Name: makelunch-infrastructure
Owner: TABLEFLIP
Description: :hocho: :floppy_disk: Ansible scripts for deploying makelunch
Created: 2015-08-25 07:09:50.0
Updated: 2017-10-11 10:45:25.0
Pushed: 2016-11-22 15:10:08.0
Size: 37
Language: Nginx
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Ansible scripts for deploying and maintaining the servers
Vagrantfile # Test the scripts locally with `vagrant up`
bootstrap.yml # Get a new vm ready for ansible
dev # Inventory for local dev
playbook.yml # The roles assigned to various hosts
production # Inventory for LIVE
roles # Define the tasks that set up a given role.
Ansible works by assigning roles to hosts.
frontend, db, etc.Roles contain the tasks and and files to install and configure the services needed.
e.g: frontend clones our app code, installs npm deps, and configures nginx as a proxy.
Key to making it work is ensuring tasks are idempotent. We can run all the tasks at any time. Either the task changes the system as required, or has no effect if that change is already in place.
An inventory defines named groups of servers. We use playbooks to assign roles those groups. We have a playbook that bootstraps a brand new vm to be used by ansible, which we assume will be run once on against each machine.
ble-playbook -i production bootstrap.yml --extra-vars "ansible_ssh_user=root"
where
-i production limits the hosts affected to just those listed in production/inventorybootstrap.yml is the playbook to run.--extra-vars "ansible_ssh_user=root" tells ansible to connect as root for this run. It's only needed while we don't have an ansible user.bootstrap.yml sets up the ansible user that'll be used for all subsequent management and not much else.
sts: all
les:
- bootstrap
By assigning all hosts the role bootstrap, it's telling ansible to run the tasks defined in roles/boostrap/tasks/main.yml
me: Ensure base OS is up-to-date
come: yes
t: upgrade=dist update_cache=yes
me: Ensure ansible user exists
come: yes
er: name=ansible comment="Ansible" groups="ansible,sudo"
Once we have an ansible user, we can forget about bootstrap.yml, and get on with setting up our roles, as defined in playbook.yml
At the start of a project, it's normal to have all the roles on the same host; a single vm dealing with the frontend, api and db, as it's then much easier to roll out additional VMs for staging and test.
When we need to scale the infrastructure we can add additional hosts to an inventory, to scale a roll horizontally across many identically configured servers, and we can split roles our to separate hosts, to create optimised VMs with a single purpose; e.g. a separate db server.
You need to add a secrets.yml file into group_vars/all
This file extracts out all of the secrets for the deployments that we'd prefer not to keep in the repo. Ask a tableflipper for a copy.
To bootstrap a local test server with vagrant
brew install vagrant)10.100.108.100 dev.lunch.tableflip.io to your local /etc/hostswnload and provision a vm
ant up
otstrap.yml is run automagically by vagrant.
stall and configure all the things!
ble-playbook -i dev playbook.yml
You now have a test vm, running locally
To bootstrap a new production vm
/root/.ssh/authorized_keys on the remoteotstrap ansible user
ble-playbook -i production bootstrap.yml --extra-vars "ansible_ssh_user=root"
tall app and dependencies
ble-playbook -i production playbook.yml
A (?°?°???TABLEFLIP project.