One place for hosting & domains

      如何在Ubuntu 18.04上安装Python 3并建立本地编程环境


      简介

      Python是一种灵活多样的编程语言。它的用途广泛,在脚本、自动化、数据分析、机器学习和后端开发方面都具有优势。Python于1991年首次发行,名字的灵感来源于英国喜剧团体“Monty Python”,因此Python开发团队希望让Python用起来很有趣。易于安装配置、代码风格相对简单直接、有即时的反馈和报错,这些特性让Python成为编程初学者的一个很好选择,也同样适合有经验的程序员。Python 3是最新的版本 并被认为是Python的未来.

      本教程将指导你在本地Linux机器上安装Python 3,并且通过命令行设置编程环境。此教程将清楚地介绍Ubuntu 18.04的安装过程,但通用原则同样适用于Debian Linux的任何其他发行版。

      必备条件

      你需要一台安装了Ubuntu 18.04的计算机或虚拟机、对该计算机有管理员权限、机器需联网。你可以通过Ubuntu 18.04的发行版本网页去下载操作系统。

      第一步 — 配置Python 3

      我们将在命令行上完成安装和配置,命令行(command line)是一种与计算机交互的非图形方式。也就是说,不点击按钮而是输入文本,从计算机接收的反馈结果同样是文本形式。

      命令行(command line),也称为shell,或终端(terminal),可以帮助你修改和自动化众多“需要每天在计算机上执行的”任务,是程序员的基本工具。有许多终端命令可以学习,赋予你能力去做更强大的事。 这篇文章 “Linux终端命令行简介” 能让你更熟悉命令行。

      在Ubuntu 18.04上,你可以通过点击屏幕左上角的Ubuntu图标并在搜索栏中输入“Terminal”/“终端”,来找到终端应用程序。单击终端应用程序图标便可打开它。或者你可以同时按住键盘上的“CTRL”、“ALT”和“T”键来自动打开终端。

      Ubuntu终端命令行

      Ubuntu 18.04预装了Python 3和Python 2。为了确保我们的版本是最新的,让我们用apt命令去更新和升级系统。Ubuntu上的apt是英文Advanced Packaging Tool(高级软件包工具)的简写

      • sudo apt update
      • sudo apt -y upgrade

      此处的-y标志,将会确认我们同意安装所有项目,但根据你的Linux版本,在系统更新和升级时,你可能需要确认额外的系统提示。

      当此过程完成后,我们可以通过输入以下命令,去检查系统中安装的Python 3版本:

      你将在终端窗口中收到输出结果,它将告诉你版本号。版本号可能有所不同,但将会与此类似:

      Output

      Python 3.6.5

      为了管理Python的软件包,让我们安装pip。这个工具将安装和管理在开发项目中,我们可能会用到的软件包。若想了解更多关于“使用pip安装模块或软件包”的信息,你可以参考这篇文章:“如何在Python 3中调用模块.”

      • sudo apt install -y python3-pip

      Python的软件包安装,可以通过输入以下命令去实现:

      • pip3 install 软件包的名称

      这里的软件包的名称 可以是任何的Python软件包或软件库,比如用于网站开发的Django,或是用于科学运算的NumPy。 因此如果你想安装NumPy,你可以使用这个命令:pip3 install numpy

      有一些软件包和开发工具需要额外安装,以确保我们的编程环境有一个健全的配置:

      • sudo apt install build-essential libssl-dev libffi-dev python-dev

      如果有系统提示问是否同意安装,输入y

      设置好了Python,安装好了pip和其他工具,我们就可以为我们的开发项目设置一个“虚拟环境”。

      第二步 - 配置虚拟环境

      虚拟环境使您能够在计算机上为Python项目保留一个独立的空间,从而确保每个项目都有自己的一组依赖软件包,不会干扰任何其他项目。

      通过设置编程环境,我们可以更好地控制Python项目、以及管理不同版本的包。在使用第三方软件包时,这一点尤其重要。

      你可以设置任意多数量的Python编程环境。每个环境简单来讲,就是计算机中的一个目录或文件夹,其中包含一些脚本以使其成为“环境”。

      虽然有几种方法可以在Python中实现编程环境,我们将在这里使用venv模块,它是标准Python 3库的一部分。让我们输入以下命令来安装venv:

      • sudo apt install -y python3-venv

      安装好venv之后,我们就可以创建环境了。我们可以将Python编程环境放某个已有的目录中,也可以使用mkdir创建一个新目录,如下所示:

      • mkdir environments
      • cd environments

      当你进入希望安装环境群组的目录environments中之后,可以通过运行以下命令创建环境:

      总的来说这将设置一个新目录my_env,其中包含一些项目,可以使用ls进行查看:

      Output

      bin include lib lib64 pyvenv.cfg share

      这些文件会协同工作,以确保你的项目与本地计算机的大环境隔离,这样系统文件和项目文件就不会混合在一起。这是版本控制的良好实践,可以确保每个项目都可以访问特定的、其所需的包。Python Wheels是一种为Python构建的“包格式”,它可以通过减少需要编译的次数来加速软件生产,它位于Ubuntu 18.04的share目录中。

      你需要激活环境才能使用它,你可以通过输入以下命令,调用激活脚本:

      • source my_env/bin/activate

      现在命令行每行的行首提示,将以你的环境名作为前缀,在我们的情况下它被称为my_env。你的前缀可能看起来有些不同,但括号中的环境名称应该是在行首:

      这个前缀让我们知道环境my env当前处于活动状态,这意味着当我们在这里创建程序时,它们将只使用这个特定环境的设置和包。

      注意 在虚拟环境中,可以使用命令python代替python3,使用命令pip代替pip3。如果在环境之外的计算机上使用python3,则需要专门使用python3pip3命令。

      这些步骤完成后,你的虚拟环境就可以使用了。

      第三步 — 创建“Hello, World”程序

      现在我们已经建立了虚拟环境,让我们创建一个经典的的“Hello, World!”程序。这可以测试我们的环境,若还不熟悉Python,这个程序会让我们有机会更加熟悉它。

      为此我们将打开“命令行文本编辑器”(如nano)并创建一个新文件:

      当文本文件在终端窗口打开时,我们将输入我们的程序:

      print("Hello, World!")
      

      同时按下CTRLX退出nano,然后当提示问是否想保存时,按下y

      一旦你退出nano并返回到命令行,我们将运行这个程序:

      刚刚创建的hello.py程序应当使终端命令行输出以下结果:

      Output

      Hello, World!

      若想离开环境,只需输入命令deactivate即可返回到原始目录。

      总结

      恭喜!现在你已经在本地Ubuntu机器上设置了Python 3的编程环境,可以开始一个编程项目了!

      如果你使用着不同的计算机操作系统,请参阅我们与操作系统相关的系列教程:“如何为Python 3安装和设置本地编程环境”。或者,如果你使用的是Ubuntu服务器,可以参考这个教程 “如何在Ubuntu 18.04服务器上安装Python并设置编程环境”。

      在本地机器准备好进行软件开发之后,您可以继续学习Python编程,我们有一些免费教程供你参考如何用Python 3编程 电子书,或是参照编程项目教程。



      Source link

      How To Acquire a Let’s Encrypt Certificate Using Ansible on Ubuntu 18.04


      The author selected the Electronic Frontier Foundation to receive a donation as part of the Write for DOnations program.

      Introduction

      Modern infrastructure management is best done using automated processes and tools. Acquiring a Let’s Encrypt certificate using the standard Certbot client is quick and easy, but is generally a task that has to be done manually when commissioning servers. This is manageable for an individual server setup, but can become tedious when deploying a larger fleet.

      Using a configuration management tool such as Ansible to acquire a certificate makes this task completely automatic and reproducible. If you ever have to rebuild or update your server, you can just run your Ansible playbook, rather than having to manually carry out the steps again.

      In this tutorial, you’ll write an Ansible playbook to acquire a Let’s Encrypt certificate automatically for an Ansible host machine.

      Prerequisites

      To complete this tutorial, you will need:

      The first server will be used as your Ansible server, which we will call Ansible server throughout this tutorial. This is where Ansible will run to send the commands to the host machine. Alternatively, you can use your local machine or any other machine that has your Ansible inventory configured as your Ansible server.

      On your Ansible server, you’ll need:

      The second server will be used as your Ansible host, which we will call the host machine throughout this tutorial. This is the machine that you wish to configure and issue certificates on. This machine will also run a web server to serve the certificate issuance validation files.

      On your host machine, you’ll need:

      • A domain name that you are eligible to acquire a TLS certificate for, with the required DNS records configured to point to your Ansible host machine. In this particular example, the playbook will acquire a certificate valid for your-domain and www.your-domain, however it can be adjusted for other domains or subdomains if required.

      • A web server that is accessible from the internet over port 80 (HTTP), for example by following steps 1, 2, and 3 of How To Install the Apache Web Server on Ubuntu 18.04. This could also be an Nginx server, or any other suitable web server software.

      Once you have these ready, log in to your Ansible server as your non-root user to begin.

      Step 1 — Configuring the Settings for the Let’s Encrypt Ansible Module

      Ansible has a built-in module named letsencrypt, which allows you to acquire valid TLS certificates using the ACME (Automated Certificate Management Environment) protocol.

      In this first step, you will add a host variables configuration file to define the configuration variables that are required to use the module.

      Note: The letsencrypt module has been renamed to acme_certificate as of Ansible 2.6. The letsencrypt name is now an alias of acme_certificate, so will still work, but you way wish to use acme_certificate instead, to ensure future-proofness of your playbooks. You can check your Ansible version using ansible --version. As of the writing of this tutorial, the Ubuntu 18.04 Apt repositories don’t support acme_certificate yet.

      Firstly, create the host_vars Ansible directory on your Ansible server:

      • sudo mkdir /etc/ansible/host_vars

      Next, create a new file in the /etc/ansible/host_vars directory with the name of your Ansible host machine. In this example, you’ll use host1 as the name of the host:

      • sudo nano /etc/ansible/host_vars/host1

      The following sample configuration includes everything you need to get started, including: the validation method and server address, an email address to receive certificate expiry reminders to, and the directories where your Let’s Encrypt keys and certificates will be saved.

      Copy the sample configuration into the file:

      /etc/ansible/host_vars/host1

      ---
      acme_challenge_type: http-01
      acme_directory: https://acme-v02.api.letsencrypt.org/directory
      acme_version: 2
      acme_email: certificate-reminders@your-domain
      letsencrypt_dir: /etc/letsencrypt
      letsencrypt_keys_dir: /etc/letsencrypt/keys
      letsencrypt_csrs_dir: /etc/letsencrypt/csrs
      letsencrypt_certs_dir: /etc/letsencrypt/certs
      letsencrypt_account_key: /etc/letsencrypt/account/account.key
      domain_name: your-domain
      

      Save and close the file when you’ve finished.

      Adjust the domain name and email address as required. You can use any email address—it doesn’t have to be the one on your-domain.

      Some of the directory/file paths defined may not actually exist on your server yet. This is OK; the first part of the playbook will be to create these directories and assign the relevant permissions.

      You’ve added the required configuration variables to your Ansible inventory file. Next, you will begin writing the playbook to acquire a certificate.

      Step 2 — Creating the Let’s Encrypt Directories and Account Key

      In this step, you’ll write the Ansible tasks that you’ll use to create the required Let’s Encrypt directories, assign the correct permissions, and generate a Let’s Encrypt account key.

      Firstly, create a new playbook named letsencrypt-issue.yml on your Ansible server in a new directory of your choice, for example /home/user/ansible-playbooks:

      • cd ~
      • mkdir ansible-playbooks
      • cd ansible-playbooks
      • nano letsencrypt-issue.yml

      Before you can start writing Ansible tasks, you’ll need to specify the hosts and associated settings. Adjust the following according to how you referred to your hosts in the prerequisite tutorial. Then add the following to the top of the file:

      letsencrypt-issue.yml

      ---
      - hosts: "host1"
        tasks:
      

      Now you can begin writing the required tasks, the first of which is to create the file system directories required to store the Let’s Encrypt files. Add the following Ansible task to the file after the previous content:

      letsencrypt-issue.yml

      ...
        - name: "Create required directories in /etc/letsencrypt"
          file:
            path: "/etc/letsencrypt/{{ item }}"
            state: directory
            owner: root
            group: root
            mode: u=rwx,g=x,o=x
          with_items:
          - account
          - certs
          - csrs
          - keys
      

      This Ansible task will create the account, certs, csrs, and keys directories in /etc/letsencrypt, which is where the files required for acquiring certificates will be stored.

      You set the owner of the directories to root and apply the permissions u=rwx,g=x,o=x so that only root has read and write access to them. This is recommended as the directories will contain private keys, certificate signing requests (CSRs), and signed certificates, which should be kept confidential.

      Next, the Let’s Encrypt account key needs to be created. You’ll use this to identify yourself to the Let’s Encrypt service.

      Add the following task to your playbook:

      letsencrypt-issue.yml

      ...
        - name: "Generate a Let's Encrypt account key"
          shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi"
      

      The account key doesn’t need to be re-created every time you renew the certificates, so you also add a check for an existing key if [ ! -f {{ letsencrypt_account_key }} ];, to make sure that it isn’t overwritten.

      You’ll continue to work in letsencrypt-issue.yml in the next step, so don’t close this file yet.

      You’ve created your playbook and set up the initial configuration and tasks in order to prepare for acquiring your Let’s Encrypt certificate. Next, you will add further tasks for the private key and CSR generation.

      Step 3 — Generating Your Private Key and Certificate Signing Request

      In this step, you’ll write the playbook tasks to generate the required private key and certificate signing request.

      The first task in this section will generate the required private key for your certificate. Add the following to the end of your playbook that you started writing in Step 2:

      letsencrypt-issue.yml

      ...
        - name: "Generate Let's Encrypt private key"
          shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ domain_name }}.key"
      

      Subdomains on the same domain will all be added to the same certificate through the use of Subject Alternate Names (SANs), so you only need to generate one private key for now.

      You’ll use the next task to generate a Certificate Signing Request (CSR) for the certificate that you want to acquire. This is submitted to Let’s Encrypt in order for them to validate and issue each certificate.

      Add the following to the end of the playbook:

      letsencrypt-issue.yml

      ...
        - name: "Generate Let's Encrypt CSR"
          shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ domain_name }}.key -subj "/CN={{ domain_name }}" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "n[SAN]nsubjectAltName=DNS:{{ domain_name }},DNS:www.{{ domain_name }}")) | sudo tee /etc/letsencrypt/csrs/{{ domain_name }}.csr"
          args:
            executable: /bin/bash
      

      This task generates a CSR for your domain, with the www subdomain added to the certificate as a SAN.

      You’ll continue to work in letsencrypt-issue.yml in the next step, so don’t close this file yet.

      You’ve written the Ansible tasks to generate the private key and CSR for your certificate. Next, you’ll work on the tasks that will begin the validation and issuance process.

      Step 4 — Starting the ACME Validation Process

      In this step, you’ll write a task to submit the Certificate Signing Request to Let’s Encrypt using the outputted files from the task documented in Step 3. This will return some challenge files, which you’ll need to serve on your web server in order to prove ownership of the domain name and subdomain for which you’re requesting a certificate.

      The following task will submit the CSR for your-domain. Add it to the end of your playbook:

      letsencrypt-issue.yml

      ...
        - name: "Begin Let's Encrypt challenges"
          letsencrypt:
            acme_directory: "{{ acme_directory }}"
            acme_version: "{{ acme_version }}"
            account_key_src: "{{ letsencrypt_account_key }}"
            account_email: "{{ acme_email }}"
            terms_agreed: 1
            challenge: "{{ acme_challenge_type }}"
            csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
            dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
            fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}.crt"
            remaining_days: 91
          register: acme_challenge_your_domain
      

      This task makes wide usage of the variables that you configured in Step 1. It registers a variable containing the ACME challenge files that you’ll use in the next step. You’ll need to manually adjust the name of the variable to contain your-domain, but with all . characters replaced with a _, as dots cannot be used in a variable name. For example, the variable for example.com would become acme_challenge_example_com.

      You’ll continue to work in letsencrypt-issue.yml in the next step, so don’t close this file yet.

      You’ve written a task to submit your CSR to Let’s Encrypt. Next, you will add a task to implement the ACME challenge files for finalization of the certificate validation process.

      Step 5 — Implementing the ACME Challenge Files

      In this step, you will write an Ansible task to read and implement the ACME challenge files. These files prove that you’re eligible to acquire a certificate for the requested domains and subdomains.

      The ACME challenge files must be served on a web server listening on port 80, at the /.well-known/acme-challenge/ path for the domain or subdomain that you’re requesting a certificate for. For example, in order to validate the certificate request for www.your-domain, the ACME challenge file will need to be accessible over the internet at the following path: http://www.your-domain/.well-known/acme-challenge.

      The method for serving these files at the required destinations will vary significantly depending on your current web server setup. However, in this guide, we will assume that you have a web server (as per the prerequisite tutorial) configured to serve files out of the /var/www/html directory. Therefore you may need to adjust the task accordingly in order to be compatible with your own web server setup.

      Firstly, add the following task that creates the .well-known/acme-challenge/ directory structure required to serve the files to the end of your playbook:

      letsencrypt-issue.yml

      ...
        - name: "Create .well-known/acme-challenge directory"
          file:
            path: /var/www/html/.well-known/acme-challenge
            state: directory
            owner: root
            group: root
            mode: u=rwx,g=rx,o=rx
      

      Make sure to adjust the path accordingly if you are using a directory other than /var/www/html to serve files with your web server.

      Next, you’ll implement the ACME challenge files that were saved into the acme_challenge_your-domain variable in Step 4 with the following task:

      letsencrypt-issue.yml

      ...
        - name: "Implement http-01 challenge files"
          copy:
            content: "{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource_value'] }}"
            dest: "/var/www/html/{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource'] }}"
            owner: root
            group: root
            mode: u=rw,g=r,o=r
          with_items:
          - "{{ domain_name }}"
          - "www.{{ domain_name }}"
      

      Note that you need to manually adjust the acme_challenge_your_domain variable name in the task to be set to the name of your ACME challenge variable, which is acme_challenge_ followed by your domain name, but with all . characters replaced with _. This Ansible task copies the ACME validation files from the variable into the .well-known/acme-challenge path on your web server. This will allow Let’s Encrypt to retrieve them in order to verify the ownership of the domain and your eligibility to acquire a certificate.

      You’ll continue to work in letsencrypt-issue.yml in the next step, so don’t close this file yet.

      You’ve written the Ansible tasks required to create the ACME validation directory and files. Next, you will complete the ACME verification process and acquire the signed certificate.

      Step 6 — Acquiring Your Certificate

      In this step, you’ll write a task to trigger Let’s Encrypt to verify the ACME challenge files that you submitted, which will allow you to acquire your signed certificate(s).

      The following task validates the ACME challenge files that you implemented in Step 5 and saves your signed certificates to the specified paths. Add it to the end of your playbook:

      letsencrypt-issue.yml

      ...
        - name: "Complete Let's Encrypt challenges"
          letsencrypt:
            acme_directory: "{{ acme_directory }}"
            acme_version: "{{ acme_version }}"
            account_key_src: "{{ letsencrypt_account_key }}"
            account_email: "{{ acme_email }}"
            challenge: "{{ acme_challenge_type }}"
            csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
            dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
            chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ domain_name }}.crt"
            fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}"
            data: "{{ acme_challenge_your_domain }}"
      

      Similarly to Step 4, this task makes use of the variables that you configured in Step 1. Once the task has completed, it will save the signed certificate to the specified paths, allowing you to begin using it for your application or service.

      Note that you’ll need to manually adjust the data value in the task to be set to the name of your ACME challenge variable, similarly to Step 5.

      Following is the full playbook showing each of the tasks you’ve added:

      letsencrypt-issue.yml

      - hosts: "host1"
        tasks:
      
        - name: "Create required directories in /etc/letsencrypt"
          file:
            path: "/etc/letsencrypt/{{ item }}"
            state: directory
            owner: root
            group: root
            mode: u=rwx,g=x,o=x
          with_items:
          - account
          - certs
          - csrs
          - keys
      
        - name: "Generate a Let's Encrypt account key"
          shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi"
      
        - name: "Generate Let's Encrypt private key"
          shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ domain_name }}.key"
      
        - name: "Generate Let's Encrypt CSR"
          shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ domain_name }}.key -subj "/CN={{ domain_name }}" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "n[SAN]nsubjectAltName=DNS:{{ domain_name }},DNS:www.{{ domain_name }}")) | sudo tee /etc/letsencrypt/csrs/{{ domain_name }}.csr"
          args:
            executable: /bin/bash
      
        - name: "Begin Let's Encrypt challenges"
          letsencrypt:
            acme_directory: "{{ acme_directory }}"
            acme_version: "{{ acme_version }}"
            account_key_src: "{{ letsencrypt_account_key }}"
            account_email: "{{ acme_email }}"
            terms_agreed: 1
            challenge: "{{ acme_challenge_type }}"
            csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
            dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
            fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}.crt"
            remaining_days: 91
          register: acme_challenge_your_domain
      
        - name: "Create .well-known/acme-challenge directory"
          file:
            path: /var/www/html/.well-known/acme-challenge
            state: directory
            owner: root
            group: root
            mode: u=rwx,g=rx,o=rx
      
        - name: "Implement http-01 challenge files"
          copy:
            content: "{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource_value'] }}"
            dest: "/var/www/html/{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource'] }}"
            owner: root
            group: root
            mode: u=rw,g=r,o=r
          with_items:
          - "{{ domain_name }}"
          - "www.{{ domain_name }}"
      
        - name: "Complete Let's Encrypt challenges"
          letsencrypt:
            acme_directory: "{{ acme_directory }}"
            acme_version: "{{ acme_version }}"
            account_key_src: "{{ letsencrypt_account_key }}"
            account_email: "{{ acme_email }}"
            challenge: "{{ acme_challenge_type }}"
            csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
            dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
            chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ domain_name }}.crt"
            fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}"
            data: "{{ acme_challenge_your_domain }}"
      

      Save and close your file when you’re finished.

      You’ve added the task to complete the ACME challenges and acquire your signed certificate. Next, you’ll run the playbook against your Ansible host machine in order to run all of the actions.

      Step 7 — Running Your Playbook

      Now that you’ve written the playbook and all of the required tasks, you can run it against your Ansible host machine to issue the certificate.

      From your Ansible server, you can run the playbook using the ansible-playbook command:

      • ansible-playbook letsencrypt-issue.yml

      This will run the playbook, one task at a time. You’ll see output similar to the following:

      Output

      PLAY [host1] ********************************************************************************** TASK [Gathering Facts] ************************************************************************ ok: [host1] TASK [Create required directories in /etc/letsencrypt] **************************************** changed: [host1] => (item=account) changed: [host1] => (item=certs) changed: [host1] => (item=csrs) changed: [host1] => (item=keys) TASK [Generate a Let's Encrypt account key] *************************************************** changed: [host1] TASK [Generate Let's Encrypt private key] ***************************************************** changed: [host1] TASK [Generate Let's Encrypt CSR] ************************************************************* changed: [host1] TASK [Begin Let's Encrypt challenges] ********************************************************* changed: [host1] TASK [Create .well-known/acme-challenge directory] ******************************************** changed: [host1] TASK [Implement http-01 challenge files] ****************************************************** changed: [host1] => (item=your-domain) changed: [host1] => (item=www.your-domain) TASK [Complete Let's Encrypt challenges] ****************************************************** changed: [host1] PLAY RECAP ************************************************************************************ host1 : ok=9 changed=8 unreachable=0 failed=0

      If any errors are encountered while the playbook is running, these will be outputted for your review.

      Once the playbook has finished, your valid Let’s Encrypt certificate will be saved to the /etc/letsencrypt/certs directory on your host machine. You can then use this, along with the private key in /etc/letsencrypt/keys, to secure connections to your web server, mail server, etc.

      Let’s Encrypt certificates are valid for 90 days by default. You will receive renewal reminders via email to the address that you specified in Step 1. To renew your certificate, you can run the playbook again. Make sure to double check that any services using your certificate have picked up the new one, as sometimes you may need to manually install it, move it to a particular directory, or restart the service for it to properly adopt the new certificate.

      In this step, you ran your playbook which issued your valid Let’s Encrypt certificate.

      Conclusion

      In this article you wrote an Ansible playbook to request and acquire a valid Let’s Encrypt certificate.

      As a next step, you can look into using your new playbook to issue certificates for a large fleet of servers. You could even create a central ACME validation server that can issue certificates centrally and distribute them out to web servers.

      Finally, if you’d like to learn more about the ACME specification and Let’s Encrypt project, you may wish to review the following links:

      You may also like to view some other relevant Ansible tutorials:



      Source link

      A Beginner's Guide to Kubernetes


      Updated by Linode Contributed by Linode

      A Beginner's Guide to Kubernetes

      Kubernetes, often referred to as k8s, is an open source container orchestration system that helps deploy and manage containerized applications. Developed by Google starting in 2014 and written in the Go language, Kubernetes is quickly becoming the standard way to architect horizontally-scalable applications.

      This guide is the parent to the five-part series of Beginner’s Guides to Kubernetes:

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      Find answers, ask questions, and help others.

      This guide is published under a CC BY-ND 4.0 license.



      Source link