Name: bluebutton-ansible
Owner: HHS IDEA Lab
Description: Used to manage the Blue Button servers in AWS. Contains Ansible playbooks, roles, etc.
Created: 2016-03-27 15:40:58.0
Updated: 2016-03-27 23:50:19.0
Pushed: 2016-04-04 12:48:47.0
Homepage: null
Size: 21
Language: Python
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
This repository contains the Ansible provisioning, roles, etc. used to provision and configure the Blue Button systems in AWS.
In order to use and/or modify this repository, a number of tools need to be installed.
This project requires Python 2.7. It can be installed as follows:
$ sudo apt-get install python
The following packages are also required by some of the Python modules that will be used:
$ sudo apt-get install libpq-dev
This project has some dependencies that have to be installed via pip (as opposed to apt-get). Accordingly, it's strongly recommended that you make use of a Python virtual environment to manage those dependencies.
If it isn't already installed, install the virtualenv package. On Ubuntu, this is best done via:
$ sudo apt-get install python-virtualenv
Next, create a virtual environment for this project and install the project's dependencies into it:
$ cd hhsdevcloud-ansible.git
$ virtualenv -p /usr/bin/python2.7 venv
$ source venv/bin/activate
$ pip install -r requirements.txt
The source command above will need to be run every time you open a new terminal to work on this project.
Be sure to update the requirements.txt file after pip installing a new dependency for this project:
$ pip freeze > requirements.txt
Run the following command to download and install the roles required by this project into ~/.ansible/roles/:
$ ansible-galaxy install -r install_roles.yml
Per http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs, create ~/.aws/credentials and populate it with your AWS access key and secret (obtained from IAM):
[default]
# These AWS keys are for the john.smith@cms.hhs.gov account.
aws_access_key_id = secret
aws_secret_access_key = supersecret
Note: If you have more than one profile (i.e. something other than just “default“), you can enable the correct profile in a terminal session by setting the AWS_PROFILE environment variable. For example:
$ export AWS_PROFILE=hhsdevcloud
Ensure that the EC2 key to be used is loaded into SSH Agent:
$ ssh-add foo.pem
Running the site.yml playbook will provision and configure all of the AWS resources specified in it, e.g.:
$ ansible-playbook site.yml --extra-vars "ec2_key_name=hhs-dev-karlmdavis env=test"
Be sure to set ec2_key_name to the name of the EC2 key that was ssh-add'd, earlier. Also ensure that env is set to either test or production, as appropriate.
WARNING! This should only be used in development or test environments. This command will terminate all EC2 and RDS instances in AWS that have a Application: BlueButton tag and also match the specified Environment tag (not just those specified in site.yml; it will terminate everything in the account that matches):
$ ansible-playbook site-teardown.yml --extra-vars "ec2_key_name=hhs-dev-karlmdavis env=test"
Once the AWS resources have been provisioned, ad-hoc commands can be run against them, as follows:
$ ansible all -u ubuntu -m shell -a 'echo $TERM'
site.yml: “ERROR! ERROR! 'dict object' has no attribute 'foo'”This seems to be a bug with Ansible's meta: refresh_inventory: it somehow screws up the dynamic inventory. I've done some tests, and running that task causes this problem every time.
The workaround is simple, though: just run the site-provision.yml and site-configure.yml playbooks separately, e.g.:
$ ansible-playbook site-provision.yml --extra-vars "ec2_key_name=hhs-dev-karlmdavis env=test"
$ ansible-playbook site-configure.yml --extra-vars "ec2_key_name=hhs-dev-karlmdavis env=test"