Deployment scripts for the Cheminova backend and frontend.
- A UNIX-like machine to run Ansible (see control-node-requirements)
- uv
- Domain name
- Ubuntu 24.04 VPS reachable under your domain name per SSH
- S3 compatible storage for backups
uv sync --locked- Change variables in
inventory/hosts.ymlas described in comments, see extra information below.
uv run python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"Passwords are encrypted in the Ansible vault as encrypted strings stored in hosts.yml.
Create an encrypted variable (Ansible docs):
uv run ansible-vault encrypt_string --stdin-name 'variable_name'View/decrypt a variable (without editing):
uv run ansible localhost -m debug -a var='variable_name'Or for a host-specific variable:
uv run ansible <hostname> -m debug -a var='variable_name'The deployment expects an S3-compatible bucket to store:
- Periodic PostgreSQL database dumps (cron job executed on the host)
- Media file backups from the CMS (continuous mirror using the MinIO client container
media-backup)
The access credentials and bucket information must be provided in the inventory/hosts.yml file.
The bootstrapping playbook sets up the server with a deployment user and SSH keys.
uv run ansible-playbook playbook-bootstrap.ymluv run ansible-playbook playbook-provision.yml
uv run ansible-playbook playbook-deploy.ymlOn the VPS
docker compose -f /home/deployment/compose/docker-compose.yml exec cms uv run manage.py createsuperuserNavigate to https://<your domain>/cms/admin/
Docker containers on the backend log to journald, logs can be accessed by container name (run docker ps to find the container name) using journalctl:
journalctl CONTAINER_NAME=$CONTAINER_NAMEOr with docker compose:
docker compose -f /home/deployment/compose/docker-compose.yml logsjournalctl -t update-images