See Ansible-Hydra Submodule for details of the submodule we use
See Editing Ansible for notes on current practices for editing.
Building a new machine on AWS with Ansible
Note: ansible-vault password and all current AWS keys are in shared network drive Othmer Library\Digital Collections - Internal Access\Authentication - Confidential
If you do not have access, speak with Michelle about getting added to the allowed
...
group.
- Check ansible variables in the encrypted file
- $ ansible-vault edit group_vars/all (will need password)
- Look for # Use these temporarily for new instances
- RIght now certain values such as fedora_ip, solr_ip, and the rest will need to be determined once the box has been built and a valid IP exists.
- Generally speaking the best way to build boxes to minimize needing to go back and edit IPs is
- Fedora
- Solr
- Sufia machines (riiif, app)
- ensure your ssh key is listed under keys_to_add, this is needed for capistrano deploys and ssh access with your personal account.
- $ ansible-vault edit group_vars/all (will need password)
- run the ansible playbook
- $ ansible-playbook create_ec2.yml --ask-vault-pass --private-key=/PATH/TO/KEY --extra-vars "role=ROLE tier=SERVICE_LEVEL" --extra-vars "@group_vars/ROLE_SERVICE_LEVEL_override"
- Use chf_prod.pem for all production level machines
- Use test.pem for all other machines
- Select the role and service level of the machine you want to build.
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=target]
- target can be one of the groups in the hosts file: staging, production, dev, ec2hosts
- $ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=target]
- $ ansible-playbook create_ec2.yml --ask-vault-pass --private-key=/PATH/TO/KEY --extra-vars "role=ROLE tier=SERVICE_LEVEL" --extra-vars "@group_vars/ROLE_SERVICE_LEVEL_override"
- Assign an elastic IP to the new box if if needs one
- Consider naming the aws volumes for 'root' and 'data' – this isn't done in the scripts (but probably could be!)
- Set up to use capistrano (below) or just deploy with capistrano (above)
- Run configure_prod.yml if on production to set up e-mail password resets, ssl, and backup procedures.
Updating boxes with Ansible
New AWS Key
- Generate a new ssh key on AWS (EC2 > Keypairs)
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
...