EbookFoundation
/
regluit
mirror of https://github.com/EbookFoundation/regluit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
regluit/docs/vagrant_ansible.md

84 lines
4.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

**Instructions on how to use vagrant/ansible**
To use vagrant/ansible to build the `{please|just|}.unglue.it`, you
need to have the following installed:
* [Vagrant](https://www.vagrantup.com/docs/installation/) (e.g., to download: https://www.vagrantup.com/downloads.html) (at least version 1.8.1)
* [Installation — Ansible Documentation](http://docs.ansible.com/ansible/intro_installation.html#latest-releases-via-pip) (version 2+) -- use `pip install ansible`
We also need the `vagrant-aws vagrant plugin:
```
vagrant plugin install vagrant-aws --plugin-version 0.5.0
```
Optionally you can [VirtualBox Oracle VM VirtualBox](https://www.virtualbox.org/wiki/VirtualBox) to enable the build of machines locally.
Layout of important files:
* [Vagrantfile](https://github.com/Gluejar/regluit/blob/1ac55c4f0a6b6a3dfc97652aa5ce33638a6140a1/vagrant/Vagrantfile), which is what `vagrant` looks for and defines various hosts: `please`, `just`, `just2`, `prod`, and `prod2`.
* [dev.yml](https://github.com/Gluejar/regluit/blob/1ac55c4f0a6b6a3dfc97652aa5ce33638a6140a1/vagrant/dev.yml) -- the main ansible playbook that builds the various machines
* `please` is for buiding `please.unglue.it` -- it is a transient machine
* the reason I have a `just` *group* with `just` and `just2` hosts is while one is in production, I build the new one. Once the new one is working, I can `vagrant stop` and then ultimately `vagrant destroy` the old one.
* similar logic for the production *group*. (Note that before I retire a production server, I copy over the logs to S3: [backing up production logs to S3](https://www.evernote.com/shard/s1/sh/f12406a7-de95-4d54-809d-9f3abe8eaabd/f935e813d8f16f25))
You also need AWS keys in the environment. I have my key/secret pair configured with a shell script that I can run -- I've stored this file in `/Volumes/ryvault1/gluejar/other_keys/aws.sh`, stored in an encrypted volume on my laptop. For convenience I link to the file from `~/bin/gj_aws.sh`:
```
#!/bin/bash
# rdhyee key: https://console.aws.amazon.com/iam/home?region=us-east-1#/users/rdhyee
# eric: you can use the credentials from https://console.aws.amazon.com/iam/home?region=us-east-1#/users/eric
export AWS_ACCESS_KEY_ID=[FILL IN]
export AWS_SECRET_ACCESS_KEY=[FILL IN]
export AWS_KEYPAIR_NAME=[FILL IN]
```
e.g.,
```
hyptyposis-2014:vagrant raymondyee$ ls -lt ~/bin/gj_aws.sh
lrwxr-xr-x 1 raymondyee 501 43 Aug 18 2014 /Users/raymondyee/bin/gj_aws.sh -> /Volumes/ryvault1/gluejar/other_keys/aws.sh
```
In the `regluit/vagrant` directory, after one instantiates the three environment variables (e.g., by running `~/bin/gj_aws.sh)` and then `vagrant status`, you should see something like (the actual status of various machines can vary):
```
please not created (virtualbox)
just running (aws)
just2 not created (virtualbox)
prod not created (virtualbox)
prod2 running (aws)
```
Once you have `vagrant status` works, a good place to start is how to build `please` with
```
vagrant up please --provider=aws
```
## secrets and use encrypted key
API keys and passwords used in configuring instances are encrypted using [ansible-vault](http://docs.ansible.com/ansible/playbooks_vault.html). To decrypt or encrypt the file, you need to use the make the password known to `ansible-vault`. A convenient way is to store the password in a file and set the `ANSIBLE_VAULT_PASSWORD_FILE` environment variable to the path of that file. e.g.,
```
export ANSIBLE_VAULT_PASSWORD_FILE=[path]
```
To use `git diff` with these encrypted files, see the
[.gitattributes](https://github.com/Gluejar/regluit/blob/open_source/.gitattributes) has been added to allow for using `git diff` with `ansible-vault` files: [git - How to diff ansible vault changes? - Stack Overflow](https://stackoverflow.com/questions/29937195/how-to-diff-ansible-vault-changes/39511274#39511274). One highlight from the tips, run:
```
git config --global diff.ansible-vault.textconv "ansible-vault view"
```
Reference in New Issue View Git Blame Copy Permalink