sr2/docs.sr2.uk
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docs.sr2.uk/docs/operator/deploy-host.md
irl e72c729735 feat: more operator guide
2025-11-09 14:39:28 +00:00

70 lines
2.1 KiB
Markdown
Raw Blame History

---
sidebar_position: 30
sidebar_label: Deployment Host
---
# Deployment Host Setup
Deployment takes place using [Ansible](https://docs.ansible.com/) which we will install in a
[venv](https://docs.python.org/3/library/venv.html) to allow for careful management of the versions of the software in
use.
For security, the deployment host must not run any network services listening on an external interface other than a
hardened SSH daemon if being used remotely. Ideally, the deployment host is operated locally via its terminal.
Begin by creating a directory for the deployment framework to operate from that should be owned by your unprivileged
user and group and have filesystem permissions of `0700`.
On systems with SELinux, a context of `user_home_t` should be appropriate.
This documentation will assume that you are working in the directory `$HOME/ops/`.
## Virtual Environment Setup
Begin by creating and activating a virtual environment:
```shell
cd $HOME/ops
python3 -m venv venv
source venv/bin/activate
```
Then install the dependencies we will require:
```shell
pip install ansible
pip install bitwarden-sdk # optional: only required for bitwarden secrets manager
```
## Install the Ansible collection and role dependencies
Create `$HOME/ops/requirements.yml`:
```yaml
---
collections:
- name: bitwarden.secrets # optional: only required for bitwarden secrets manager
- src: git+https://guardianproject.dev/sr2/ansible-collection-core.git
version: main # optional: only required for our baseline role
- src: git+https://guardianproject.dev/sr2/ansible-collection-apps.git
version: main # required: contains the CDR Link deployment role
roles:
- src: git+https://github.com/ansible-lockdown/RHEL9-CIS.git
version: "2.0.3" # optional: only required for our baseline role
```
Install the collections, and roles if required:
```shell
cd $HOME/ops
ansible-galaxy collection install -r requirements.yml
ansible-galaxy role install -r requirements.yml
```
## Create deployment data files and directories
Create the necessary directories that we will need in the next step:
```shell
cd $HOME/ops
mkdir {host,group}_vars
```
Reference in a new issue View git blame Copy permalink