task: add prod.inventory and prod.yml to allow to run Ansible from CI

Part of #1125
Required for #1631

[skip ci]

Author: php-coder

.github/workflows/provision-by-ansible.yml

@@ -33,6 +33,33 @@ jobs:
         # See https://docs.ansible.com/ansible/2.10/installation_guide/intro_installation.html#installing-devel-from-github-with-pip
         run: python3 -m pip install --user https://github.com/ansible/ansible/archive/refs/tags/v2.10.17.tar.gz
 
+      - name: Show ansible version
+        run: ansible --version
+
+      - name: Decrypt ansible files
+        working-directory: infra/vagrant
+        env:
+          # https://docs.github.com/en/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow
+          VAULT_PASSWORD: ${{ secrets.VAULT_PASSWORD }}
+        run: |
+          printf '%s' "$VAULT_PASSWORD" >vault-pass.txt
+
+          for FILENAME in provisioning/vars/prod.yml; do
+            echo "Decrypting ${FILENAME}.enc to $FILENAME"
+            ansible-vault decrypt \
+              --vault-password-file vault-pass.txt \
+              --output "$FILENAME" \
+              "${FILENAME}.enc"
+          done
+
       - name: Run ansible in syntax check mode
+        working-directory: infra/vagrant
         run: ansible-playbook provisioning/prod.yml -i provisioning/prod.inventory --syntax-check
+
+      - name: Cleanup
+        if: always()
         working-directory: infra/vagrant
+        run: |
+          for FILE in vault-pass.txt provisioning/vars/prod.yml; do
+            [ ! -f "$FILE" ] || rm -fv "$FILE"
+          done

.gitignore

@@ -21,7 +21,6 @@ src/main/frontend/node_modules/
 # Vagrant related files
 .vagrant/
 infra/vagrant/provisioning/vagrant.retry
-infra/vagrant/provisioning/prod.inventory
 infra/vagrant/provisioning/vars/prod.yml
 infra/vagrant/provisioning/roles/php-coder.oraclejdk/
 infra/vagrant/provisioning/roles/php-coder.nginx/
@@ -39,7 +38,10 @@ infra/terraform/terraform.tfstate.backup
 infra/docker/application-prod.properties
 infra/docker/mysql_backup_mystamps.sql.gz
 
-# created by src/main/scripts/ci/deploy.sh or .github/workflows/provision-by-terraform.yml
+# created by:
+# src/main/scripts/ci/deploy.sh
+# .github/workflows/provision-by-ansible.yml
+# .github/workflows/provision-by-terraform.yml
 vault-pass.txt
 
 # created by src/main/scripts/ci/deploy.sh

infra/vagrant/provisioning/prod.inventory

@@ -0,0 +1,13 @@
+# Ansible inventory file
+# See: https://docs.ansible.com/ansible/2.10/user_guide/intro_inventory.html
+
+[prod]
+my-stamps.ru ansible_host=46.101.232.167
+
+[all:vars]
+ansible_user=coder
+ansible_ssh_private_key_file=/Users/coder/.ssh/mystamps_rsa
+
+# https://docs.ansible.com/ansible/2.10/reference_appendices/python_3_support.html#using-python-3-on-the-managed-machines-with-commands-and-playbooks
+# https://docs.ansible.com/ansible/2.10/reference_appendices/interpreter_discovery.html
+ansible_python_interpreter=/usr/bin/python3

infra/vagrant/provisioning/vars/prod.yml.enc

@@ -0,0 +1,29 @@
+$ANSIBLE_VAULT;1.1;AES256
+31383633616337333536623830663864613437393030393034323836633239623463383735313363
+3638316534376236666238343763626533376135633362660a373965346438346266653163613830
+63323334323330623363316438333133306364356639346464353663313730613130353461636237
+3736643233626662310a383133353338303335623333316331306139323334343565316333633030
+62323966656263373736353464326662356465363062356239373238663062396263306236633232
+35343165323639356637653030326263386235653965613438326566373739663938333730623765
+39343837393032303735386636363137323839626537303339303139633830666239366135393462
+35326163326666653433303536656633383831303533303236643333356461636361376364396338
+38366331396561393737313636623230666531363966636332343763363061366161666135336434
+66323038376137356163326139643338663330663535633938376163653163373039353165363135
+31333264633663306563346663336535616333626237356436626138653234326333633932666232
+38303761363464323164393830383261636436653962396131653833323866653364313338313836
+39316362653534326166393562396237633863663835646636343930326139646461343632613764
+33626634613736363664316134333365653632393537616139383864316662373839653262386263
+32616364616437343133393930613636396663383962313331353139353338306335623831316630
+61313765366339643537313835613134393363646539393037393665303863323966376565356335
+34356463333761303231333539653935633535353061313865303431393634313139386534363266
+32633866363164663461323834326131633431393663316237623630313034643830663434333631
+30666139393634616231393839303135363863643261353866613236633435353164396666386533
+38333433336364666139306666326437396336363439353032326137396139386335326336316132
+61343862353035633561613231383134313935346361393232313733333566336531396337343639
+63356631346238323838343561663265396264633533653836323131373835633064623961363335
+36306531356338353035383062363330336337343362333663396366393263346630363637333365
+35613037373139313966613534386664646431656239363465666166653166363630396166656632
+32386635333761393730393237663763386534386162313166656564343434643066613536633634
+61653365326162613363653431333433626562636462353537643739316236366535386463653830
+35323563353837386533663732323438656637613237366261303335376463646262323866323230
+34323731343430323236