132 lines
4.0 KiB
Plaintext
132 lines
4.0 KiB
Plaintext
|
= Setup QGIS and Lizmap Server Guide
|
||
|
:subject: How to use this ansible playbook to setup a lizmap web server
|
||
|
:description: Setup QGIS and Lizmap Server Guide
|
||
|
:keywords: gis, qgis, lizmap, linux, server, linux server, map, map editing, map management, ansible
|
||
|
:lang: en
|
||
|
:icons: font
|
||
|
:source-highlighter: rouge
|
||
|
:rouge-style: monokai
|
||
|
:pdf-theme: default-sans-with-font-fallbacks
|
||
|
:author_1: Gilex
|
||
|
:email_1: gilex-dev@proton.me
|
||
|
authorinitials_1: gilex
|
||
|
:toc:
|
||
|
|
||
|
== Run the playbook
|
||
|
|
||
|
Follow these steps to run the playbook successful.
|
||
|
|
||
|
[NOTE]
|
||
|
.User- and Hostname
|
||
|
====
|
||
|
We will use `test-host` as an example host and `manager` as the user, but it is recommended to use a custom username instead.
|
||
|
|
||
|
Use the `getent group sudo` command to check if the user you want to use has administrative rights.
|
||
|
====
|
||
|
|
||
|
=== Requirements
|
||
|
|
||
|
* Git
|
||
|
+
|
||
|
[,bash]
|
||
|
----
|
||
|
git clone https://somepi.ddns.net/gitea/gilex-dev/GisServer.git
|
||
|
cd GisServer
|
||
|
----
|
||
|
|
||
|
* Python venv
|
||
|
+
|
||
|
[,bash]
|
||
|
----
|
||
|
python3 -m venv ./.venv --system-site-packages
|
||
|
source ./.venv/bin/activate
|
||
|
pip3 install -r requirements.txt
|
||
|
ansible-galaxy install -r requirements.yaml
|
||
|
----
|
||
|
|
||
|
=== Adding your host
|
||
|
|
||
|
. Choose the inventory name used by ansible (this does not have to be the actual hostname) `export NEW_ANSIBLE_INV_NAME="testing-server-1"`
|
||
|
|
||
|
. Set hostname used by ansible `export NEW_ANSIBLE_HOST="test-host"`
|
||
|
|
||
|
. Set username used by ansible `export NEW_ANSIBLE_USER="manager"`
|
||
|
.
|
||
|
+
|
||
|
[,bash]
|
||
|
----
|
||
|
ssh-keygen -a 100 -t ed25519 -C "a comment" -f ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST
|
||
|
ssh-keygen -a 100 -t ed25519 -C "another comment" -f ~/.ssh/id_publisher@$NEW_ANSIBLE_HOST
|
||
|
ssh-copy-id -i ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST $NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
||
|
ssh-add ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST # optional, to remember key-phrase
|
||
|
----
|
||
|
|
||
|
. Add the host to the inventory `nano inventory.yaml` (keep other entries)
|
||
|
+
|
||
|
[,yaml]
|
||
|
----
|
||
|
testing: # or production or any other sensible group name
|
||
|
hosts:
|
||
|
# $NEW_ANSIBLE_INV_NAME: # or same as $NEW_ANSIBLE_HOST
|
||
|
ansible_host: "{{ inventory_hostname }}" # or any address where the host is reachable
|
||
|
ansible_user: # NEW_ANSIBLE_USER
|
||
|
ansible_ssh_private_key_file: # ~/.ssh/id_$NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
||
|
----
|
||
|
|
||
|
. Create a directory for the host `mkdir host_vars/$NEW_ANSIBLE_HOST`
|
||
|
|
||
|
. Copy the basic config file
|
||
|
+
|
||
|
[,bash]
|
||
|
----
|
||
|
cp host_vars/variables.yaml.template host_vars/$NEW_ANSIBLE_HOST/variables.yaml
|
||
|
----
|
||
|
|
||
|
. Create the vault to store passwords needed by ansible
|
||
|
+
|
||
|
[,bash]
|
||
|
----
|
||
|
ansible-vault encrypt host_vars/secrets.yaml.template --output host_vars/$NEW_ANSIBLE_HOST/secrets.yaml`
|
||
|
----
|
||
|
|
||
|
. Edit the vault
|
||
|
+
|
||
|
[,bash]
|
||
|
----
|
||
|
ansible-vault edit host_vars/$NEW_ANSIBLE_HOST/secrets.yaml
|
||
|
# Generate a new password for every entry (preferably A-z0-9 to avoid escape mishaps)
|
||
|
----
|
||
|
|
||
|
. Add the host config to your `~/.ssh/config` file to allow a simple ssh connection
|
||
|
+
|
||
|
[,config]
|
||
|
----
|
||
|
Host # e.g. $NEW_ANSIBLE_HOST
|
||
|
HostName # $NEW_ANSIBLE_HOST
|
||
|
User # $NEW_ANSIBLE_USER
|
||
|
IdentityFile # ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST
|
||
|
IdentitiesOnly yes
|
||
|
VisualHostKey yes
|
||
|
----
|
||
|
|
||
|
. (optional) Clear env variables `unset NEW_ANSIBLE_HOST`, `unset NEW_ANSIBLE_USER` and `unset NEW_ANSIBLE_INV_NAME`
|
||
|
|
||
|
. Repeat for any other hosts you want to be managed by this playbook
|
||
|
|
||
|
=== Run ansible (finally)
|
||
|
|
||
|
If you don't want to make any changes in `host_vars/$NEW_ANSIBLE_HOST/variables.yaml` you can now run the playbook with the following command:
|
||
|
[,bash]
|
||
|
----
|
||
|
ansible-playbook playbooks/main.yaml --ask-vault-pass
|
||
|
# or store the vault password in a file (e.g. `vault_password.txt`). !!!Only do this while testing!!!
|
||
|
# ansible-playbook playbooks/main.yaml --vault-password-file vault_password.txt
|
||
|
----
|
||
|
|
||
|
See the [ansible documentation](https://docs.ansible.com/ansible/latest/inventory_guide/intro_patterns.html) for specifying which hosts to target.
|
||
|
|
||
|
Don't panic if the following tasks take long to complete the first time you run the playbook on a host:
|
||
|
|
||
|
* `Ensure valid apt cache and required tools are present`
|
||
|
* `Ensure qgis-server is present`
|