...
Our Ansible configuration is stored at at https://bitbucketgithub.orgcom/ChemicalHeritageFoundationsciencehistory/ansible-inventory.git .
Before making any changes to the Ansible codebase, you will want to read up on our typical Ansible development workflow .
Overview of the codebase
The information in the Bitbucket repository is organized into four main file types: the hosts file, a set of playbooks, roles called by each playbook, and encrypted variables files.
...
- "Tier" categories:
- prod: production servers.
- stage: staging servers.
- dev: development servers. (Currently empty; our dev servers are not currently managed by Ansible.)
- "Role" categories:
- fedora: a server on which Ansible knows to install Fedora.
- solr: a server on which Ansible knows to install SOLR.
- app: a server on which Ansible knows to install the digital collections application (chf-sufia.)
- jobs: a server whose purpose is to run background jobs.
- monitor: a server on which Ansible knows to install Netdata, our monitoring software (see https://github.com/firehol/netdata).
- aspace: an ArchivesSpace server (see http://archivesspace.org/).
...
ls -1 ansible-inventory/group_vars | while read N ; do echo $N: ; \
ansible-vault --vault-password-file FILE_CONTAINING_PASSWORD \
view ansible-inventory/group_vars/$N | grep -i STRING_TO_LOOK_FOR ; done
More details
...
...
Building a new machine on AWS with Ansible
...
- Check ansible variables in the encrypted file
$ ansible-vault edit --vault-password-file /your/ansible_password.txt group_vars/all
Look for # Use these temporarily for new instancesRIght now certain values such as fedora_ip, solr_ip, and the rest will need to be determined once the box has been built and a valid IP exists.- Generally speaking the best way to build boxes to minimize needing to go back and edit IPs is
- Fedora
- Solr
- Sufia machines (riiif, app)
- ensure your ssh key is listed under keys_to_add, this is needed for capistrano deploys and ssh access with your personal account.
- $ ansible-playbook create_ec2.yml --ask-vault-pass --private-key=/PATH/TO/KEY --extra-vars "role=ROLE tier=SERVICE_LEVEL" --extra-vars "@group_vars/ROLE_SERVICE_LEVEL_override"
- Use chf_prod.pem for all production level machines
- Use test.pem for all other machines
- Select the role and service level of the machine you want to build.
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=target]
- target can be one of the groups in the hosts file: staging, production, dev, ec2hosts
- $ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=target]
...
Creating a test box using Ansible
...
- Generate a new ssh key on AWS (EC2 > Keypairs)
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
Git repositories for ansible - structure and use
A wrapper with local configuration lives at https://bitbucket.org/ChemicalHeritageFoundation/ansible-inventory. Wrapper contains:
- our hosts file
- our group_vars files
- our roles
- an ansible.config which points to ansible-hydra for roles_path.
- playbooks
Aside: pull requests can be submitted via branches; there's really no need to fork this repo since we'll all be owners.
To use
- $ git clone clone git@bitbucket.org:ChemicalHeritageFoundation/ansible-inventory.git
- $ cd ansible-inventory
Playbook Notes
...