cos-ansible-base
- Issue/Task tracking: https://huboard.com/CenterForOpenScience/cos-ansible-base
Requirements
- ansible >= 2.1
- virtualbox
- vagrant >= 1.6
- invoke (Python task execution library)
- python >= 2.7 or >= 3.4 with pip
- fwknop >= 2.6.5
- At least 2Gb of memory
Installing Ansible and Vagrant on Mac OSX with homebrew
Virtualbox and Vagrant can be installed with homebrew cask. If you have homebrew installed, run the following from the project directory:
$ brew bundleInstalling python requirements
Invoke can be installed with pip
$ pip install invoke
$ pip install -r requirements.txtGetting cos-ansible-base
To clone cos-ansible-base locally, run:
$ git clone https://github.com/CenterForOpenScience/cos-ansible-base --recursiveThe --recursive option ensures that all submodules will be cloned.
Vagrant setup
Once you have Vagrant and ansible installed, follow these steps:
- Generate your ssh key with
ssh-keygen
$ ssh-keygen- Run
vagrant up <machine_to_run>. Then will start the VM provision withinvoke vprovision. Use the--limit(or-l) option to limit to a specific group.
# Start the osf-staging server
$ vagrant up osf-staging
# Provision the osf-staging server
$ invoke vprovision --limit osf-stagingSSH
To ssh into your Vagrant box, run vagrant ssh <box-name>:
$ vagrant ssh osf-stagingGenerating passwords
To generate a password, run
$ invoke genpassThis crypted password can be used by the generic-users role in a group_vars file.
Running playbooks
Playbooks can be run with the ansible-playbook command. You need to specify which inventory file with the -i option as well as a user with the -u option. Run in sudo mode with -s
$ ansible-playbook security.yml -i vagranthosts -u sloria -sOr, using invoke for shorthand:
$ invoke play security.yml -i vagranthosts -u sloriaProvisioning
The site.yml playbook is responsible for provisioning all servers in an inventory.
Run it like so:
$ ansible-playbook site.yml -i vagranthosts -u sloria -sThe above command runs the site.yml playbook using the vagrant inventory file with user sloria in sudo mode.
Or, if you prefer to use invoke:
$ invoke provision -i vagranthosts -u sloriaNOTE: You can also provision the vagrant box by running invoke vprovision with no arguments.
Many of the roles use variables defined in their defaults/main.yml file. You can override these on the command line with the -e option:
$ ansible-playbook site.yml -i vagranthosts -u sloria -e "ssh_test=false"or, equivalently:
$ invoke provision -u sloria -e "ssh_test=false"The above would temporarily disable SSH configuration testing.
Setting up for Single Packet Authorization
If using encryption and HMAC keys, execute on client:
fwknop -A tcp/22 -a PUBLIC_CLIENT_IP -D TARGET_SERVER_IP --key-gen --use-hmac --save-rc-stanzaPrint your newly generated keys:
grep KEY ~/.fwknoprcAnd add to Single Packet Authorization Server access configuration /etc/fwknop/access.conf:
SOURCE ANY
KEY_BASE64 [KEY]
HMAC_KEY_BASE64 [HMAC_KEY]
Setting up for OSF deployment
You will need to set up agent forwarding in order to be able to properly authenticate with Github over SSH in ansible. To do so, add the following to your ~/.ssh/config/ file.
Host staging.osf.io
HostName 66.228.46.171
User sloria
ForwardAgent yes
Host osf.io
HostName 69.164.210.152
User sloria
ForwardAgent yes
Deployment
The deploy.yml script is used to deploy the OSF.
To deploy on staging:
$ invoke deploy_staging -u sloriaYou will be prompted for the branch to checkout on staging.
To deploy to production:
$ invoke deploy_production -u sloriaThis will deploy to the production server, checking out the master branch from Github.
COS is Hiring!
Want to help save science? Want to get paid to develop free, open source software? Check out our openings!