Notes from conversations with Alicia
TODO
- (this list migrated to basecamp)
- create google doc from alicia's report, integrate these notes into that!
Executing the scripts
...
Deploy the application with Capistrano
- cd into the root dir of our code repository
$ bundle exec cap [staging|production] deploy
- ssh to the ec2 machine as 'ubuntu' user (because you will need sudo). you can create a new ssh config entry if you want; either use the key you downloaded in the first step or if you have added your own key you can use that.
$ sudo service tomcat7 restart
$ sudo service apache2 restart
Building a new machine on AWS with Ansible
- (Note: ansible-vault password and all current AWS keys are in shared network drive)
- Generate a new ssh key on AWS
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
- Check ansible variables
- $ ansible-vault edit group_vars/all
- look for "# CHANGE PER INSTANCE" comments
- ensure your ssh keys is listed under keys_to_add
- run the ansible playbook
- $ ansible-playbook -i hosts ec2.yml --private-key=/Users/aheadley/.ssh/annatest.pem --ask-vault-pass
(subsequent runs can be invoked without --private-key since I'm adding keys to the superuser in the ansible scripts)
# cd into the root dir of our code repository
$ bundle exec cap [staging|production] deploy
...
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i hosts [playbook] --ask-vault-pass
- note that if there's a failure during postgres setup handlers may not run – watch out for this. if this happens it's potentially best to start over completely.
- OR, if you're re-running scripts on an existing machine:
First-time deploy
download the ssh key, possibly generating it on AWS frist. chmod 0600.
change the ec2_key var $ ansible-vault edit group_vars/all
(also potentially change ec2_security_group; different for dev and prod
useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
ensure your ssh keys will be used for deploy; see in keys_to_add in group_vars/all
run the ansible playbook (see 'executing scripts' above)
...
- Set up to use capistrano (below) or just deploy with capistrano (above)
Set up Capistrano (first-time use)
Create an entry for the deploy user in your .ssh/config to make deployment easier, like:
Host staging
Hostname NEW.IP
User hydep
#IdentityFile ~/.ssh/your_key
ForwardAgent yes
- This keeps us from publishing server names, etc, in the cap config files which live in our public repo.
- don't change the Host designation without:
- Changing it in capistrano, e.g. deploy/staging.rb, to match
- Clearing it with everyone who might deploy (they'll have to change their ssh config as well.
- this will use your personal ssh key – the one that matches your public key on github.
run capistrano deploy (see above)
ssh to the ec2 machine as 'ubuntu' user (because you will need sudo). you can create a new ssh config entry if you want; either use the key you downloaded in the first step or if you have added your own key you can use that.
$ sudo service tomcat7 restart
...
- , which is added to the deploy user by ansible scripts.
General Notes
Notes from conversations with Alicia
AWS Web Console
Administration & security > IAM
...