-
Notifications
You must be signed in to change notification settings - Fork 5
Home
hhs_ansible is a repository of Ansible scripts that can be used to build and manage a Blue Button on FHIR API platform. The scripts build and configure a database server and application server in an Amazon Web Services (AWS) Virtual Private Cloud (VPC). This is a "companion" to the hhs_oauth_server repository.
hhs_ansible is a suite of scripts that:
- Create AWS EC2 server instances
- Deploy Software
- Configure the installation
- Manage the update and patching process
- Collect configuration data
The objective is to enable the suite of scripts to build, deploy and manage the machines in an environment without requiring manual intervention. By changing a two variables files the same scripts can be used to create identically configured systems in different VPCs. eg. Development, Test and Production.
hhs_ansible uses the AWS Command Line toolkit to commission servers and integrate them with other AWS Services. eg. Simple Storage Service (S3), Application Load Balancers (ALB), Simple Email Service (SES) etc. As such it uses AWS Keys and Secrets to control access.
Deploying his_ansible will require you to create "service accounts." It is highly recommended that you avoid configuring systems via hhs_ansible using your default account credentials. Instead use the AWS Identity Access Management (IAM) service to create service accounts. This will isolate the impact of any key/secret changes that are necessary.
Within each playbook folder there may be multiple playbook scripts. The major playbook use the following prefix naming convention:
- create_
- build_
- update_
Playbook folders may also contain a roles sub-folder. The roles folder hold sub-folders that contain "sub-scripts" that perform discrete functions.
A playbook script may be made up of a number of sub-scripts that are used to perform discrete functions. This modular approach enables script re-use.
This is a script that will create a base AWS ec2 instance. This script may be updated to use updated Gold RHEL images (AMIs) that have been released.
This is a script that will take the base AWS ec2 instance created in the create script and install all of the necessary software, configure that software and integrate the server into the platform.
This is a script that will operate on the operational servers created in the build_ stage and apply any necessary updates and patches to the server.
The update_ script may use sub-scripts from the create_ and build_ stages. These scripts and templates may be updated to apply patches to address issues and vulnerabilities. Sub-scripts and templates from the create_ and build_ process may be updated to perform patching. Patches should be retro-fitted to the relevant create_ or build_ script process to ensure that newly deployed machines inherit all of the latest patches and updates.
hhs_ansible was created by Mark Scrimshire (@ekivemark). The repository is provided to the US Department of Health and Human Services (HHS), Centers for Medicare and Medicaid Services (CMS) as part of the Blue Button on FHIR API project (BBAPI). The hhs_ansible repository is also published via TransparentHealth.
Created for US Department of Health and Human Services / Centers for Medicare and Medicaid Services by Mark Scrimshire/TransparentHealth