Skip to content

Latest commit

 

History

History
133 lines (105 loc) · 2.91 KB

ansible-deployment.adoc

File metadata and controls

133 lines (105 loc) · 2.91 KB

The whole architecture can be deployed with ansible.

MONARC Architecture

Requirements

  • Git and Python on all servers;

  • ansible must be installed on the configuration server;

  • Postfix on the BO and all FO servers (for the password recovery feature of MONARC).

Usage

Install ansible on the configuration server and get the playbook for MONARC:

sudo apt-get install python-pip
sudo -H pip install ansible dnspython
git clone https://github.com/monarc-project/ansible-ubuntu.git
cd ansible-ubuntu/

Configuration

  • create a user named ansible on each server;

  • generate a SSH key for the user ansible on the configuration server:

ssh-keygen -t rsa -C "[email protected]"

  • copy the public key on the other servers:

ssh-copy-id ansible@BO
ssh-copy-id ansible@RPX
ssh-copy-id ansible@FO

  • add the user ansible in the sudo group:

sudo usermod -aG sudo ansible

  • add the user www-data in the ansible group:

sudo usermod -aG ansible www-data

  • give the permission to ansible to use sudo without password:

echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers

  • create a file inventory/hosts:

[dev]
FO

[dev:vars]
master= "BO"
publicHost= "monarc.example.com"

[master]
BO monarc_sql_password="password"

[rpx]
RPX.localhost

[monarc:children]
rpx
master
dev

[monarc:vars]
env_prefix=""
clientDomain="monarc.example.com"
emailFrom="[email protected]"
github_auth_token="<your-github-auth-token>"
protocol="https"
certificate="sslcert.crt"
certificatekey="sslcert.key"
certificatechain="sslcert.crt"
bourlalias="monarcbo"
localDNS="example.net"

The variable monarc_sql_password is the password for the SQL database on the BO.

  • finally, launch ansible:

cd playbook/
ansible-playbook -i ../inventory/ monarc.yaml --user ansible

ansible will install and configure the back office, the front office and the reverse proxy. Consequently the configuration server should be able to contact these servers through SSH.

You will find more information in the ansible playbook.

Launch ansible periodically with cron

$ crontab -l
# m h  dom mon dow   command
*/30 * * * * /home/ansible/ansible-ubuntu/playbook/update.sh /home/ansible/ansible-ubuntu BO

This cron task should be launched on the configuration server by the ansible user.

If a new client is created via the web interface of the back office, this task will instantiate a new MONARC instance (new database, new Apache VirtualHost and eventually a new server) for the newly created client.

Update the ansible playbook

$ cd /home/ansible/ansible-ubuntu/
$ git pull origin master