server and updates inventory automatically

Verification Commands

On Local Machine

# Test website
curl http://YOUR_SERVER_IP

# Test HTTPS (if configured)
curl https://your-domain.com

# Check with headers
curl -I http://YOUR_SERVER_IP

On Remote Server

# SSH to server
ssh ubuntu@YOUR_SERVER_IP

# Check Docker
docker --version
docker-compose --version
sudo systemctl status docker

# List containers
docker ps

# Check container logs
docker logs nginx
docker logs wordpress
docker logs mariadb

# Or use docker-compose
cd /home/ubuntu/inception
docker-compose logs
docker-compose logs -f  # follow logs
docker-compose logs -f wordpress  # specific service

# Check container stats
docker stats

# Check volumes
docker volume ls

# Check networks
docker network ls

# Inspect specific container
docker inspect wordpress

Management Commands

Restart Services

# SSH to server
ssh ubuntu@YOUR_SERVER_IP
cd /home/ubuntu/inception

# Restart all services
docker-compose restart

# Restart specific service
docker-compose restart wordpress
docker-compose restart nginx

# Stop all services
docker-compose stop

# Start all services
docker-compose start

# Stop and remove containers
docker-compose down

# Start fresh (WARNING: removes data if volumes not persistent)
docker-compose down -v
docker-compose up -d

Update Application

# Pull latest images
docker-compose pull

# Rebuild and restart
docker-compose up -d --build

# Force recreate containers
docker-compose up -d --force-recreate

View Configuration

# View effective docker-compose configuration
docker-compose config

# Check environment variables
docker-compose config | grep -A 10 environment

Backup and Restore

Backup Database

# Create backup
docker exec mariadb mysqldump -u root -p${MYSQL_ROOT_PASSWORD} \
  --all-databases > backup_$(date +%Y%m%d).sql

# Compress backup
gzip backup_$(date +%Y%m%d).sql

# Copy to local machine
scp ubuntu@YOUR_SERVER_IP:~/backup_*.sql.gz ./backups/

Backup WordPress Files

# Create tarball
tar -czf wp_backup_$(date +%Y%m%d).tar.gz \
  -C /home/ubuntu/inception \
  .

# Copy to local machine
scp ubuntu@YOUR_SERVER_IP:~/wp_backup_*.tar.gz ./backups/

Restore Database

# Copy backup to server
scp ./backups/backup_20231201.sql.gz ubuntu@YOUR_SERVER_IP:~/

# SSH to server
ssh ubuntu@YOUR_SERVER_IP

# Restore
gunzip backup_20231201.sql.gz
docker exec -i mariadb mysql -u root -p${MYSQL_ROOT_PASSWORD} < backup_20231201.sql

Troubleshooting

Check Ansible Configuration

# View Ansible config
ansible-config dump

# Test inventory
ansible-inventory -i inventory/hosts --list

# Check connection
ansible scaleway-wordpress -i inventory/hosts -m setup

Fix Common Issues

# Issue: Container keeps restarting
docker logs <container_name>  # Check logs for errors

# Issue: Port already in use
sudo netstat -tulpn | grep :80  # Find process using port
sudo kill <PID>  # Kill process

# Issue: Permission denied
sudo chown -R ubuntu:ubuntu /home/ubuntu/inception

# Issue: Out of disk space
docker system prune -a  # Remove unused data
docker volume prune     # Remove unused volumes

# Issue: Cannot connect to database
docker exec -it wordpress ping mariadb  # Test connectivity
docker exec -it mariadb mysql -u root -p  # Test database login

Performance Monitoring

# Resource usage
docker stats

# Disk usage
docker system df
df -h

# Memory usage
free -h

# Network connections
ss -tuln

Security Operations

Firewall Setup

# Enable firewall
sudo ufw enable

# Allow necessary ports
sudo ufw allow 22/tcp   # SSH
sudo ufw allow 80/tcp   # HTTP
sudo ufw allow 443/tcp  # HTTPS

# Check status
sudo ufw status verbose

SSL Certificate (Let's Encrypt)

# Install certbot
sudo apt install certbot python3-certbot-nginx

# Obtain certificate
sudo certbot --nginx -d yourdomain.com

# Test auto-renewal
sudo certbot renew --dry-run

Change Passwords

# Edit .env file
nano /home/ubuntu/inception/.env

# Generate new password
openssl rand -base64 32

# Restart containers to apply changes
docker-compose down
docker-compose up -d

Useful Ansible Ad-Hoc Commands

# Run command on all hosts
ansible scaleway-wordpress -i inventory/hosts -a "uptime"

# Check disk space
ansible scaleway-wordpress -i inventory/hosts -a "df -h"

# Check memory
ansible scaleway-wordpress -i inventory/hosts -a "free -m"

# Update packages
ansible scaleway-wordpress -i inventory/hosts -b -m apt -a "update_cache=yes"

# Reboot server
ansible scaleway-wordpress -i inventory/hosts -b -a "reboot"

# Copy file to server
ansible scaleway-wordpress -i inventory/hosts -m copy -a "src=./file.txt dest=/tmp/"

Ansible Vault Operations

# Encrypt file
ansible-vault encrypt files/.env

# View encrypted file
ansible-vault view files/.env

# Edit encrypted file
ansible-vault edit files/.env

# Decrypt file
ansible-vault decrypt files/.env

# Change vault password
ansible-vault rekey files/.env

# Run playbook with vault
ansible-playbook site.yml --ask-vault-pass

# Use password file
ansible-playbook site.yml --vault-password-file .vault_pass

Quick Reference

Task Command
Deploy ansible-playbook site.yml -i inventory/hosts
Test connection ansible all -i inventory/hosts -m ping
Check syntax ansible-playbook site.yml --syntax-check
Dry run ansible-playbook site.yml --check
View logs docker-compose logs -f
Restart services docker-compose restart
Check containers docker ps
Backup database docker exec mariadb mysqldump ... > backup.sql

Additional Resources