-
Notifications
You must be signed in to change notification settings - Fork 5
Create Servers and Install Software
Three servers are required in an environment:
Playbooks are provided for each server
The Ansible Management Server is created first. It is used to configure and manage the other servers in the environment.
playbook/mgmtserver
Access the AWS EC2 Console and create a RHEL 7.x Server using a suitable gold image in the relevant VPC environment. Once the server has launched connect to it via SSH to ensure it is accessible.
Make a note of the server name or ip address. This will be used to set the build_target variable in the next step.
Run the build_ansible playbook:
ansible-playbook playbook/mgmtserver/build_ansible.yml \
--extra-vars "build_target=**ip_address** env=**dev**" \
--vault-password-file **vault_pass.txt** \
--private-key **private_pem_key_for_server**
When the playbook successfully completes connect to the MGMT Server and complete the security configuration. This involves:
- creating aws credentials and config files
- Setup pen files to be used to access other servers that will be created in the environment
- Configuring /etc/ansible/hosts
Return to the EC2 Console and add two tags to the Ansible Management Server Instance:
- Layer = MGMT
- Managed = BB-MANAGED-TEST
Review the create_ script: create_server_base.yml
Confirm that the following line is launching the correct ami image:
image: "ami-f070abe6" # Change the AMI, from which you want to launch the server
This should be a RHEL image with FIPS 140.2 enabled. From the /hhs_ansible/hhs_ansible directory run:
ansible-playbook playbook/dataserver/create_server_base.yml \
--extra-vars 'env=**dev** cf_platform_version=**version_number**' \
--vault-password-file **vault_pass.txt** \
--private-key **private_pem_key_for_server**
This script attaches an encrypted volume that is used to store Postgres data.
After the create_ script completes the build_ script can be run:
hhs_ansible]# ansible-playbook playbook/dataserver/build_database.yml \
--vault-password-file **vault_pass.txt** \
--private-key **private_pem_key_for_server* \
--extra-vars 'env=**dev** cf_platform_version=**version_number** \
build_target=dbservers'
The build_ script will also setup the cron jobs to perform hourly, daily and weekly backups to an S3 bucket.
Upon completion of the database server build check /etc/ansible/hosts to confirm the ip address of the server has been inserted into the [dbservers] section of the file.
Once the database server has been built the Application Server(s) can be created and built. Confirm that the following line is launching the correct ami image:
image: "ami-fdde41eb" # Change the AMI, from which you want to launch the server
The App Server should be built from a RHEL 7.3 Gold Image.
ansible-playbook playbook/appserver/create_appserver.yml \
--extra-vars 'env=**dev** cf_platform_version=**version_number**' \
--vault-password-file **vault_pass.txt** \
--private-key **private_pem_key_for_server**
When the script completes run the build_ script to install and configure the appserver and connect it to the application load balancer:
ansible-playbook playbook/appserver/build_appserver.yml \
--vault-password-file **vault_pass.txt** \
--private-key **private_pem_key_for_server** \
--extra-vars 'env=**dev** cf_platform_version=**version_number** \
build_target=appservers migrate=yes collectstatic=yes \
add_groups=yes add_scopes=yes'
Multiple app servers can be launched and connected to the Application Load Balancer.
Updating software or adding additional app servers should not require the following parameters:
- migrate=yes
- collectstatic=yes
- add_groups=yes
- add_scopes=yes
Created for US Department of Health and Human Services / Centers for Medicare and Medicaid Services by Mark Scrimshire/TransparentHealth