Name: makelunch-infrastructure
Owner: TABLEFLIP
Description: :hocho: :floppy_disk: Ansible scripts for deploying makelunch
Created: 2015-08-25 07:09:50.0
Updated: 2017-10-11 10:45:25.0
Pushed: 2016-11-22 15:10:08.0
Size: 37
Language: Nginx
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Ansible scripts for deploying and maintaining the servers
Vagrantfile # Test the scripts locally with `vagrant up`
bootstrap.yml # Get a new vm ready for ansible
dev # Inventory for local dev
playbook.yml # The roles assigned to various hosts
production # Inventory for LIVE
roles # Define the tasks that set up a given role.
Ansible works by assigning roles to hosts.
frontend
, db
, etc.Roles contain the tasks and and files to install and configure the services needed.
e.g: frontend
clones our app code, installs npm deps, and configures nginx as a proxy.
Key to making it work is ensuring tasks are idempotent. We can run all the tasks at any time. Either the task changes the system as required, or has no effect if that change is already in place.
An inventory defines named groups of servers. We use playbooks to assign roles those groups. We have a playbook that bootstraps a brand new vm to be used by ansible, which we assume will be run once on against each machine.
ble-playbook -i production bootstrap.yml --extra-vars "ansible_ssh_user=root"
where
-i production
limits the hosts affected to just those listed in production/inventory
bootstrap.yml
is the playbook to run.--extra-vars "ansible_ssh_user=root"
tells ansible to connect as root
for this run. It's only needed while we don't have an ansible user.bootstrap.yml
sets up the ansible
user that'll be used for all subsequent management and not much else.
sts: all
les:
- bootstrap
By assigning all
hosts the role bootstrap
, it's telling ansible to run the tasks defined in roles/boostrap/tasks/main.yml
me: Ensure base OS is up-to-date
come: yes
t: upgrade=dist update_cache=yes
me: Ensure ansible user exists
come: yes
er: name=ansible comment="Ansible" groups="ansible,sudo"
Once we have an ansible
user, we can forget about bootstrap.yml
, and get on with setting up our roles, as defined in playbook.yml
At the start of a project, it's normal to have all the roles on the same host; a single vm dealing with the frontend, api and db, as it's then much easier to roll out additional VMs for staging and test.
When we need to scale the infrastructure we can add additional hosts to an inventory, to scale a roll horizontally across many identically configured servers, and we can split roles our to separate hosts, to create optimised VMs with a single purpose; e.g. a separate db
server.
You need to add a secrets.yml
file into group_vars/all
This file extracts out all of the secrets for the deployments that we'd prefer not to keep in the repo. Ask a tableflipper for a copy.
To bootstrap a local test server with vagrant
brew install vagrant
)10.100.108.100 dev.lunch.tableflip.io
to your local /etc/hosts
wnload and provision a vm
ant up
otstrap.yml is run automagically by vagrant.
stall and configure all the things!
ble-playbook -i dev playbook.yml
You now have a test vm, running locally
To bootstrap a new production vm
/root/.ssh/authorized_keys
on the remoteotstrap ansible user
ble-playbook -i production bootstrap.yml --extra-vars "ansible_ssh_user=root"
tall app and dependencies
ble-playbook -i production playbook.yml
A (?°?°???TABLEFLIP project.