What version of fedora is running?
it's in the footer of the main page
for example http://localhost:8080/fedora/
Deploy the application with Capistrano
- cd into the root dir of your chf-sufia repository
$ bundle exec cap [staging|production] deploy
- If this is the first deploy, you need to start web services (because before this there was no project and apache / tomcat would fail to find various directories and config files). ssh to the ec2 machine as the sudo (ubuntu) user.
$ sudo service tomcat7 restart
$ sudo service apache2 restart
Addt'l useful capistrano info
bundle exec cap staging deploy --dry-run --trace – shows you the whole deployment with capistrano task execution info.
- hook syntax: http://capistranorb.com/documentation/getting-started/before-after/#
Deploy with downtime
bundle exec cap staging maintenance:enable REASON="a test of maintenance mode" UNTIL="12pm Eastern Time"
- Deploy as usual / desired
- Do anything else needed on the server that required the downtime
bundle exec cap staging maintenance:disable
Delete all the data
(Don't do this on prod!)
Shut down tomcat
rm -rf /opt/fedora-data/*rm -rf /opt/solr/collection1/data/*
Delete database stuff (notifications, mostly)
psql -U chf_pg_hydra -d chf_hydradelete from mailboxer_receipts where created_at < '2015-11-9';delete from mailboxer_notifications where created_at < '2015-11-9';delete from mailboxer_conversations where created_at < '2015-11-9';delete from trophies where created_at < '2015-11-9';
Building a new machine on AWS with Ansible
- (Note: ansible-vault password and all current AWS keys are in shared network drive)
- Generate a new ssh key on AWS (EC2 > Keypairs)
- place it in ~/.ssh
- chmod 0600.
- useful command if you're having problems with the key: $ openssl rsa -in chf_prod.pem -check
- Check ansible variables
- $ ansible-vault edit group_vars/all
- Look for # Use these temporarily for new instances
- ensure your ssh key is listed under keys_to_add
- run the ansible playbook
- $ ansible-playbook -i hosts ansible-hydra/create_ec2.yml --private-key=/path/to/your/.ssh/key.pem --ask-vault-pass
- OR, if you're re-running scripts on an existing machine:
- $ ansible-playbook -i hosts ansible-hydra/my_playbook.yml --ask-vault-pass [-e hosts=ec2hosts]
- note that if there's a failure during postgres setup handlers may not run – watch out for this. if this happens it's potentially best to start over completely.
- Assign an elastic IP to the new box
- Ask IT to give you a DNS entry for the elastic IP if desired
- Consider naming the aws volumes for 'root' and 'data' – this isn't done in the scripts (but probably could be!)
- Set up to use capistrano (below) or just deploy with capistrano (above)
Set up Capistrano (first-time use)
Create an entry for the deploy user in your .ssh/config:
Host staging
Hostname NEW.IP
User hydep
#IdentityFile ~/.ssh/your_key
ForwardAgent yes
- This keeps us from publishing server names, etc, in the cap config files which live in our public repo.
- don't change the Host designation without:
- Changing it in capistrano, e.g. deploy/staging.rb, to match
- Clearing it with everyone who might deploy (they'll have to change their ssh config as well.
- this will use your personal ssh key – the one that matches your public key on github, which is added to the deploy user by ansible scripts.
Git repositories for ansible - structure and use
Code lives at https://github.com/curationexperts/ansible-hydra
Wrapper with local configuration lives at https://bitbucket.org/ChemicalHeritageFoundation/ansible-inventory. Wrapper contains:
- our hosts file
- our group_vars files
- ansible-hydra as a git submodule
- an ansible.config which points to ansible-hydra for roles_path.
Aside: pull requests can be submitted via branches; there's really no need to fork this repo since we'll all be owners.
To use
- $ git clone clone git@bitbucket.org:ChemicalHeritageFoundation/ansible-inventory.git
- $ cd ansible-inventory
- $ git submodule update --init
Subsequently, when you pull ansible-inventory and the submodule has been updated, just run
- $ git submodule update
AWS - add new user
- IAM (identity & access management) > Users > Create New Users.
- Enter user name, uncheck 'generate an access key', create
- select newly-created username > 'permissions' tab > Attach policy (you can look at policies on other users if needed)
- 'security credentials' tab > 'assign an auto-generated password', check 'require user to create a new password at next sign-in'
- download the security credentials.
- (another option is to have the person stand right next to you and give themselves a temporary password)
- Stick the credentials somewhere safe!
- Get user to sign on and reset password.