Although it can be rather tricky to master, Ansible is probably the most important tool when working with the UTN servers. All applications have been set up in such a way, that most server related tasks are done using Ansible. By using Ansible, the systems become easily reproducible, and there is a form of automatic documentation for the steps taken to launch a system.
Installation instructions are located on the GitHub repo.
Ansible is a deployment system. It helps automating the deployment of various tasks while managing a server pool. Ansible repositories are rather rationally split up into several parts:
handlers
directory.vars
and host_vars
directories.
The use of variables can help to avoid making duplicate playbooks/roles.templates
--tags="tag1,tag2,..."
or --skip-tags="tag1, tag2,..."
when running a playbook.files
directory.Some variables are encrypted with the use of ansible-vault
such as the passwords. This makes it possible to
share the repository publicly without sharing the passwords.
To edit the contents use ansible-vault edit path/to/file.yml
.
To view the contents use ansible-vault view path/to/file.yml
.
These are the playbooks that currently exist within the unions ansible repository.
Sets up dependencies and the database and updates project moore to the latest version on the master branch in the moore github repo.
Available tags
setup
: runs all steps that setup dependencies and database.deploy
: runs all steps that downloads and installs the latest version of moore.nginx
: runs the nginx roleGets the latest version from the documentation github repo and updates the documentation on this website.
Available tags
deploy
: runs all steps that updates the documentation to the latest versionnginx
: runs the steps necessary to configure nginx for the documentation websiteSets up dependencies and the database and updates the bocken system to the latest version on the master branch in the bocken github repo.
setup
: runs all steps that setup dependencies and database.deploy
: runs all steps that downloads and installs the latest version of moore.nginx
: runs the nginx rolecron
: runs cron jobsDeploys the applications specified in vars/custom_installations_babbage.yml
to babbage.
Available tags
nginx
: runs the steps necessary to configure nginx for the documentation websitelogs
: runs the steps necessary to setup the log files for each applicationdatabase
: sets up the database for each applicationcommon.yml
- Meant to execute initial server configuration (e.g., manage
users, add firewall).custom_web.yml
- Deploys the applications specified in vars/custom_installations.yml
to turing.
These applications aren’t made with drupal so they need to be in their own playbook.drupal7.yml
- Deploys all drupal 7 applications specifies in vars/drupal7_installations.yml
to babbage.survey.yml
- Deploys limesurvey to turing.upgrade.yml
- Playbook to run apt-get update
& apt-get distupgrade
on
all servers.webserver.yml
- Installs and configures extra requirements for the
webservers (e.g., install a mail server).When running playbooks that operate on multiple servers you have to use ssh-add
to save your passphrase so you don’t have to supply it manually. If you can’t run ssh-add
try running eval $(ssh-agent -s)
.
Currently the logins are managed using the logins role in Ansible. Most
management is done in the vars/users.yml
file, which contains all variables
used by the role to determine which user has an account on which server.
Access to accounts is managed using the SSH keys, these keys are stored
in files/pubkeys
and have the name of the account. To give someone access to
the account, add their public key on a new line in the file. This means that multiple people can have access to the same account. To take away their
access, remove the line in the file containing their public key.
When a committee or section switches to a new group of people, a new public key must be made for every person. This is because only those who should have access shold have access.
vars/users.yml
by copying another user and changing the parameters.To remove an account, add the account name to the old_users
variable and remove it from the user
variable in vars/users.yml
. Then apply the changes.
Apply the changes by running common.yml
.