Versions Compared

Old Version 17

changes.mady.by.user Anna Headley

Saved on

compared with

New Version 18

changes.mady.by.user Anna Headley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Notes from conversations with Alicia

TODO

  • (this list migrated to basecamp)
  • create google doc from alicia's report, integrate these notes into that!

 

Executing the scripts

...

Process documentation

Deploy the application with Capistrano

  •  cd into the root dir of our code repository

$ bundle exec cap [staging|production] deploy

  • ssh to the ec2 machine as 'ubuntu' user (because you will need sudo). you can create a new ssh config entry if you want; either use the key you downloaded in the first step or if you have added your own key you can use that.

$ sudo service tomcat7 restart

$ sudo service apache2 restart

Building a new machine on AWS with Ansible

  1. (Note: ansible-vault password and all current AWS keys are in shared network drive)
  2. Generate a new ssh key on AWS
    1. place it in ~/.ssh
    2. chmod 0600.
    1. useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
  3. Check ansible variables
    1. $ ansible-vault edit group_vars/all
    2. look for "# CHANGE PER INSTANCE" comments
    3. ensure your ssh keys is listed under keys_to_add
  4. run the ansible playbook
    1. $ ansible-playbook -i hosts ec2.yml --private-key=/Users/aheadley/.ssh/annatest.pem --ask-vault-pass

(subsequent runs can be invoked without --private-key since I'm adding keys to the superuser in the ansible scripts)

# cd into the root dir of our code repository

$ bundle exec cap [staging|production] deploy

...

    1. OR, if you're re-running scripts on an existing machine: 
      1. $ ansible-playbook -i hosts [playbook] --ask-vault-pass
    2. note that if there's a failure during postgres setup handlers may not run – watch out for this. if this happens it's potentially best to start over completely.

First-time deploy

download the ssh key, possibly generating it on AWS frist. chmod 0600.

change the ec2_key var $ ansible-vault edit group_vars/all

(also potentially change ec2_security_group; different for dev and prod

useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check

ensure your ssh keys will be used for deploy; see in keys_to_add in group_vars/all

run the ansible playbook (see 'executing scripts' above)

...

  1. Set up to use capistrano (below) or just deploy with capistrano (above)

Set up Capistrano (first-time use)

Create an entry for the deploy user in your .ssh/config to make deployment easier, like:

Host staging
 Hostname NEW.IP
 User hydep
 #IdentityFile ~/.ssh/your_key
 ForwardAgent yes
  • This keeps us from publishing server names, etc, in the cap config files which live in our public repo.
  • don't change the Host designation without:
    • Changing it in capistrano, e.g. deploy/staging.rb, to match
    • Clearing it with everyone who might deploy (they'll have to change their ssh config as well.
  • this will use your personal ssh key – the one that matches your public key on github.

run capistrano deploy (see above)

ssh to the ec2 machine as 'ubuntu' user (because you will need sudo). you can create a new ssh config entry if you want; either use the key you downloaded in the first step or if you have added your own key you can use that.

$ sudo service tomcat7 restart

...

  • , which is added to the deploy user by ansible scripts.

General Notes

Notes from conversations with Alicia

AWS Web Console

Administration & security > IAM

...