GitHub - fossgis-routing-server/ansible_openstreetmap.de: Configuration management for FOSSGIS OpenStreetMap server Arbeitsgruppe

fossgis-routing-server / ansible_openstreetmap.de Public

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Configuration management for FOSSGIS OpenStreetMap server Arbeitsgruppe

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 489 Commits
doc		doc
filter_plugins		filter_plugins
group_vars		group_vars
host_vars		host_vars
library		library
private @ 96a4b1b		private @ 96a4b1b
roles		roles
.gitignore		.gitignore
.gitmodules		.gitmodules
Makefile		Makefile
README		README
Vagrantfile		Vagrantfile
ansible.cfg		ansible.cfg
bootstrap.yml		bootstrap.yml
env_example		env_example
hosts.ini		hosts.ini
init_vagrant_inventory.sh		init_vagrant_inventory.sh
site.yml		site.yml

Repository files navigation

This is the Ansible repository for the FOSSGIS Server Admin Working group.
It contains provisioning playbooks for machines that are administrated by
the group.

Set up Ansible
==============

We require Ansible >= 2.9 and Python3. The latest Ubuntu and Debian
installations should come with appropriate versions. On your host machine
simply run:

    sudo apt install ansible

If the ansible is too old you can also install it with pip. In order to keep
your system-wide Python module installation clean, use a virtual environment:

    virtualenv --python python3 --system-site-packages _venv
    source _venv/bin/activate
    pip install ansible

If installing or running Ansible fails with strange exceptions, the dependencies
are too old. Delete your virtual environment and recreate it without
`--system-site-packages`.

You always need to run `source _venv/bin/activate` before using ansible when
installing with pip this way.

Deploying a new Host
====================

We use Debian 11 on all hosts. Make sure there is a base system on the host.

You first need to add the host in the inventory (`hosts.ini`). The host should
be listed with its short internal name and the full domain name in `ansible_host`.
For example:

    robinson ansible_host=robinson.openstreetmap.de

You also need to add the host (with its short name) to the functional groups.

Next you need to bootstrap the server, bringing the Debian packages up to date
and set up the admin users:

    ansible-playbook -l $SERVER_NAME bootstrap.yml

Now you can run the usual site.yml for deploying the software.

!!! Warning

    Setup of user accounts is not part of the standard setup of servers via
    `site.yml` to avoid accidental lockouts. If you want to change the admin
    accounts on a server, run `bootstrap.yml` again.

More Documentation
==================

Further documentation can be found in the `doc/` directory:

* [Setting up a webserver](doc/webservers.md)


Testing
=======

The repo contains configuration files for [Vagrant](https://www.vagrantup.com/)
that may be used to test playbooks during development. To use it, you need
to install Vagrant and the lib-virt provider:

    apt install vagrant vagrant-libvirt libvirt-daemon

Spin up the test machine:

    vagrant up

This spins up a Debian Bullseye machine and sets up accounts, so that Ansible
can access the machine via the root account.

> You can use the environment variables 
> - `VAGRANT_MEMORY` (default: 2048)
> 
> For Example: `VAGRANT_MEMORY=8192 vagrant up`
>
> If you like to use an `.env` file, you can add the plugin `vagrant-env` via `vagrant plugin install vagrant-env`. Whenever you run a Vagrant command it’ll load `.env` into `ENV`. When creating the `.env` file, you can use the `env_example` file as a guide.
>
> In any case: if no environment variable is created, the default value is used.

Next you need an inventory:

    ./init_vagrant_inventory.sh

This creates a file vagrant.ini with the right connection IP. Edit the file
to put the vagrant test machine into the group you want to test.

Now you can run the global playbook:

     ansible-playbook -i vagrant.ini site.yml

Additional hints:

* You may have to rerun `init-vagrant-inventory.sh` when you destroy and rebuild
  the Vagrant test machine to update the IP.
* If you are not in the admin user group, you can still run the playbook
  under the vagrant user: `ansible-playbook -i vagrant.ini -u vagrant site.yml`

Testing without the Private Data
================================

All playbooks should be written such that they can be run without access to
the private data. You can define drop in replacements for the data in your
`host_vars/vagrant.yml` file if need be. For example, you have to create the file `host_vars/vagrant.yml` and define the variable `acme__distribution_account` here.

Variable naming convention
==========================

Variables in ansible have two maybe unexpected properties, which make this convention necessary:

* Variables are globally visible, which means they need unique names. Otherwise, they will get unexpectedly overwritten.
* Variables are only merged on the top level. That means we use a flat hierachy to have flexiblity in overwriting variables.

Variables should be named as follows:

    <role/group>__<variable_name>

example:

    osrm__basedir: '/srv/osrm/'

License
=======

Playbooks are published under MIT license.