Repository: datagov-deploy-ckan-catalog-app
[WIP] Refactoring Ansible deployment for each component - Ansible playbook for Data.gov
This repository for the stack deployment onto AWS Infrastructure for the CKAN Catalog app. It is related to the CKAN Common and CKAN Inventory repos as well.
The responsitory is broken into the following roles all created/provisioned using Ansible:
Everything below here will be edited as this repo is culled and reconfigured.
Included in this Repository:
- Software
- Data.gov (Wordpress)
- Catalog.data.gov (CKAN 2.3)
- Inventory.data.gov (CKAN 2.5)
- Labs.data.gov/CRM (Open311 CRM)
- Labs.data.gov/Dashboard (Project Open Data Dashboard)
- Security
- Baseline OS Hardening
- GSA IT Security Agents
- Fluentd (Logging)
- New Relic (Infrastructure Monitoring)
- New Relic (Application Performance Monitoring)
- Trendmicro (OSSEC-HIDS)
- OSQuery (TBD)
Moved to datagov-infrastructure
- Ansible > 1.10
- SSH access (via keypair) to remote instances
- ansible-secret.txt:
export ANSIBLE_VAULT_PASSWORD_FILE=~/ansible-secret.txt - run all provisioning/app deployment commands from repo's
ansiblefolder - to update
ansible/roles/vendorroles run there:ansible-galaxy install -r requirements.yml {{ inventory }}can be:- inventories/staging/hosts
- inventories/production/hosts
- inventories/local/hosts
cd ansible
ansible-playbook --help
See example(s) below
provision vm & deploy app: ansible-playbook datagov-web.yml -i {{ inventory }} --tags="provision" --limit wordpress-web
deploy app: ansible-playbook datagov-web.yml -i {{ inventory }} --tags="deploy" --limit wordpress-web
deploy rollback: ansible-playbook datagov-web.yml -i {{ inventory }} --tags="deploy-rollback" --limit wordpress-web
-
You can override branch to be deployed via
-e project_git_version=develope.g.
ansible-playbook datagov-web.yml -i inventories/staging/hosts --tags=deploy --limit wordpress-web -e project_git_version=develop
provision vm & deploy app: ansible-playbook dashboard-web.yml -i {{ inventory }} --tags="provision" --limit dashboard-web
deploy app: ansible-playbook dashboard-web.yml -i {{ inventory }} --tags="deploy"
deploy rollback: ansible-playbook dashboard-web.yml -i {{ inventory }} --tags="deploy-rollback"
provision vm & deploy app: ansible-playbook crm-web.yml -i {{ inventory }} --tags="provision" --limit crm-web
deploy app: ansible-playbook crm-web.yml -i {{ inventory }} --tags="deploy"
deploy rollback: ansible-playbook crm-web.yml -i {{ inventory }} --tags="deploy-rollback"
provision vm - web: ansible-playbook catalog.yml -i {{ inventory }} --tags="frontend,ami-fix,bsp" --skip-tags="solr,db,cron" --limit catalog-web
provision vm - harvester: ansible-playbook catalog.yml -i {{ inventory }} --tags="harvester,ami-fix,bsp" --skip-tags="apache,solr,db,saml2" --limit catalog-harvester
provision vm - solr: ansible-playbook catalog.yml -i {{ inventory }} --tags="solr,ami-fix,bsp" --limit solr
provision vm && deploy app: ansible-playbook inventory.yml -i {{ inventory }} --skip-tags="solr,db,deploy-rollback" --limit inventory-web
provision vm - solr: ansible-playbook inventory.yml -i {{ inventory }} --tags="solr,ami-fix,bsp" --limit solr
provision vm && deploy app: ansible-playbook jekyll.yml -i {{ inventory }} --limit jekyll-web
provision vm && deploy app: ansible-playbook elasticsearch.yml -i {{ inventory }}
provision vm && deploy app: ansible-playbook kibana.yml -i {{ inventory }}
provision vm && deploy app: ansible-playbook efk_nginx.yml -i {{ inventory }}
install the trendmicro agent: ansible-playbook trendmicro.yml -i {{ inventory }}
Add SecOps user: ansible-playbook secops.yml -i {{ inventory }}
ansible all -m shell -a "apt-get update && apt-get dist-upgrade" --sudo
ansible all -m shell -a "service tomcat6 restart" --sudo
ansible all -m shell -a "service ntp restart" --sudo
ansible all -m shell -a "/usr/bin/killall dhclient && dhclient -1 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0" --sudo
dpkg errors:
sed -i '/postdrop/d' /var/lib/dpkg/statoverride
sed -i '/ssl-cert/d' /var/lib/dpkg/statoverride
ntpd issues: apt-get remove ntp && apt-get purge ntp && apt-get autoclean && apt-get autoremove
Unable to resolve host IP: echo 127.0.0.1 $(hostname) >> /etc/hosts