You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All notable changes to this project will be documented in this file.
4
+
5
+
### Changed
6
+
- All group_var files are moved to the environment example template, more information about where to save group_vars in the [README](https://github.com/OpenConext/OpenConext-deploy/blob/main/README.md)
7
+
- separate plays for separate roles in the provision.yml playbook
8
+
- seperate groups are defined for separate apps, dividing apps across the container servers should be set in the inventory not in the playbook, this way you can easily change it for different environments. This also makes it impossible to use the wrong tag and deploy something you did not intend to, instead nothing will happen.
9
+
- mysql_standalone group replaces storage group
10
+
11
+
### Removed
12
+
- selfsigned_certs role is deprecated and removed from the provision.yml playbook
All these applications run in Docker. You can use the "docker" role to install docker and Traefik. The result is a Docker application server, with port 443 open. Applications are served by Traefik and recognized on basis of a Host: header. If you run a small installation, you can add a https certificate to Traefik and run a single node application server.
42
+
All these applications run in Docker. You can use the "docker" role to install docker and Traefik. The result is a Docker application server, with port 443 open. Applications are served by Traefik and recognized on basis of a Host: header. If you run a small installation, you can add a https certificate to Traefik and run a single node application server.
43
43
44
-
For a fully functioning environment you also need a MariaDB database server and a Mongo database server.
44
+
For a fully functioning environment you also need a MariaDB database server and a Mongo database server.
45
45
46
46
## Infra roles
47
-
This repository is used for deployment of SURFconext, and several roles that the SURFconext teams uses to provision our infrastructure are provided here as well. You can use them for your own infrastructure or use them as inspiration.
47
+
This repository is used for deployment of SURFconext, and several roles that the SURFconext teams uses to provision our infrastructure are provided here as well. You can use them for your own infrastructure or use them as inspiration.
48
48
| name | remarks |
49
49
| --- | --- |
50
50
| bind | DNS server for high availability. Very specific for SURFconext |
@@ -59,40 +59,93 @@ This repository is used for deployment of SURFconext, and several roles that the
59
59
| mongo | Install a mongo cluster (has its own README) |
60
60
| manage_provision_entities|Provision entities to Manage |
61
61
62
-
# Environment specific variables
63
-
Many variables can be overridden to create a setup suitable for your needs. The environment should be placed in the directory environments_external.
62
+
# Setting up your environment
63
+
Many variables can be overridden to create a setup suitable for your needs. We will explain the setup here for one environment or for a multi-environment (OTAP for example) setup.
64
64
65
-
A script is available to provision a new environment. It will create a new environment directory under environments-external/ and it will create all necessary passwords and (self-signed) certificates. Replace <environment> with the name of the target. Replace <domain> with the domain of the target.
65
+
The setup descibed below should work, but when using ansible many paths lead to Rome. If you want to know more about variables and where to save them, this can be helpfull: https://docs.ansible.com/projects/ansible/latest/playbook_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
66
66
67
+
## Inventory
68
+
You need an inventory file for your environment or multiple inventory files if you have multiple environments. An example can be found in environments/template
67
69
70
+
## Playbook
71
+
You can use the provision.yml script to deploy all infra and application roles. Every play has a tag so you can deploy your environment one application at a time by using the specific tag. You can also use your own playbooks if you prefer.
(where <target_ip> is the ip address or hostname of your target machine, whatever is set in your inventory file)
76
80
77
-
Change in environments-external/<environment>/inventory:
78
-
Change all references from %target_host% to <target_ip>
81
+
Create ansible.cfg in your directory and add Openconext-deploy/roles to your roles_path
79
82
83
+
```bash
84
+
[defaults]
85
+
diff = true
86
+
roles_path = OpenConext-deploy/roles # Add your own roles directory if you want
80
87
```
81
-
Please note that this has not been tested in quite a while. You will need a lot of manual work to get this environment working
88
+
89
+
## One environment
90
+
Copy the inventory, host and group files from environment/template to your directory and adjust them according to your preferences:
91
+
92
+
```bash
93
+
cp -R OpenConext-deploy/environments/template/*.
82
94
```
83
95
96
+
Edit your inventory file
97
+
Edit group_var and host_var files if necessary
98
+
99
+
Create an ansible vault in secrets and name it secrets.yml, an unencrypted example can be found in secrets/secret_example.yml
100
+
More information about vaults: https://docs.ansible.com/projects/ansible/latest/vault_guide/index.html
101
+
The final setup will look like this:
84
102
85
-
# Playbooks, tags and the provision wrapper script
103
+
- group_vars/all.yml
104
+
- group_vars/\<GROUPNAME\>.yml
105
+
- secrets/secrets.yml
106
+
- host_vars/\<HOSTNAME\>/yml
107
+
- inventory
108
+
- Openconext-deploy/provision.yml
109
+
- Openconext-deploy/roles
110
+
-\<YOUROWNOPTIONALPLAYBOOKS\>.yml
111
+
- ansible.cfg
86
112
87
-
Two playbooks exist in this repository: provision.yml and playbook_haproxy.yml. The latter can be used to do red/blue deployments if you also use our haproxy role.
88
-
The main playbook is provision.yml. It contains series of plays to install every role on the right node. All roles are tagged, so you can use the [Ansible tag mechanism](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_tags.html) to deploy a specific role.
113
+
You can use the provision playbook now:
89
114
90
-
If you would like to deploy manage to your test environment, you would run:
For each environment create an ansible vault in secrets and name it secrets.yml, an unencrypted example can be found in secrets/secret_example.yml
131
+
More information about vaults: https://docs.ansible.com/projects/ansible/latest/vault_guide/index.html
132
+
133
+
The final setup will look like this:
94
134
95
-
A wrapper script which enables you to use your own roles can be used as well. That is documented here: https://github.com/OpenConext/OpenConext-deploy/wiki/Add-your-own-roles-and-playbooks
0 commit comments