0
I have a simple Django application that needs to use a MySQL database. There is a file settings.py
which contains a plain Python dictionary where I have to enter the MySQL credentials, it looks like this:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'django',
'USER': 'django',
'PASSWORD': 'django',
'HOST': 'localhost',
}
}
On the server (Debian) I use a checkout of the latest git version of my application. In that git repo, I have a branch production
which contains the database credentials that I have chosen for this server.
Now I would like to automate the deployment completely. Currently, I use Ansible to do a
git checkout production
git pull origin master
service apache2 restart
which works. The problem is that this database credential patch is on the server only. I would much rather have this patch centrally as well.
I thought I could let Ansible do the deployment of the vanilla version and then use Ansible to exchange the
PASSWORD
line. The downside is that the next run of Ansible would detect that the checkout has been changed and redo everything, making it inefficient.Then I thought about a Debian package for the whole thing. This would require to either bake the credentials into the package, which I cannot do since the package is going to be public (to use a Launchpad PPA).
Either way, I probably need to have the credentials in some location where the vanilla deployment would find that, like /etc/myapp/db.ini
.
What is a reasonable way to do this?
This is a good comment it just isn't a comment. Superuser is not a discussion forum, this would be a great response in a discussion forum, this just doesn't answer the author's question. – Ramhound – 2015-08-23T16:47:05.303
Thanks for the feedback. A bit new to contributing here, and I don't have enough rep yet to comment – MillerGeek – 2015-08-23T16:50:56.603
So earn the reputation in order comment on other people's questions, what you don't do, is post comments as answers because you can't submit comments. My first comment has a typo, it was suppose to say "great comment, it just isn't an answer", not whatever I said. – Ramhound – 2015-08-23T17:01:10.863