Giters

chaoranxie / mitoc-ansible

Ansible playbooks for deploying MITOC infrastructure

Home Page:https://mitoc-trips.mit.edu

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

MITOC Ansible

This is a collection of Ansible playbooks used in the deployment of the MITOC Trips web site. The project allows local development on a setup closely mirroring that of production as well as a streamlined way to deploy changes.

Environments

There are playbooks supporting three separate environments:

Local development (vagrant.yml)

For local development, all services run within a virtual machine. Vagrant is used to automate the creation and modification of this virtual machine. To create a new virtual machine and provision it with Ansible, simply run:

vagrant up

After that, you will have a fully functional web server accessible at 192.168.33.15

Development (development.yml)

This playbook allows running all infrastructure an AWS. By default, it runs a Postgres server on the same instance as the webserver, but could easily be configured to use RDS instead.

Just like a local development machine, the EC2 instance can easily be created using Vagrant.

  1. Store AWS credentials in .aws/credentials or directly in the Vagrantfile

  2. Create a keypair or import an existing one

  3. Install and configure vagrant-aws

    vagrant plugin install vagrant-aws
vagrant box add dummy https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box

  4. Launch a new EC2 instance:

    vagrant up --provider=aws

Production (production.yml)

The production playbook contains various secrets used in production, including (but not limited to):

  • The Django SECRET_KEY
  • Full SSL certificate for mitoc-trips.mit.edu
  • Usernames, hostnames, and passwords for various services
    • RabbitMQ
    • Postgres
    • SES

It also uses some more time-intensive plays that wouldn't be necessary in development (for example - generating a strong Diffie-Hellman group).

For obvious reasons, this file is encrypted using Ansible vault.

In the public version of this repository, I have used git filter-branch to completely remove this sensitive file:

git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch env_vars/production.yml' --tag-name-filter cat -- --all

Production (an EC2 instance running Ubuntu server) is deployed directly with Ansible:

ansible-playbook -i hosts production.yml -u ubuntu --private-key=<path_to_iam_user_key>

History

The repository was modified from Johnathan Calazan's ansible-django-stack.

Included services

  • Nginx
  • Gunicorn
  • PostgreSQL
  • Supervisor
  • Virtualenv
  • Celery
  • RabbitMQ

About

Ansible playbooks for deploying MITOC infrastructure

https://mitoc-trips.mit.edu

License:MIT License

Languages

Language:Shell 69.5%Language:HTML 30.5%