Question
Answer and Explanation
Using GitHub Actions with Ansible and SSH keys involves a few key steps to ensure secure and automated deployments. Here’s a breakdown of how you can achieve this:
1. Generate an SSH Key Pair:
- First, you need to generate an SSH key pair that will be used by GitHub Actions to authenticate with your remote servers. You can do this on your local machine using the following command:
ssh-keygen -t rsa -b 4096 -N "" -f github-actions-deploy-key
- This will create two files: github-actions-deploy-key (private key) and github-actions-deploy-key.pub (public key).
2. Add Public Key to Remote Servers:
- You need to add the public key (github-actions-deploy-key.pub) to the authorized_keys file on your remote servers. This will allow GitHub Actions to connect without a password. You can do this manually or with a command like:
ssh-copy-id -i github-actions-deploy-key.pub user@your_server_ip
3. Store Private Key as a GitHub Secret:
- The private key (github-actions-deploy-key) needs to be securely stored as a GitHub Secret. To do this:
- Go to your GitHub repository, click on "Settings," then "Secrets," and finally, "Actions."
- Create a new secret. Name it something like DEPLOY_KEY and paste the entire content of the private key file into the value field. Make sure to use the whole content including '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' lines.
4. Create a GitHub Actions Workflow:
- Now, create a new workflow file in your repository, typically located at .github/workflows/deploy.yml. The workflow will use the Ansible playbook and the stored SSH key to connect to your server. Below is an example workflow:
name: Deploy with Ansible
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.DEPLOY_KEY }}
name: github-actions-deploy-key
- name: Install Ansible
run: |
sudo apt update
sudo apt install -y ansible
- name: Run Ansible Playbook
run: |
ansible-playbook -i inventory.ini deploy.yml -u your_user --private-key=github-actions-deploy-key
- Explanation of the workflow:
- on: push: branches: - main: Specifies that the workflow will be triggered when code is pushed to the main branch.
- jobs.deploy.runs-on: ubuntu-latest: Specifies that the job will run on the latest Ubuntu image.
- actions/checkout@v3: Checks out your repository’s code.
- shimataro/ssh-key-action@v2: Installs the SSH private key as github-actions-deploy-key (you need to add this action, and use the private key stored in the GitHub secrets).
- The next step updates the system and installs Ansible.
- The final step runs your Ansible playbook. Replace your_user with the username you will use to connect to your server, and inventory.ini and deploy.yml with the path to your Ansible inventory file and playbook.
5. Ansible Inventory and Playbook:
- Your Ansible inventory (inventory.ini) and playbook (deploy.yml) files need to be configured to target the correct servers and perform the desired actions. Below an example inventory and a simple playbook is provided:
- Example inventory.ini:
[servers]
your_server_ip ansible_user=your_user
- Example deploy.yml:
---
- hosts: servers
become: true
tasks:
- name: Update server
apt:
update_cache: yes
By following these steps, you can use GitHub Actions to automate your deployments with Ansible and SSH keys securely. Remember to adapt the example code and Ansible configurations to your specific requirements.