Skip to content

Latest commit

 

History

History
95 lines (71 loc) · 4.1 KB

README.md

File metadata and controls

95 lines (71 loc) · 4.1 KB

Terraform & Ansible

Terraform is for defining computing resources as code. See Terraform.

Ansible is used by terraform to set the provisioned resources up. i.e. the Ansible scripts are used by Terraform to install Docker, setup certificates, etc.

Together these two help define our infrastructure as code.

Install

Installation should be done on a machine that will control the targets. This is most likely your development computer.

  1. Install terraform. (v 0.11)

  2. Install ansible.

    • Note that installing on OSX has been reported to be tricky. You should use virtualenv otherwise errors seem to be likely. This guide is useful for OSX users. Use Python 2.x, not 3.x. When using a virtualenv, do not use sudo pip install, instead drop the sudo which allows pip to install ansible in the virtualenv.
    • mkvirtualenv olmis-deployment if you need a new virtual environment.

  3. Install the requirements for our Ansible scripts: pip install -r ../ansible/requirements/ansible.pip

Usage

Terraform & Ansible is still relatively new for OpenLMIS, and so the examples laid out here are not yet recommended for general use.

Teraform Structure

This follows the format laid out here

Importing existing

To import an existing "setup" into terraform:

  1. create the setup under the correct environment, e.g. in the uat environment the uat3 setup is under uat/uat3.

  2. Run the following terraform commands inside the directory for the setup, e.g. uat/uat3.

    terraform init
terraform import module.<Name OF SETUP>.aws_instance.app <ID OF INSTANCE>
terraform import module.<NAME OF SETUP>.aws_elb.elb <NAME OF ELB>
terraform import module.<NAME OF SETUP>.aws_db_instance.rds <NAME OF RDS INSTANCE>

Setup

Use the following steps to set up the machine you'll be running Terraform from:

  1. Make sure the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set to credentials that are able to create the resources defined in the Terraform files. You can do this using the instructions described here.

  2. Copy the AWS_ACCESS_KEY_ID and AWD_SECRET_ACCESS_KEY environment variables to Terraform variables. The automation scrips will use these Terraform variables to backup TLS certificates and keys for securely connecting to the installed Docker daemon in the S3 bucket specified here. Use the following commands to set the Terraform variables:

    export TF_VAR_aws_access_key_id=$AWS_ACCESS_KEY_ID
export TF_VAR_aws_secret_access_key=$AWS_SECRET_ACCESS_KEY

  3. Add the right key to SSH-Agent. e.g. ssh-add ~/.ssh/TestEnvDockerHost.pem

Creating openlmis infrastructure from existing environment

  1. cd to directory holding environment. e.g. cd uat/uat3
  2. Ensure you're using the right virtualenv. e.g. workon openlmis-deployment
  3. (optional) terrform plan to see which resources will be created.
  4. terraform apply to create the environment.
  5. Create/update the DNS CNAME in Gandi to point to the new ELB.
  6. Once done the needed Docker TLS client keys will be in the S3 bucket aws-instance-keys:
    1. Download the following files from /tls/<name of environment>/<ip>/<date>/:
      • ca/cert.pem -> ca.pem
      • jenkins/key.pem -> key.pem
      • jenkins/cert.pem -> cert.pem
    2. Zip the above files into DockerClientTls-<name of environemt>.zip. e.g. zip DockerClientTls-uat3.zip ca.pem cert.pem key.pem.
    3. Upload Zip file above to Jenkins Credentials and use in deploy-to job.
  7. Required Postgres extensions (postgis and uuid-ossp) should be installed automatically on RDS database, but it is good to check if it is done correctly.