Playbook deployment characteristics¶
This is an Ansible playbook for automatically deploying a single server Websauna website from a git repository for Ubuntu 14.04 Linux. It allows you to do deploy your Websauna application to a fresh server, where you just received SSH credentials, within 30 minutes. Alternatively you can gracefully upgrade any existing running site.
The current version of the playbook is designed for a single server setup. It is, however, easy to extend to cover groups of different servers.
Automatic installation sets up
Playbook runs migrations safely: Run database migrations first and then update codebase with compatible model files. This allows graceful deploys and avoids breaking any running sites.
The application is deployed in the folder
/srv/pyramid/yoursitename per Filesystem Hierarchy Standard.
A Linux firewall is set up to allow only inbound SSH, HTTP, HTTPS. This for the cases where any process would accidentally bind itself to public Internet facing IP addresses.
All communication happens over SSH agent. No private keys are placed on a server in any point.
The deployed UNIX processes run under corresponding user accounts. This reduces the risk of a compromised data in the case any of the processes has a remote exploit, like Heartbleed vulnerability in the past.
- Websauna application files and uWSGI processes are deployment under a normal UNIX user
- Nginx runs under UNIX user
- uWSGI, Celery runs under user
- PostgreSQL runs under user
- Redis runs under user
- Postfix runs under user
/srv/pyramid/myappis writable and readable by