Deploy the application with Capistrano
- cd cd into the root dir of our code your chf-sufia repository
$ bundle exec cap [staging|production] deploy
...
bundle exec cap staging maintenance:enable REASON="a test of maintenance mode" UNTIL="12pm Eastern Time"
- Deploy as usual / desired
- Do anything else needed on the server that required the downtime
bundle exec cap staging maintenance:disable
...
- (Note: ansible-vault password and all current AWS keys are in shared network drive)
- Generate a new ssh key on AWS (EC2 > Keypairs)
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
- Check ansible variables
- $ ansible-vault edit group_vars/all
- Look for # Use these temporarily for new instances
- ensure your ssh key is listed under keys_to_add
- run the ansible playbook
- $ ansible-playbook -i ../ hosts ansible-inventoryhydra/hosts create_ec2.yml --private-key=/Userspath/to/aheadleyyour/.ssh/chf_prodkey.pem --ask-vault-pass
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i ../ hosts ansible-inventoryhydra/hosts [playbook] my_playbook.yml --ask-vault-pass
- note that if there's a failure during postgres setup handlers may not run – watch out for this. if this happens it's potentially best to start over completely.
- Assign an elastic IP to the new box
- Ask IT to give you a DNS entry for the elastic IP if desired
- Consider naming the aws volumes for 'root' and 'data' – this isn't done in the scripts (but probably could be!)
- Set up to use capistrano (below) or just deploy with capistrano (above)
...
Code lives at https://github.com/curationexperts/ansible-hydra
Local Wrapper with local configuration lives at https://bitbucket.org/ChemicalHeritageFoundation/ansible-inventory. Wrapper contains:
- our hosts file
- our group_vars files
- ansible-hydra as a git submodule
- an ansible.config which points to ansible-hydra for roles_path.
Aside: pull requests can be submitted via branches; there's really no need to fork this repo since we'll all be owners.
to explore: We should be able to keep local playbooks in here and point them to the roles in the central repo by setting roles_path in a config file.
To use, clone each of these into the same parent directly (I like to use ~/src). Commands above have been adjusted to assume this organization. If you want to put them in different directories, just point to the hosts file wherever you decided to put it.
This design works because ansible looks for group_vars in a location relative to the inventory / hosts file you pass on the command line.To use
- $ git clone clone git@bitbucket.org:ChemicalHeritageFoundation/ansible-inventory.git
- $ cd ansible-inventory
- $ git submodule update --init
Subsequently, when you pull ansible-inventory and the submodule has been updated, just run
- $ git submodule update
AWS - add new user
- IAM (identity & access management) > Users > Create New Users.
- Enter user name, uncheck 'generate an access key', create
- select newly-created username > 'permissions' tab > Attach policy (you can look at policies on other users if needed)
- 'security credentials' tab > 'assign an auto-generated password', check 'require user to create a new password at next sign-in'
- download the security credentials.
- (another option is to have the person stand right next to you and give themselves a temporary password)
- Stick the credentials somewhere safe!
- Get user to sign on and reset password.
...