Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version 7

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

See Ansible-Hydra Submodule for details of the submodule we use

See Editing Ansible for notes on current practices for editing.

Building a new machine on AWS with Ansible

Note: ansible-vault password and all current AWS keys are in shared network drive  Othmer Library\Digital Collections - Internal Access\Authentication - Confidential
If you do not have access, speak with Michelle about getting added to the allowed

...

group.

  1. Check ansible variables in the encrypted file
    1. $ ansible-vault edit group_vars/all (will need password)
    2. Look for # Use these temporarily for new instances
      1. RIght now certain values such as fedora_ip, solr_ip, and the rest will need to be determined once the box has been built and a valid IP exists.
      2. Generally speaking the best way to build boxes to minimize needing to go back and edit IPs is
        1. Fedora
        2. Solr
        3. Sufia machines (riiif, app)
    3. ensure your ssh key is listed under keys_to_add, this is needed for capistrano deploys and ssh access with your personal account.
  2. run the ansible playbook
    1. $ ansible-playbook create_ec2.yml --ask-vault-pass --private-key=/PATH/TO/KEY --extra-vars "role=ROLE tier=SERVICE_LEVEL" --extra-vars "@group_vars/ROLE_SERVICE_LEVEL_override"
      1. Use chf_prod.pem for all production level machines
      2. Use test.pem for all other machines
      3. Select the role and service level of the machine you want to build.
    2. OR, if you're re-running scripts on an existing machine: 
      1. $ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=target]
        1. target can be one of the groups in the hosts file: staging, production, dev, ec2hosts
  3. Assign an elastic IP to the new box if if needs one
  4. Consider naming the aws volumes for 'root' and 'data' – this isn't done in the scripts (but probably could be!)
  5. Set up to use capistrano (below) or just deploy with capistrano (above)
  6. Run configure_prod.yml if on production to set up e-mail password resets, ssl, and backup procedures.


Updating boxes with Ansible



New AWS Key

  1. Generate a new ssh key on AWS (EC2 > Keypairs)
    1. place it in ~/.ssh
    2. chmod 0600.
    1. useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check

...