Instructions on how to set up the wp5image web server
You require a vault_pass in order to decrypt encrypetd information tracked in
git repository. You need also to set up a machine and provide a remote access
through SSH server (using SSH keys is strongly recommended). This project can't
handle it for you, you need to provide this requirements by yourself
All these instructions are referred to a digitalocean docker image instance and they are optimized in such environment
Go into the terraform/testing directory and set your custom .tfvars, specifing
those attributes:
DO_TOKEN = <your token>
Then instantiate the testing resource by calling
$ terraform plan -out changes.tfplan
$ terraform apply "changes.tfplan"
Track the returned ip address or call
$ terraform output
To return the ip address for the testing machine. To add such ip address in
image domain records, move first into ../production directory (even here you have
to define a .tfvars file) and call
$ terraform plan -out changes.tfplan
$ terraform apply "changes.tfplan"
When requested, type the testing ip address you got before in order to add custom DNS records. Only testing subdomains are added in production environment (for the moment).
Those are all the subdomains that will be created and added to the testing droplet:
apitest.wp5image.eu
test.wp5image.eu
injecttest.wp5image.eu
apitest.image2020genebank.eu
test.image2020genebank.eu
injecttest.image2020genebank.eu
Currently there are two groups configured in inventory files (production and testing),
they are defined using DNS, so you need to update your DNS records if you
need to change the ip adresses of such machines. production.yml and testing.yml
are the two playbook that are applied respectively to the two groups
You need do agent 3rd party
module in order to install into the monitoring tools in your droplet. You need also
a ssmtp role in order
to configure ssmtp and sending mail from the server and
geerlingguy.nodejs. Those
modules are already in the local ./galaxy_roles path and are configure already
in ansible.cfg. If you need to install a new role, please add it into ./galaxy_roles
path and then track it into git
$ ansible-galaxy install --roles-path ./galaxy_roles/ <a new role>
To execute a generic command, call ansible + <pattern> + -m <module>, for
example, in order to testing hosts:
$ ansible all -m ping
$ ansible testing -m ping
You can also pass additional arguments to modules, if they support them:
$ ansible all -m command -a "hostname"
The -m command is a default option, so the following syntax have the same effects
of the previous:
$ ansible all -a "hostname"
Upgrade package version and restart server using playboooks (they rely on
digitalocean.yml config file)
$ ansible-playbook --limit production playbooks/upgrade.yml
$ ansible-playbook --limit production playbooks/restart.yml
You can configure ssmtp to send mail using an external email address. This is configured for the production servers:
$ ansible-playbook --limit production playbooks/ssmtp.yml
You may want to install all stuff with self-signed certificates or with SSL configuration provided by letsencrypt (in such case you will need a registered domain and DNS configured to your target machine).
Override the default image vars by setting your certificate location paths, for example
in group_vars/all/vars file:
# letsencrypt certificate files
ssl_certificate: /etc/letsencrypt/live/image2020genebank.eu/fullchain.pem
ssl_certificate_key: /etc/letsencrypt/live/image2020genebank.eu/privkey.pem
ssl_options: /etc/letsencrypt/options-ssl-nginx.conf
ssl_dhparam: /etc/letsencrypt/ssl-dhparams.pem
old_domain_ssl_certificate: /etc/letsencrypt/live/wp5image.eu/fullchain.pem
old_domain_ssl_certificate_key: /etc/letsencrypt/live/wp5image.eu/privkey.pem
These files are not provided by ansible, you will need to set up letsencrypt before.
# check roles without modification
$ ansible-playbook wp5image.yml --limit production --check
# list available tags (refer to digitalocean.yml)
$ ansible-playbook wp5image.yml --limit production --list-tags
# install only a tag
$ ansible-playbook wp5image.yml --limit production --tags injecttool
# update image NGINX configuration on testing environment, without set SSL stuff
$ ansible-playbook wp5image.yml --limit testing --tags='image-configure'
Please follow this tutorial to configure certbot. Then follow this guide to uptain a wildcard certificate with digitalocean. Ideally there should be only a master server that renew the certificate. If you have subdomains in other machines, you will need to copy certificates in order to not hit the letsencrypt limit when renewing certificates from all machines
Please refer to IMAGE-InjectTool, IMAGE-CommonDataPool and IMAGE-Portal documentation