Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace:
development:applications:ansible:deployment-playbooks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
development:applications:ansible:deployment-playbooks [2017/12/08 17:27] – [Passwords and Vaults] adsilvadevelopment:applications:ansible:deployment-playbooks [2021/06/25 10:09] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Ansible deployment-playbooks ======
  
 +This project covers all the playbooks prepared in order to automate our deployment. These playbooks are made up of re-usable Ansible roles. 
 +
 +Read about [[development:applications:ansible:roles|Ansible-Roles]] and what each one does before proceeding.
 +
 +Anything mentioned below, such as code or file can be found in the https://bitbucket.org/errigal/deployment-playbooks repository.
 +
 +
 +Our current MoP is roughly as mentioned below:
 +  - Prework
 +  - Upgrade Steps
 +    - Shut down applications
 +    - Deploy New Wars
 +    - Grails Config Changes & StartupScript Change
 +    - Startup.sh and Shutdown.sh Changes
 +    - Backup certain tables (to prepare for a rollback)
 +    - Startup CAS
 +    - Apply upgrade scripts & start Apps one by one
 +  - Post Upgrade
 +  - Post Release Testing
 +  - Rollback
 +
 +At the time of writing this, deployment-playbooks is able to automate the first two steps (Prework and Upgrade Steps) to a certain extent.
 +
 +An example of ansible commands used during deployment to SFQA is shown below:
 +
 +
 +<code bash>
 +#Pull all the ansible-roles
 +./pull-required-roles.sh
 +
 +#upload Artifacts
 +ansible-playbook -i env/sfqa/hosts upload-artefacts.yml --ask-vault-pass
 +
 +#deploy prometheus, startup scripts and shutdown scripts, fix permissions.
 +ansible-playbook -i env/sfqa/hosts deploy_startup_shutdown_scripts.yml --ask-vault-pass
 +
 +#Shutdown Applications
 +ansible-playbook -i env/sfqa/hosts shutdown-applications.yml --ask-vault-pass
 +
 +#Deploy the war files
 +ansible-playbook -i env/sfqa/hosts deploy-artefacts.yml --ask-vault-pass
 +
 +#Backup DB
 +ansible-playbook -v -i env/sfqa/hosts backup_db.yml --ask-vault-pass
 +
 +#Startup CAS
 +ansible-playbook -i env/sfqa/hosts startup-cas.yml --ask-vault-pass
 +
 +#Start SNMP
 +ansible-playbook -i env/sfqa/hosts startup-snmpmanager-on-handlers.yml --ask-vault-pass
 +
 +ansible-playbook -i env/sfqa/hosts startup-ticketer-apps1.yml --ask-vault-pass
 +ansible-playbook -i env/sfqa/hosts startup-ticketer-apps2.yml --ask-vault-pass
 +ansible-playbook -i env/sfqa/hosts startup-nocportal.yml --ask-vault-pass
 +ansible-playbook -i env/sfqa/hosts startup-reportingmanager.yml --ask-vault-pass
 +
 +</code>
 +
 +As we can see above, every command requires two files:
 +  - The host file
 +  - The playbook YML file
 +
 +The //hosts// file stores the IP address of every server for an environment(Crown-QA, Extenet-Production etc) grouped together based on their role(Load-balancer, App-Handlers, DB-server etc).
 +
 +The //hosts// file when loaded will automatically load the file //group_vars/all// present in the same directory which contains variables that are unique per environment.
 +
 +The playbook YML file contains the actual steps/states required to complete each step of the deployment process.
 +
 +Playbooks can be limited to specific hosts using the --limit=apps1/apps2/whatever parameter
 +
 +====== Passwords and Vaults ======
 +
 +Update: Use the newer ./ansible_encrypt.sh from within the deployment-playbooks repo
 +I have added a video tutorial for it as well in our share Dropbox: https://www.dropbox.com/s/hokvpzh521h8niv/ansible_encryption.mov?dl=0
 +
 +
 +The passwords within the file //group_vars/all// are encrypted for two primary reasons
 +  - To ensure no server password is part of a VCS
 +  - To avoid someone running the command by mistake.
 +
 +The passwords are encrypted in the following manner:
 +
 +Create a file called sfqa with the text: #sfqa!# (which is the master password)
 +
 +<code>
 +ansible-vault encrypt_string --vault-id sfqa '<secret>' --name 'ssh_pass'
 +
 +Result:
 +
 +ssh_pass: !vault |
 +      $ANSIBLE_VAULT;1.1;AES256
 +      62313365396662343061393464336163383764373764613633653634306231386433626436623361
 +      6134333665353966363534333632666535333761666131620a663537646436643839616531643561
 +      63396265333966386166373632626539326166353965363262633030333630313338646335303630
 +      3438626666666137650a353638643435666633633964366338633066623234616432373231333331
 +      6564
 +</code>    
 +
 +A master-password is expected to decrypt the passwords required to connect to any given server.
 +
 +This master-password will be same as the environment name. if the environment name is //ABCQA// then the password will be //#ABCQA!#//.

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki