...

Our Ansible configuration is stored at at https://bitbucketgithub.orgcom/ChemicalHeritageFoundationsciencehistory/ansible-inventory.git .

Before making any changes to the Ansible codebase, you will want to read up on our typical Ansible development workflow .

Overview of the codebase

The information in the Bitbucket repository is organized into four main file types: the hosts file, a set of playbooks, roles called by each playbook, and encrypted variables files.

...

• "Tier" categories:
  • prod: production servers.
  • stage: staging servers.
  • dev: development servers. (Currently empty; our dev servers are not currently managed by Ansible.)
• "Role" categories:
  • fedora: a server on which Ansible knows to install Fedora.
  • solr: a server on which Ansible knows to install SOLR.
  • app: a server on which Ansible knows to install the digital collections application (chf-sufia.)
  • jobs: a server whose purpose is to run background jobs.
  • monitor: a server on which Ansible knows to install Netdata, our monitoring software (see https://github.com/firehol/netdata).
  • aspace: an ArchivesSpace server (see http://archivesspace.org/).

...

ls -1 ansible-inventory/group_vars | while read N ; do echo $N: ; \
ansible-vault --vault-password-file FILE_CONTAINING_PASSWORD \
view ansible-inventory/group_vars/$N | grep -i STRING_TO_LOOK_FOR ; done

More details

...

...
Building a new machine on AWS with Ansible
...
Check ansible variables in the encrypted file
$ ansible-vault edit --vault-password-file /your/ansible_password.txt group_vars/all
Look for # Use these temporarily for new instancesRIght now certain values such as fedora_ip, solr_ip, and the rest will need to be determined once the box has been built and a valid IP exists.
Generally speaking the best way to build boxes to minimize needing to go back and edit IPs is
Fedora
Solr
Sufia machines (riiif, app)
ensure your ssh key is listed under keys_to_add, this is needed for capistrano deploys and ssh access with your personal account.
run the ansible playbook
$ ansible-playbook create_ec2.yml --ask-vault-pass --private-key=/PATH/TO/KEY --extra-vars "role=ROLE tier=SERVICE_LEVEL" --extra-vars "@group_vars/ROLE_SERVICE_LEVEL_override"
Use chf_prod.pem for all production level machines
Use test.pem for all other machines
Select the role and service level of the machine you want to build.
OR, if you're re-running scripts on an existing machine: 
$ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=target]
target can be one of the groups in the hosts file: staging, production, dev, ec2hosts
Assign an elastic IP to the new box if if needs one
Consider naming the aws volumes for 'root' and 'data' – this isn't done in the scripts (but probably could be!)
Set up to use capistrano (below) or just deploy with capistrano (above)
Run configure_prod.yml if on production to set up e-mail password resets, ssl, and backup procedures.
...

Creating a test box using Ansible
...
Generate a new ssh key on AWS (EC2 > Keypairs)
place it in ~/.ssh
chmod 0600.
useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
Git repositories for ansible - structure and use
A wrapper with local configuration lives at https://bitbucket.org/ChemicalHeritageFoundation/ansible-inventory. Wrapper contains:
our hosts file
our group_vars files
our roles
an ansible.config which points to ansible-hydra for roles_path.
playbooks
Aside: pull requests can be submitted via branches; there's really no need to fork this repo since we'll all be owners.
To use
$ git clone clone git@bitbucket.org:ChemicalHeritageFoundation/ansible-inventory.git
$ cd ansible-inventory
Playbook Notes
...