Staging (http) and Production (https) on same server

dani_z · February 26, 2016, 12:45pm

Hi guys!

First of all I want to personally thank you for the great work you’ve done on the Roots projects. It is amazing!
Secondly I want to ensure that I’ve spend 3 days reading all the threads related to my problem but could not find any suitable fix for the latest Trellis version I am using.

My problem is that I cannot run a http staging version and a https production version on a DO Droplet.
What I have:
Staging
/staging/wordpress_sites.yml

wordpress_sites:
  staging.leathergadgets.com:
    site_hosts:
      - staging.leathergadgets.com
...
branch: develop

/staging/vault.yml

vault_wordpress_sites:
  staging.leathergadgets.com:

/hosts/staging

[staging]
188.166.149.109
[web]
188.166.149.109

Production
/staging/wordpress_sites.yml

wordpress_sites:
  leathergadgets.com:
    site_hosts:
      - leathergadgets.com
...
branch: master

/staging/vault.yml

vault_wordpress_sites:
  leathergadgets.com:

/hosts/production

[production]
188.166.149.109
 [web]
188.166.149.109

I’ve run ansible-playbook server.yml -e env=staging and created the env, DB, files. Everything works fine. But when I try to run ansible-playbook server.yml -e env=production' I get this error:

fatal: [188.166.149.109]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "parsed": false}

My question, if you could please help, is there a way of doing this? I feel that I am pretty close but I’m missing something for making this run smoothly.

Apart from this, the second part of my problem is if I can setup http - staging and https - production (with http2). I know that the nginx host file is generated by Trellis. Is it a good way of altering what’s in that file? I could do it manually, change port, add certs and so on but not sure if this is the best way.

Many thanks

fullyint · February 26, 2016, 4:17pm

@dani_z It is possible to see the error sudo: a password is required if you

set sshd_permit_root_login: false
run server.yml
run server.yml again

The first run of server.yml will disable root from connecting in the future. The second run will need to connect as admin_user and will need this user’s sudo password passed in. From the docs:

With root login disabled, the admin_user will need to run commands using sudo with a password, so you will need to add the option --ask-become-pass when running server.yml.

ansible-playbook server.yml -e env=production --ask-become-pass

This prompts you to enter the sudoer password described in the “Admin User Sudoer Password” section below.

The default sudoer password to enter is example_password.

I haven’t tried http staging and https production on same server. Your approach appears to mirror the first option discussed here. I believe the second option discussed at that link could be modified for the updated Trellis file setup, if you want. What you’ve described looks good to me, assuming the group_vars/staging/ in the Production paths you listed is really 'group_vars/production/.

As for the Nginx conf files, I can’t think of any needed alterations off the top of my head. Trellis will automatically create separate conf files in …

/etc/nginx/sites-enabled/
    leathergadgets.com.conf
    staging.leathergadgets.com.conf

dani_z · February 27, 2016, 10:29am

Thank you @fullyint.
That post was the first one to use as an example. Steps I have done:

created leathergadgets.com under /hosts
created leathergadgets.com /under group_vars and inside merged staging and production (both vault.yml and wordpress_sites.yml).

When I run nsible-playbook -i hosts/leathergadgets.com server.yml I get the following error:
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Environment missing. Use-eto defineenv:\nansible-playbook server.yml -e env=<environment>\n"}

Tried also to add -e env=production or staging but then I get skipping: no hosts matched
And I don’t think it’s right to specify the env because what I’m trying to achieve is basically a setup for both staging and production envs.

Did I miss something in the process?

Many thanks,

dani_z · February 27, 2016, 12:05pm

Hey, I finally manage to creat the setup.
After creating /hosts/leathergadgets.com and merging the production and staging I had to run
ansible-playbook -i hosts/leathergadgets.com server.yml -e env=leathergadgets.com
Everything was created as expected:

2 website folders
2 vhosts files, 1 with https and http2 enable (production) 1 with http only (staging)
2 DBs

I only need to try the deploy, seems to have some problems there but hopefully I figure it out.

I will update this thread with details, maybe someone else is in need of this setup.

Many thanks for the support!

ben · February 27, 2016, 4:37pm

Just wanted to throw this out there — considering how easy it is to spin up, provision, and deploy to servers with Trellis, I definitely would recommend having separate servers for staging and production. DO servers are pretty cheap, too.

They are different environments and you should definitely keep them on separate servers.

edit: Also, if production is on SSL then staging should be too