...
...
...
...
...
What version of fedora is running?
it's in the footer of the main page
for example http://localhost:8080/fedora/
What version of the app is deployed?
$ cat /opt/sufia-project/current/REVISION
*Update the changelog when deploying!
Deploy the application with Capistrano (Obsolete)
- cd into the root dir of your chf-sufia repository
$ bundle exec cap [staging|production] deploy
On the first time deploying to a Solr box you must add the flag solr_restart=true to the deploy
- If this is the first deploy, you need to start web services (because before this there was no project and apache / tomcat would fail to find various directories and config files). ssh to the ec2 machine as the sudo (ubuntu) user.
...
bundle exec cap staging deploy --dry-run --trace – shows you the whole deployment with capistrano task execution info.
- hook syntax: http://capistranorb.com/documentation/getting-started/before-after/#
Our cap recipe will automatically send a slack notification IF you set in your unix env, `export SLACK_NOTIFICATION_WEBHOOK=webhook`. Get webhook from someone.
Deploy with downtime
bundle exec cap staging maintenance:enable REASON="a test of maintenance mode" UNTIL="12pm Eastern Time"
- It'll read "The system is down for [REASON] It'll be back [UNTIL]"
- Deploy as usual / desired
- Do anything else needed on the server that required the downtime
bundle exec cap staging maintenance:disable
Building a new machine on AWS with Ansible
- (Note: ansible-vault password and all current AWS keys are in shared network drive)
- Generate a new ssh key on AWS (EC2 > Keypairs)
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
- Check ansible variables
- $ ansible-vault edit group_vars/all
- Look for # Use these temporarily for new instances
- ensure your ssh key is listed under keys_to_add
- run the ansible playbook
- $ ansible-playbook -i hosts create_ec2.yml --private-key=/path/to/your/.ssh/key.pem --ask-vault-pass
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i hosts my_playbook.yml --ask-vault-pass [-e hosts=ec2hosts]
- note that if there's a failure during postgres setup handlers may not run – watch out for this. if this happens it's potentially best to start over completely.
- Assign an elastic IP to the new box
- Ask IT to give you a DNS entry for the elastic IP if desired
- Consider naming the aws volumes for 'root' and 'data' – this isn't done in the scripts (but probably could be!)
- Set up to use capistrano (below) or just deploy with capistrano (above)
Set up Capistrano (first-time use)
Create an entry for the deploy user in your .ssh/config:
Host staging
Hostname NEW.IP
User hydep
#IdentityFile ~/.ssh/your_key
ForwardAgent yes
This keeps us from publishing server names, etc, in the cap config files which live in our public repo.don't change the Host designation without:Changing it in capistrano, e.g. deploy/staging.rb, to matchClearing it with everyone who might deploy (they'll have to change their ssh config as well.
- this will use your personal ssh key – the one that matches your public key on github, which is added to the deploy user by ansible scripts.
Git repositories for ansible - structure and use
Code lives at https://github.com/curationexperts/ansible-hydra
Wrapper with local configuration lives at https://bitbucket.org/ChemicalHeritageFoundation/ansible-inventory. Wrapper contains:
- our hosts file
- our group_vars files
- ansible-hydra as a git submodule
- an ansible.config which points to ansible-hydra for roles_path.
Aside: pull requests can be submitted via branches; there's really no need to fork this repo since we'll all be owners.
To use
- $ git clone clone git@bitbucket.org:ChemicalHeritageFoundation/ansible-inventory.git
- $ cd ansible-inventory
- $ git submodule update --init
Subsequently, when you pull ansible-inventory and the submodule has been updated, just run
- $ git submodule update
AWS - add new user
- IAM (identity & access management) > Users > Create New Users.
- Enter user name, uncheck 'generate an access key', create
- select newly-created username > 'permissions' tab > Attach policy (you can look at policies on other users if needed)
- 'security credentials' tab > 'assign an auto-generated password', check 'require user to create a new password at next sign-in'
- download the security credentials.
- (another option is to have the person stand right next to you and give themselves a temporary password)
- Stick the credentials somewhere safe!
- Get user to sign on and reset password.
...