ansistrano / deploy Goto Github PK

I believe capistrano does it automatically, but I may be mistaken.

You are forcing mode="g+w" in the last step of update-code.yml which breaks code on servers that require a umask of 0022. Is this really required? In theory rsync and cp -pr will create the proper permission based on the umask settings on the target server. Perhaps this was added to work around a bad umask setting?

file: path={{ ansistrano_release_path.stdout }} state=directory recurse=yes mode="g+w"

should be:

file: path={{ ansistrano_release_path.stdout }} state=directory recurse=yes

I think an option to use a relative symbolic link would be useful.

I am trying to mount my source code as a volume in docker. Right now my deployment folder looks like this:

/home/deploy/ansistrano/
    releases/
        2015021000/
        2015021100/
        2015021200/
    current -> /home/deploy/ansistrano/releases/2015021200

Mount it with docker like this:

$ docker run -it -v /home/deploy/ansistrano:/srv/myapp my_web_image

The structure in the container is:

/srv/myapp/
    releases/
        2015021000/
        2015021100/
        2015021200/
    current -> /home/deploy/ansistrano/releases/2015021200

But obviously /home/deploy/ansistrano/releases/2015021200 does not exist. But if I was able to deploy using a structure like this:

/home/deploy/ansistrano/
    releases/
        2015021000/
        2015021100/
        2015021200/
    current -> ./releases/2015021200

Then I could make it work.

What do you think?

While developing my deploy playbook using ansistrano I found the following issue:

In my "after code update" hook I would need to be able to call some roles, as well as regular tasks. And I need them in a certain order. But as long as I know it's not possible to do that from an included tasks file.

Am I right?

If that's true, wouldn't it be awesome to convert the hooks to roles instead of simple include files? That would allow the freedom to have the hooks depend on roles, as well as simple executing a list of tasks.

Is it doable?

Commit c002a86 is breaking all of our deployments:

ansistrano_shared_paths:
 - html/fileadmin
 - html/typo3conf/l10n

results in

failed: [XXXXX] => (item=html/fileadmin) => {"failed": true, "invocation": {"module_args": {"backup": null, "content": null, "delimiter": null, "diff_peek": null, "directory_mode": null, "follow": false, "force": false, "group": null, "mode": null, "original_basename": null, "owner": null, "path": "/XXXXX/releases/20160323104405Z/html/fileadmin", "recurse": false, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "../../shared/html/fileadmin", "state": "link", "validate": null}, "module_name": "file"}, "item": "html/fileadmin", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /XXXXX/releases/20160323104405Z/html/../../shared/html/fileadmin", "path": "/XXXXX/releases/20160323104405Z/html/fileadmin", "src": "../../shared/html/fileadmin", "state": "absent"}
failed: [XXXXX] => (item=html/typo3conf/l10n) => {"failed": true, "invocation": {"module_args": {"backup": null, "content": null, "delimiter": null, "diff_peek": null, "directory_mode": null, "follow": false, "force": false, "group": null, "mode": null, "original_basename": null, "owner": null, "path": "//XXXXX//releases/20160323104405Z/html/typo3conf/l10n", "recurse": false, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "../../shared/html/typo3conf/l10n", "state": "link", "validate": null}, "module_name": "file"}, "item": "html/typo3conf/l10n", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: //XXXXX//releases/20160323104405Z/html/typo3conf/../../shared/html/typo3conf/l10n", "path": "//XXXXX//releases/20160323104405Z/html/typo3conf/l10n", "src": "../../shared/html/typo3conf/l10n", "state": "absent"}

Relative release symlink is ok, only linking of shared directories is failing.

thanks

hey folks, another one. Not sure if that's expected (I'm just testing ansistrano), but
ansistrano_deploy_via: "git"

does not get picked up unless you write it in deploy.yml.

I understand that this variable should be changed in main.yml instead, right?

I'm writing a short tutorial to make that work under Drupal, any help, tip, advice would be very welcome.

Thanks.

the repo paramter to the git command is empty although this role sets a default. setting a custom value in the vars: section does not help. anybody else experiencing this?

- hosts: web
  vars:
    ansistrano_deploy_via: git
  roles:
    - carlosbuenosvinos.ansistrano-deploy

<127.0.0.1> REMOTE_MODULE git version=master dest=/var/www/my-app/repo repo=

failed: [web01] => {"cmd": "/usr/bin/git ls-remote '' -h refs/heads/master", "failed": true, "rc": 128}
stderr: ERROR: Repository not found.
fatal: The remote end hung up unexpectedly

msg: ERROR: Repository not found.
fatal: The remote end hung up unexpectedly

FATAL: all hosts have already failed -- aborting

i would expect this

failed: [web01] => {"cmd": "/usr/bin/git ls-remote '[email protected]:USERNAME/REPO.git' -h refs/heads/master", "failed": true, "rc": 128}
stderr: ERROR: Repository not found.
fatal: The remote end hung up unexpectedly

I would like to be able to copy files/templates as part of ansistrano hooks. In previous versions of ansible and ansistano, I was able to create a files or templates directory relative to the hook file yml. I could then use those files without specific the directory name just like in a role.

Now I have updated to Ansible 2 and the latest version of ansistrano and this is no longer possible. If you specify the file or template like you would in a role, ansible looks for the file in the playbook root directory and then returns an error as it is not found.

I like to create a separate directory for deploys which contains the hook files and any application specific files/templates and then use my normal roles for provisioning. Do you have suggestions?

This is the directory structure I used to use

deploy.yml
group_vars
roles
deploy
├── appname
│   ├── files
│   │   └── fileshere
│   ├── tasks
│   │   ├── after_setup.yml
│   │   ├── after_symlink.yml
│   │   └── after_update_code.yml
│   └── templates
│       ├── templateshere

deploy.yml would contain config like this:

ansistrano_after_update_code_tasks_file: "{{ playbook_dir }}/deploy/appname/tasks/after_update_code.yml"

The playbook with ansistrano config would be at the same level as the deploy directory. In one of the hook files, I could reference a template or file the same way as a role. This does not work anymore.

My current directory structure looks something like this:

--- root
--- ansible
--- app

The goal is to keep the entire directory as part of the git repository. However, upon deployment, Ansistrano Deploy currently uses the entire repository. I only want to use the contents of the "root/app" directory. Would it be possible to add support for sparse checkouts, while using the git deployment method?

I know this is going against atomic deployments but can be interesting in certain situations, such as deploying translations and some sort of small assets.

Perhaps we could add some common hooks like the Symfony cleaning cache and assets installation so that people can optionally use them.

In the end, if someone is using Symfony with for instance no AsseticBundle will surely be able to still these hooks as a starting point.

I think that if you deploy to several hosts in parallel, all should have the same release timestamp, so the task that registers the timestamp shoud be delegated to the local host.

But if we do this, when the deployment is launched from hosts in different timezones the generated timestamps can be confusing, so I think the release timestamp should be generated with the UTC timezone.

What do you think about?

If the variable ansistrano_custom_tasks_path is not set at the playbook level, the include statement fails with:

ERROR: file could not read: /path/ansible/roles/carlosbuenosvinos.ansistrano-deploy/tasks/{{ ansistrano_custom_tasks_path }}/before-update-code.yml

I believe this is because the include: statement is run when the playbook is parsed - before the default variables are loaded - so the default value is never used.

Does it work for you?

Right now the hook system provides a way to create a tarball, which can be deployed in order to prevent the overhead of multiple files.

Do you have any thoughts on implementing this as an option in combination with any of the deployment strategies?

I'm willing to pitch in.

Example:
source file list: index.php app.php
dist file list: index.php image app.php

The source is pre-production env and the dist is production env, because the image folder maybe store large images and I can not put it on my pre-production env. if i update the app.php file and then deploy my source to dist, My image folder should be moved to older release folder. How to round this situation?

I think we need one more hook between the symlink:shared task and the symlink:release task.

When you symlink something like the parameters.yml in a Symfony project, you need this when running the composer install command. But with the current hooks i can either call the command before symlinking (with missing parameters.yml) or after symlinking, but then i already have the new release as current.

When you have a look at the Capistrano flow, you will the there are two steps for symlinking: http://capistranorb.com/documentation/getting-started/flow/

deploy:updating
    git:create_release
    deploy:symlink:shared

deploy:publishing
    deploy:symlink:release

I think this is a much more flexible solution. What do you think? I can make a PR.

TASK: [carlosbuenosvinos.ansistrano-deploy | ANSISTRANO | Ensure deployment base path exists] *** 
...
TASK: [carlosbuenosvinos.ansistrano-deploy | ANSISTRANO | RSYNC | Get shared path (in rsync case)] *** 
...
TASK: [carlosbuenosvinos.ansistrano-deploy | ANSISTRANO | GIT | Ensure GIT deployment key is up to date] *** 

Don't you agree it be better use of terminal real estate if this was instead something like:

TASK: [carlosbuenosvinos.ansistrano-deploy | Ensure deployment base path exists] *** 
...
TASK: [carlosbuenosvinos.ansistrano-deploy | deploy_via: rsync | Get shared path] *** 
...
TASK: [carlosbuenosvinos.ansistrano-deploy | deploy_via: git | Ensure deployment key is up to date] *** 

or is there a particular reason for all the repetition and uppercasing that I don't know of? :)

One of my biggest concerns before merging all the interesting stuff people propose is BC breaks

We should start tagging the project, and encourage people to specify the latest stable tag when they install this role unless they are advanced users and want to test the new features in the master branch.

Thoughts?

The title says it all.

Hi, this looks great, but I can't find the rollback role. Is it still published?

Thanks

I have been thinking about adding the s3 deployment strategy.

The main difference between the git, rsync and copy strategies is that although you would be able to do a recursive ls in S3 it is far more common to generate artifacts (usually as compressed files) in their CI servers.

However, those artifacts could also be deb / rpm packages, so I wonder if it good be good to add an extra variable apart from the s3_bucket and s3_object being like s3_object_type or similar.

Thoughts?

Hi. After pr #97 , I think something broke the symlink generation

TASK: [carlosbuenosvinos.ansistrano-deploy | ANSISTRANO | Change softlink to new release] *** 
failed: [stan] => {"failed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/var/my-deploy-path/current", "size": 4096, "src": "./releases/20160325115923Z", "state": "directory", "uid": 0}
msg: src file does not exist, use "force=yes" if you really want to create the link: /var/my-deploy-path/current/./releases/20160325115923Z

FATAL: all hosts have already failed -- aborting

looks like it is trying to create the current symlink starting from path /var/my-deploy-path/current instead of /var/my-deploy-path.

Vars in my setup is the following:

    ansistrano_deploy_to: /var/my-deploy-path
    ansistrano_keep_releases: 5
    ansistrano_deploy_via: git
    ansistrano_git_repo: [email protected]
    ansistrano_git_branch: master

Extra information: I currently have no current symlink already in the folder, so this would be my first release. Don't know if this is useful.

Am I the only one experiencing this issue?

Hi,

when you use a push strategie like rsync or scp in capistrano it will checkout the project to a .build folder and push this to the deploy target.

At the moment we use the current local files and push them to the deploy target. There is one big drawback on this behaviour. You cant deploy a specific branch.

Is the intended to be like this or is there a way to get the "original" behaviour of capistrano?

In git.yml there's no support for cloning git submodules. This can be fixed by setting recursive=yes in the git ansible module, but I'm not sure if there's any side effects to just adding that in.

Also, git checkout-index doesn't seem to be submodule aware so using it to copy over the git repository doesn't work with submodules.

Hi there,

Thanks for Ansistrano, loving it so far. Just wanted to report that in combination with Ansible 2.0.0, a few warnings came up:

I realize these aren't critical, but maybe it helps!

shell: ls -1dt {{ ansistrano_releases_path.stdout }}/* | tail -n +{{ ansistrano_keep_releases | int + 1 }} | xargs rm -rf

should be changed to keep_releases num + num of days (mtime). the way it does it now, it will delete all+1 the folders after N deployments

I am using ansistrano for deployment using rsync method. Ansistrano rsync the code in shared folder and than make a new release out of it. However, my logs in current/logs/production.log are getting cleared after deployment. How to persist the logs and what is the use of shared directory other than having persistance of logs and other config files.

Since 1.8 version ansible doesn't support variables interpolation in include paths.

Related to ansible/ansible#9871

I get this when i try to test this in local... in this step:

TASK: [carlosbuenosvinos.ansistrano-deploy | ANSISTRANO | GIT | Deploy git stored code to servers] ***

failed: [myapp.local] => {"cmd": "/usr/bin/git clone --origin origin --recursive /srv/www/myapp.local /srv/www/myapp.deploy/releases/20150xxxxxxx", "failed": true, "rc": 128}
stderr: fatal: destination path '/srv/www/myapp.deploy/releases/20150xxxxxx' already exists and is not an empty directory.

msg: fatal: destination path '/srv/www/myapp.deploy/releases/20150xxxxxxxxx' already exists and is not an empty directory.

FATAL: all hosts have already failed -- aborting

Also, make the variables follow the ansistrano_* convention without breaking the BC

Similar to the S3 deployment strategy, it would be great if we could could provide any url that would be downloaded and extracted into current.

To illustrate, I currently have the case where my source builds are located at https://github.com/tus/tusd/releases/download/0.0.5-test/tusd_linux_amd64.tar.gz

Tasks that include: can have a name, but that name acts purely as a comment and is never displayed anywhere by Ansible. You're better of with a (ugh!) real comment if its intent isn't clear enough.

Example:

- name: ANSISTRANO | Execute "After Setup" Tasks
  include: "{{ ansistrano_after_setup_tasks_file | default('empty.yml') }}"

acts identical to:

- include: "{{ ansistrano_after_setup_tasks_file | default('empty.yml') }}"

See https://github.com/ansible/ansible-modules-core/blob/devel/files/synchronize.py#L229.

I don't know what's the best solution, but I would suggest to be explicit about how it's used in this role.

i set in hosts variable ansible_ssh_user and ansible_ssh_pass, all ok, but on
TASK: [carlosbuenosvinos.ansistrano-deploy | ANSISTRANO | RSYNC | Rsync application files to remote shared copy] *** ansistrano ask me password from host

Hey guys Ive been using Ansistrano and Ansible for a while now and I absolutely love it. I had Ansible installed on Ubuntu via the official PPA and apparently Ansible updated to the latest 2.0 version today and it seems to have broken Ansistrano. All of my deployment scripts are now failing at this stage:

TASK [carlosbuenosvinos.ansistrano-deploy : set_fact] **************************
fatal: [app1.wrlweb.com]: FAILED! => {"failed": true, "msg": "ERROR! template error while templating string: unexpected 'end of template'"}

I tried updating Ansistrano and that didn't seem to help. I had to roll back to Ansible 1.9.4 in order to get it to work.

Hey guys, great job.

master branch is broken atm:

vagrant@vagrant-ubuntu-trusty-64:/vagrant/playbooks/ansistrano/deploy/example/topgear$ ansible-playbook -i hosts deploy.yml
ERROR: Syntax Error while loading YAML script, /vagrant/playbooks/ansistrano/deploy/example/topgear/roles/local-ansistrano/tasks/symlink-shared.yml
Note: The error may actually appear before this position: line 13, column 39

    path: "{{ ansistrano_release_path.stdout }}/{{ item }}"
    src: "{{ item | regex_replace('[^\/]*', '..') }}/../shared/{{ item }}"
                                      ^
We could be wrong, but this one looks like it might be an issue with
missing quotes.  Always quote template expression brackets when they
start a value. For instance:

    with_items:
      - {{ foo }}

Should be written as:

    with_items:
      - "{{ foo }}"

The 1.4.1 works fine, the issue seems to be in symlink-shared.yml,

state:link maybe?

Cheers

We can use .lock files but any suggestions is welcome

This is my dir with default custom task location

├── custom-tasks
│   ├── after-cleanup.yml
│   ├── after-code-update.yml
│   ├── after-symlink.yml
│   ├── before-cleanup.yml
│   ├── before-code-update.yml
│   └── before-symlink.yml

any task in these ymls takes no effect.

Is there something wrong with my configuration?

Is it possible to deploy only a subdirectory from a git repo?

I'm trying to use ansistrano with git repository but ansistrano fails.

The error is like:

failed: [staging.server.com] => {"cmd": "/usr/bin/git ls-remote /vagrant/deploy -h refs/heads/HEAD", "failed": true, "rc": 128}
stderr: fatal: '/vagrant/deploy' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

where the /vagrant/deploy is automatically substituted from the ansistrano_deploy_from = './'.

The responsible command is the last one here (https://github.com/ansistrano/deploy/blob/master/tasks/update-code/git.yml#L10):

---
- name: ANSISTRANO | GIT | Update remote repository
  git: repo={{ ansistrano_git_repo }} dest={{ ansistrano_deploy_to }}/shared version={{  ansistrano_git_branch }} accept_hostkey=true update=yes

- name: ANSISTRANO | GIT | Export a copy of the repo
  command: git checkout-index -f -a --prefix="{{ ansistrano_release_path.stdout }}/"
  args:
chdir: "{{ ansistrano_deploy_to }}/shared"

- name: ANSISTRANO | GIT | Deploy git stored code to servers
  git: repo={{ ansistrano_deploy_from }} dest={{ ansistrano_release_path.stdout }} accept_hostkey=true

Even if I use the full repository path as the value of ansistrano_deploy_from ansistrano will fail complaining about already existing destination path.

Shouldn't the third command be removed? Seems that the second command does the same thing using the updated repository (faster than cloning).

We're deploying our code using ansistrano and tasks/update-code/git.yml #ANSISTRANO | GIT | Update remote repository uses a commit hash from 2 days ago.

Is this an ansible git module thing? Any ideas where to look? What other info do you need?

debug output:

ok: [127.0.0.1] => {
    "var": {
        "git_commit": {
            "after": "86cd..", # this commit is 2 days old
            "before": "86cd..", # same exact commit
            "changed": false,
            "invocation": {
                "module_args": "",
                "module_name": "git"
            }
        }
    }
}

Thank you!!

Sorry, if I missed this feature, but from reading the docs, I couldn't find a simple update role.
What should I do if I want to update the current release from version control? I don't want to go through usual release process, create a timestamp folder, etc. I need to update my current version if there are only minor changes required, like missing assets, typos, etc.
So, is there a way to do this with ansistrano?

I want to deploy multiple contents (e.g. api, batch, console) to same host.

If ansistrano's variables are not top level parameters (e.g. ansistrano.ansistrano_deploy_to), I can write as described below.
But ansistrano's variables are top level parameters (e.g. ansistrano_deploy_to) now.

Can I use ansistrano as multiple roles in the current implementation?

site.yml

---
- hosts: all-in-one-server
  vars_files:
    - vars/all/main.yml
  roles:
    - { role: carlosbuenosvinos.ansistrano-deploy, ansistrano: "{{ ansistrano.api }}" }
    - { role: carlosbuenosvinos.ansistrano-deploy, ansistrano: "{{ ansistrano.batch}}" }
    - { role: carlosbuenosvinos.ansistrano-deploy, ansistrano: "{{ ansistrano.console }}" }

- hosts: api-server
  vars_files:
    - vars/all/main.yml
  roles:
    - { role: carlosbuenosvinos.ansistrano-deploy, ansistrano: "{{ ansistrano.api }}" }

vars/all/main.yml

ansistrano:
  api:
    ansistrano_deploy_to: /path/to/api
    ansistrano_git_repo: ...
    ....
  batch:
    ansistrano_deploy_to: /path/to/batch
    ansistrano_git_repo: ...
    ....
  console:
    ansistrano_deploy_to: /path/to/console
    ansistrano_git_repo: ...
    ....

Are there any plans on specifying a deploy user to deploy the code as? Right now it is being deployed as root because I need to specify sudo: true in the playbook.

I am open to implement such an option.