|
342 | 342 | but the individual tasks themselves are quite declarative. |
343 | 343 | Each one usually has a human-readable `name` attribute. |
344 | 344 |
|
345 | | -<2> Each tasks uses an Ansible "module" to do its work. |
| 345 | +<2> Each task uses an Ansible "module" to do its work. |
346 | 346 | This one uses the `builtin.apt` module which provides a wrapper |
347 | 347 | around the `apt` Debian & Ubuntu package management tool. |
348 | 348 |
|
@@ -462,7 +462,9 @@ and organisations will often run private ones, |
462 | 462 | hosted by cloud providers like AWS. |
463 | 463 |
|
464 | 464 | So your process of getting an image onto a server is usually |
| 465 | + |
465 | 466 | * Push the image from your machine to the registry |
| 467 | + |
466 | 468 | * Pull the image from the registry onto the server. |
467 | 469 | Usually this step is implicit, |
468 | 470 | in that you just specifying the image name in the format registry-url/image-name:tag, |
@@ -658,7 +660,7 @@ But we don't want to hard-code secrets like SECRET_KEY into our Ansible files |
658 | 660 | and commit them to our repo! |
659 | 661 |
|
660 | 662 | Instead, we can use Ansible to automate the creation of a secret key, |
661 | | -and then save it to a file on the server, where it _ill be _relatively_ secure |
| 663 | +and then save it to a file on the server, where it will be _relatively_ secure |
662 | 664 | (better than saving it to version control and pushing it to GitHub in any case!) |
663 | 665 |
|
664 | 666 | We can use a so-called "env file" to store environment variables. |
@@ -722,36 +724,39 @@ And here's how we use it in the provisioning script: |
722 | 724 | ==== |
723 | 725 |
|
724 | 726 | <1> We use `ansible.builtin.template` to specify the local template file to use (`src`), |
725 | | - and the destination (`dst`) on the server |
| 727 | + and the destination (`dest`) on the server |
726 | 728 |
|
727 | 729 | <2> `force: false` means we will only write the file once. |
728 | 730 | So after the first time we generate our secret key, it won't change. |
729 | 731 |
|
730 | 732 | <3> The `vars` section defines the variables we'll inject into our template. |
731 | 733 |
|
732 | 734 | <4> We actually use a built-in Ansible variable called `inventory_hostname`. |
733 | | - This variable woul actually be available in the template already, |
| 735 | + This variable would actually be available in the template already, |
734 | 736 | but I'm renaming it for clarity. |
735 | 737 |
|
736 | 738 | <5> This `lookup('password')` thing I copy-pasted from Stackoverflow. |
737 | | - Come on there's no shame in that. |
738 | | - |
| 739 | + Come on, there's no shame in that. |
| 740 | +// CSANAD: the source code may be a little too long. The (5) mark renders on |
| 741 | +// the next line and it should be at the end of the line of the |
| 742 | +// `secret_key`. |
| 743 | + |
739 | 744 |
|
740 | 745 | NOTE: Using an env file to store secrets is definitely better than committing |
741 | 746 | it to version control, but it's maybe not the state of the art either. |
742 | 747 | You'll probably come across more advanced alternatives from various cloud providers, |
743 | | - or Hashicorp's "vault" tool. |
| 748 | + or Hashicorp's Vault tool. |
744 | 749 |
|
745 | 750 |
|
746 | 751 |
|
747 | | -.Idempotency and Declarative Configuration |
| 752 | +.Idempotence and Declarative Configuration |
748 | 753 | ******************************************************************************* |
749 | 754 |
|
750 | 755 | Infrastucture-as-code tools like Ansible aim to be "declarative", |
751 | 756 | meaning that, as much as possible, you specify the desired state that you want, |
752 | 757 | rather than specifying a series of steps to get there. |
753 | 758 |
|
754 | | -This concept goes along with the idea of "idempotency", |
| 759 | +This concept goes along with the idea of "idempotence", |
755 | 760 | which is wanting to get the same result when you run something for the first time, |
756 | 761 | vs running it again on later occations. |
757 | 762 | // CSANAD: I would rephrase it a little: |
@@ -1244,16 +1249,16 @@ Every single aspect of deployment can and probably should be automated. |
1244 | 1249 | Here are a couple of general principles to think about |
1245 | 1250 | when implementing infrastructure-as-code: |
1246 | 1251 |
|
1247 | | -Idempotency:: |
| 1252 | +Idempotence:: |
1248 | 1253 | If your deployment script is deploying to existing servers, |
1249 | 1254 | you need to design them so that they work against a fresh installation _and_ against |
1250 | 1255 | a server that's already configured. |
1251 | | - ((("idempotency"))) |
| 1256 | + ((("idempotence"))) |
1252 | 1257 |
|
1253 | 1258 | Declarative:: |
1254 | 1259 | As much as possible, we want to try and specify _what_ we want the state to be on the server, |
1255 | 1260 | rather than _how_ we should get there. |
1256 | | - This goes hand-in-hand with the idea of idempotency above. |
| 1261 | + This goes hand-in-hand with the idea of idempotence above. |
1257 | 1262 |
|
1258 | 1263 |
|
1259 | 1264 | ******************************************************************************* |
0 commit comments