...
...
...
...
...
...
...
What version of fedora is running?
it's in the footer of the main page
for example http://localhost:8080/fedora/
*Update the changelog when deploying!
Deploy the application with Capistrano (Obsolete)
- cd into the root dir of your chf-sufia repository
$ bundle exec cap [staging|production] deploy
On the first time deploying to a Solr box you must add the flag solr_restart=true to the deploy
- If this is the first deploy, you need to start web services (because before this there was no project and apache / tomcat would fail to find various directories and config files). ssh to the ec2 machine as the sudo (ubuntu) user.
...
bundle exec cap staging deploy --dry-run --trace – shows you the whole deployment with capistrano task execution info.
- hook syntax: http://capistranorb.com/documentation/getting-started/before-after/#
Our cap recipe will automatically send a slack notification IF you set in your unix env, `export SLACK_NOTIFICATION_WEBHOOK=webhook`. Get webhook from someone.
Deploy with downtime
bundle exec cap staging maintenance:enable REASON="a test of maintenance mode" UNTIL="12pm Eastern Time"
- It'll read "The system is down for [REASON] It'll be back [UNTIL]"
- Deploy as usual / desired
- Do anything else needed on the server that required the downtime
bundle exec cap staging maintenance:disable
Delete all the data
(Don't do this on prod!)
Shut down tomcat
rm -rf /opt/fedora-data/*
rm -rf /opt/solr/collection1/data/*
Delete database stuff (notifications, mostly)
psql -U chf_pg_hydra -d chf_hydra
delete from mailboxer_receipts where created_at < '2015-11-9';
delete from mailboxer_notifications where created_at < '2015-11-9';
delete from mailboxer_conversations where created_at < '2015-11-9';
delete from trophies where created_at < '2015-11-9';
Building a new machine on AWS with Ansible
...
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
...
- $ ansible-vault edit group_vars/all
- Look for # Use these temporarily for new instances
- ensure your ssh key is listed under keys_to_add
...
- $ ansible-playbook -i hosts ansible-hydra/create_ec2.yml --private-key=/path/to/your/.ssh/key.pem --ask-vault-pass
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i hosts ansible-hydra/my_playbook.yml --ask-vault-pass [-e hosts=ec2hosts]
- note that if there's a failure during postgres setup handlers may not run – watch out for this. if this happens it's potentially best to start over completely.
...
Set up Capistrano (first-time use)
Create an entry for the deploy user in your .ssh/config:
Host staging
Hostname NEW.IP
User hydep
#IdentityFile ~/.ssh/your_key
ForwardAgent yes
This keeps us from publishing server names, etc, in the cap config files which live in our public repo.don't change the Host designation without:Changing it in capistrano, e.g. deploy/staging.rb, to matchClearing it with everyone who might deploy (they'll have to change their ssh config as well.
- this will use your personal ssh key – the one that matches your public key on github, which is added to the deploy user by ansible scripts.
Git repositories for ansible - structure and use
Code lives at https://github.com/curationexperts/ansible-hydra
Wrapper with local configuration lives at https://bitbucket.org/ChemicalHeritageFoundation/ansible-inventory. Wrapper contains:
- our hosts file
- our group_vars files
- ansible-hydra as a git submodule
- an ansible.config which points to ansible-hydra for roles_path.
Aside: pull requests can be submitted via branches; there's really no need to fork this repo since we'll all be owners.
To use
- $ git clone clone git@bitbucket.org:ChemicalHeritageFoundation/ansible-inventory.git
- $ cd ansible-inventory
- $ git submodule update --init
Subsequently, when you pull ansible-inventory and the submodule has been updated, just run
- $ git submodule update
AWS - add new user
- IAM (identity & access management) > Users > Create New Users.
- Enter user name, uncheck 'generate an access key', create
- select newly-created username > 'permissions' tab > Attach policy (you can look at policies on other users if needed)
- 'security credentials' tab > 'assign an auto-generated password', check 'require user to create a new password at next sign-in'
- download the security credentials.
- (another option is to have the person stand right next to you and give themselves a temporary password)
- Stick the credentials somewhere safe!
- Get user to sign on and reset password.
...