From 3263e5eed39a008430f0e3ce00f13e22589e1682 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Thu, 26 Jan 2017 14:43:52 -0800 Subject: [PATCH 01/28] Added egret and env vars --- ansible/delta-hosts/hosts | 4 ++++ ansible/delta-hosts/variables | 1 + ansible/egret.yml | 10 ++++++++++ ansible/gamma-hosts/hosts | 4 ++++ ansible/gamma-hosts/variables | 1 + ansible/group_vars/alpha-egret.yml | 18 ++++++++++++++++++ 6 files changed, 38 insertions(+) create mode 100644 ansible/egret.yml create mode 100644 ansible/group_vars/alpha-egret.yml diff --git a/ansible/delta-hosts/hosts b/ansible/delta-hosts/hosts index 8fa2d00b..68e81b8c 100644 --- a/ansible/delta-hosts/hosts +++ b/ansible/delta-hosts/hosts @@ -59,6 +59,9 @@ delta-app-services [dock] +[egret] +delta-app-services + [eru] delta-app-services @@ -149,6 +152,7 @@ dock docker-listener docks drake +egret eru github-varnish hipache diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index 0b85d715..fb3c329b 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -148,6 +148,7 @@ datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ datadog_mongodb_user=datadog datadog_tags=env:delta domain=runnable.io +egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 env=delta github_domain=api.github.com github_protocol=https diff --git a/ansible/egret.yml b/ansible/egret.yml new file mode 100644 index 00000000..206ab384 --- /dev/null +++ b/ansible/egret.yml @@ -0,0 +1,10 @@ +--- + +- hosts: egret + vars_files: + - group_vars/alpha-egret.yml + roles: + - role: notify + tags: [ notify ] + - { role: builder, tags: [build] } + - { role: container_kill_start } diff --git a/ansible/gamma-hosts/hosts b/ansible/gamma-hosts/hosts index c344426c..73e7717d 100644 --- a/ansible/gamma-hosts/hosts +++ b/ansible/gamma-hosts/hosts @@ -45,6 +45,9 @@ gamma-consul-c [worker] gamma-api-worker +[egret] +gamma-app-services + [eru] gamma-app-services @@ -140,6 +143,7 @@ dock docker-listener docks drake +egret eru github-varnish hipache diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index feb11052..64b00bdd 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -130,6 +130,7 @@ datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ datadog_mongodb_user=datadog datadog_tags=env:gamma domain=runnable-gamma.com +egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 env=gamma github_domain=api.github.com github_protocol=https diff --git a/ansible/group_vars/alpha-egret.yml b/ansible/group_vars/alpha-egret.yml new file mode 100644 index 00000000..bed34c32 --- /dev/null +++ b/ansible/group_vars/alpha-egret.yml @@ -0,0 +1,18 @@ +name: "arithmancy" + +container_image: "registry.runnable.com/runnable/{{ name }}" +container_tag: "{{ git_branch }}" +repo: "git@github.com:CodeNow/{{ name }}.git" +node_version: "6.3.1" +npm_version: "4.0.5" + +# container settings +container_envs: > + -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} + -e NODE_ENV={{ node_env }} + +container_run_opts: > + -h {{ name }} + -d + -v /opt/ssl/docker/{{ name }}:/etc/ssl/docker:ro + {{ container_envs }} From 5daf273d677b556ec1f86c9375bb0ce01b32e02e Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Thu, 26 Jan 2017 15:13:24 -0800 Subject: [PATCH 02/28] Changed names to agreeable-egret --- ansible/{egret.yml => agreeable-egret.yml} | 4 ++-- ansible/delta-hosts/hosts | 4 ++-- ansible/delta-hosts/variables | 2 +- ansible/gamma-hosts/hosts | 4 ++-- ansible/gamma-hosts/variables | 2 +- .../group_vars/{alpha-egret.yml => alpha-agreeable-egret.yml} | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) rename ansible/{egret.yml => agreeable-egret.yml} (66%) rename ansible/group_vars/{alpha-egret.yml => alpha-agreeable-egret.yml} (82%) diff --git a/ansible/egret.yml b/ansible/agreeable-egret.yml similarity index 66% rename from ansible/egret.yml rename to ansible/agreeable-egret.yml index 206ab384..d8748e3f 100644 --- a/ansible/egret.yml +++ b/ansible/agreeable-egret.yml @@ -1,8 +1,8 @@ --- -- hosts: egret +- hosts: agreeable-egret vars_files: - - group_vars/alpha-egret.yml + - group_vars/alpha-agreeable-egret.yml roles: - role: notify tags: [ notify ] diff --git a/ansible/delta-hosts/hosts b/ansible/delta-hosts/hosts index 68e81b8c..5cef1537 100644 --- a/ansible/delta-hosts/hosts +++ b/ansible/delta-hosts/hosts @@ -59,7 +59,7 @@ delta-app-services [dock] -[egret] +[agreeable-agreeable-egret] delta-app-services [eru] @@ -152,7 +152,7 @@ dock docker-listener docks drake -egret +agreeable-egret eru github-varnish hipache diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index fb3c329b..a9dfd983 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -148,7 +148,7 @@ datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ datadog_mongodb_user=datadog datadog_tags=env:delta domain=runnable.io -egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 +agreeable_egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 env=delta github_domain=api.github.com github_protocol=https diff --git a/ansible/gamma-hosts/hosts b/ansible/gamma-hosts/hosts index 73e7717d..66f361c1 100644 --- a/ansible/gamma-hosts/hosts +++ b/ansible/gamma-hosts/hosts @@ -45,7 +45,7 @@ gamma-consul-c [worker] gamma-api-worker -[egret] +[agreeable-egret] gamma-app-services [eru] @@ -143,7 +143,7 @@ dock docker-listener docks drake -egret +agreeable-egret eru github-varnish hipache diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index 64b00bdd..0948922a 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -130,7 +130,7 @@ datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ datadog_mongodb_user=datadog datadog_tags=env:gamma domain=runnable-gamma.com -egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 +agreeable_egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 env=gamma github_domain=api.github.com github_protocol=https diff --git a/ansible/group_vars/alpha-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml similarity index 82% rename from ansible/group_vars/alpha-egret.yml rename to ansible/group_vars/alpha-agreeable-egret.yml index bed34c32..ee3ec27d 100644 --- a/ansible/group_vars/alpha-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -8,7 +8,7 @@ npm_version: "4.0.5" # container settings container_envs: > - -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} + -e HELLO_RUNNABLE_GITHUB_TOKEN={{ agreeable_egret_hello_runnable_github_token }} -e NODE_ENV={{ node_env }} container_run_opts: > From 7c9f0fda45ba026f756cd807076fac1374b8859e Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Thu, 26 Jan 2017 15:48:52 -0800 Subject: [PATCH 03/28] PR comments --- ansible/agreeable-egret.yml | 3 +-- ansible/delta-hosts/variables | 1 - ansible/gamma-hosts/variables | 1 - ansible/group_vars/all.yml | 3 +++ ansible/group_vars/alpha-agreeable-egret.yml | 9 ++++++--- 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ansible/agreeable-egret.yml b/ansible/agreeable-egret.yml index d8748e3f..0c5cb379 100644 --- a/ansible/agreeable-egret.yml +++ b/ansible/agreeable-egret.yml @@ -1,5 +1,4 @@ --- - - hosts: agreeable-egret vars_files: - group_vars/alpha-agreeable-egret.yml @@ -7,4 +6,4 @@ - role: notify tags: [ notify ] - { role: builder, tags: [build] } - - { role: container_kill_start } + - { role: container_start } diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index a9dfd983..0b85d715 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -148,7 +148,6 @@ datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ datadog_mongodb_user=datadog datadog_tags=env:delta domain=runnable.io -agreeable_egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 env=delta github_domain=api.github.com github_protocol=https diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index 0948922a..feb11052 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -130,7 +130,6 @@ datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ datadog_mongodb_user=datadog datadog_tags=env:gamma domain=runnable-gamma.com -agreeable_egret_hello_runnable_github_token=b6130cbbd1be797d83b3d419ba60176e7b3f07d2 env=gamma github_domain=api.github.com github_protocol=https diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 4340bcb5..e91ff748 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -44,6 +44,9 @@ core_file_dir: /docker/app-cores ## shared application configs ## +# agreeable-egret +agreeable_egret_hostname: egret.{{ domain }} + #angular angular_url: https://app.{{ domain }} mixpanel_proxy_url: https://mixpanel.{{ domain }} diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index ee3ec27d..4a0171a4 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -1,4 +1,4 @@ -name: "arithmancy" +name: "agreeable-egret" container_image: "registry.runnable.com/runnable/{{ name }}" container_tag: "{{ git_branch }}" @@ -6,13 +6,16 @@ repo: "git@github.com:CodeNow/{{ name }}.git" node_version: "6.3.1" npm_version: "4.0.5" +# Exposes egret +redis_key: "frontend:{{ agreeable_egret_hostname }}" +is_redis_update_required: 'yes' + # container settings container_envs: > - -e HELLO_RUNNABLE_GITHUB_TOKEN={{ agreeable_egret_hello_runnable_github_token }} + -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} -e NODE_ENV={{ node_env }} container_run_opts: > -h {{ name }} -d - -v /opt/ssl/docker/{{ name }}:/etc/ssl/docker:ro {{ container_envs }} From a9a0ba4f47dbf118364956cdfa6313a92943f7c7 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Fri, 27 Jan 2017 10:27:46 -0800 Subject: [PATCH 04/28] Added user content domain var --- ansible/group_vars/alpha-agreeable-egret.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index 4a0171a4..6d6ec2a6 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -14,6 +14,7 @@ is_redis_update_required: 'yes' container_envs: > -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} -e NODE_ENV={{ node_env }} + -e RUNNABLE_USER_CONTENT_DOMAIN= {{ user_content_domain }} container_run_opts: > -h {{ name }} From a0eaca74333fe0d3e431dbed2b2979c3448e31a8 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Mon, 30 Jan 2017 10:57:17 -0800 Subject: [PATCH 05/28] Added port options --- ansible/agreeable-egret.yml | 1 + ansible/gamma-hosts/variables | 3 +++ ansible/group_vars/alpha-agreeable-egret.yml | 9 ++++++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ansible/agreeable-egret.yml b/ansible/agreeable-egret.yml index 0c5cb379..a3ec7d26 100644 --- a/ansible/agreeable-egret.yml +++ b/ansible/agreeable-egret.yml @@ -1,4 +1,5 @@ --- +- hosts: redis - hosts: agreeable-egret vars_files: - group_vars/alpha-agreeable-egret.yml diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index feb11052..535e73a3 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -1,3 +1,6 @@ +[agreeable-egret:vars] +agreeable_egret_port=80 + [api_group:vars] api_aws_access_key_id=AKIAIDC4WVMTCGV7KRVQ api_aws_secret_access_key=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 diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index 6d6ec2a6..18aade00 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -2,9 +2,10 @@ name: "agreeable-egret" container_image: "registry.runnable.com/runnable/{{ name }}" container_tag: "{{ git_branch }}" +hosted_ports: ["{{ agreeable_egret_port }}"] repo: "git@github.com:CodeNow/{{ name }}.git" -node_version: "6.3.1" -npm_version: "4.0.5" +node_version: "4.4.7" +npm_version: 2 # Exposes egret redis_key: "frontend:{{ agreeable_egret_hostname }}" @@ -14,9 +15,11 @@ is_redis_update_required: 'yes' container_envs: > -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} -e NODE_ENV={{ node_env }} - -e RUNNABLE_USER_CONTENT_DOMAIN= {{ user_content_domain }} + -e PORT={{ hosted_ports[0] }} + -e RUNNABLE_USER_CONTENT_DOMAIN={{ user_content_domain }} container_run_opts: > -h {{ name }} -d + -P {{ container_envs }} From de54f3ae801978410b4f5e5dd6ca86580643f6b2 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Tue, 31 Jan 2017 10:33:54 -0800 Subject: [PATCH 06/28] Change node version --- ansible/delta-hosts/hosts | 2 +- ansible/delta-hosts/variables | 4 ++++ ansible/gamma-hosts/variables | 1 + ansible/group_vars/alpha-agreeable-egret.yml | 5 +++-- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ansible/delta-hosts/hosts b/ansible/delta-hosts/hosts index 5cef1537..ea1ce794 100644 --- a/ansible/delta-hosts/hosts +++ b/ansible/delta-hosts/hosts @@ -59,7 +59,7 @@ delta-app-services [dock] -[agreeable-agreeable-egret] +[agreeable-egret] delta-app-services [eru] diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index 0b85d715..29bb4db3 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -1,3 +1,7 @@ +[agreeable-egret:vars] +agreeable_egret_port=80 +agreeable_egret_api_url=https://api.runnable.io + [api_group:vars] api_aws_access_key_id=AKIAJWSSSJYUXKNW2ZDA api_aws_secret_access_key=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 diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index 535e73a3..b58cb05c 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -1,5 +1,6 @@ [agreeable-egret:vars] agreeable_egret_port=80 +agreeable_egret_api_url=https://api.runnable-gamma.com [api_group:vars] api_aws_access_key_id=AKIAIDC4WVMTCGV7KRVQ diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index 18aade00..c571a79d 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -4,8 +4,8 @@ container_image: "registry.runnable.com/runnable/{{ name }}" container_tag: "{{ git_branch }}" hosted_ports: ["{{ agreeable_egret_port }}"] repo: "git@github.com:CodeNow/{{ name }}.git" -node_version: "4.4.7" -npm_version: 2 +node_version: "4.3.1" +npm_version: "3.7.5" # Exposes egret redis_key: "frontend:{{ agreeable_egret_hostname }}" @@ -15,6 +15,7 @@ is_redis_update_required: 'yes' container_envs: > -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} -e NODE_ENV={{ node_env }} + -e RUNNABLE_API_URL={{ agreeable_egret_api_url }} -e PORT={{ hosted_ports[0] }} -e RUNNABLE_USER_CONTENT_DOMAIN={{ user_content_domain }} From 4df8e16447d631151b9c350003c328bdd6c84012 Mon Sep 17 00:00:00 2001 From: thejsj Date: Wed, 1 Feb 2017 15:01:15 -0800 Subject: [PATCH 07/28] Start adding default hosts --- ansible/default-hosts/docks.js | 75 +++++++++++ ansible/default-hosts/hosts | 159 ++++++++++++++++++++++++ ansible/default-hosts/variables | 172 ++++++++++++++++++++++++++ ansible/group_vars/alpha-api-base.yml | 2 +- 4 files changed, 407 insertions(+), 1 deletion(-) create mode 100755 ansible/default-hosts/docks.js create mode 100644 ansible/default-hosts/hosts create mode 100644 ansible/default-hosts/variables diff --git a/ansible/default-hosts/docks.js b/ansible/default-hosts/docks.js new file mode 100755 index 00000000..29526a4c --- /dev/null +++ b/ansible/default-hosts/docks.js @@ -0,0 +1,75 @@ +#!/usr/bin/env node + +'use strict'; + +var aws = require('aws-sdk'); +var ec2 = new aws.EC2({ + accessKeyId: 'AKIAJ3RCYU6FCULAJP2Q', + secretAccessKey: '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', + region: 'us-west-2' +}); + +var params = { + Filters: [ + // Only search for docks in the cluster security group + { + Name: 'instance.group-id', + Values: ['sg-ec0da194'] // This script is the same for all environments + }, + // Only fetch instances that are tagged as docks + { + Name: 'tag:role', + Values: ['dock'] + }, + // Only fetch running instances + { + Name: 'instance-state-name', + Values: ['running'] + } + ] +}; + +ec2.describeInstances(params, function (err, data) { + if (err) { + console.error("An error occurred: ", err); + process.exit(1); + } + + // Get a set of instances from the describe response + var instances = []; + data.Reservations.forEach(function (res) { + res.Instances.forEach(function (instance) { + instances.push(instance); + }); + }); + + // Map the instances to their private ip addresses + // NOTE This will work locally because of the wilcard ssh proxy in the config + var hosts = instances.map(function (instance) { + return instance.PrivateIpAddress; + }); + + var hostVars = {}; + instances.forEach(function (instance) { + for (var i = 0; i < instance.Tags.length; i++) { + if (instance.Tags[i].Key === 'org') { + hostVars[instance.PrivateIpAddress] = { + host_tags: instance.Tags[i].Value + ',build,run' + }; + } + } + }); + + // Output the resulting JSON + // NOTE http://docs.ansible.com/ansible/developing_inventory.html + console.log(JSON.stringify( + { + docks: { + hosts: hosts + }, + _meta : { + hostvars : hostVars + } + } + )); +}); diff --git a/ansible/default-hosts/hosts b/ansible/default-hosts/hosts new file mode 100644 index 00000000..2ef19a71 --- /dev/null +++ b/ansible/default-hosts/hosts @@ -0,0 +1,159 @@ +[bastion] +dafault-bastion + +[hipache] +default-main httpsCheckForBackend80=false prependIncomingPort=true subDomainDepth=4 + +[userland] +default-main + +[mongodb] +default-main + +[api_group:children] +worker +api +socket-server + +[api] +default-main + +[big-poppa] +default-main + +[cream] +default-main + +[consul] +default-main + +[docker-listener] +default-main + +[vault] +default-main + +[worker] +default-main + +[navi] +default-main + +[ingress] +default-main + +[link] +default-main + +[mongo-navi] +default-main + +[charon] +default-main + +[khronos] +default-main + +[optimus] +default-main + +[detention] +default-main + +[palantiri] +default-main + +[rabbitmq] +default-main + +[web] +default-main + +[redis] +default-main + +[redis-slave] +default-main + +[sauron] +default-main + +[shiva] +default-main + +[socket-server] +default-main + +[socket-server-proxy] +default-main + +[registry] +default-main + +[swarm-manager] +default-main + +[metis] +default-main + +[drake] +default-main + +[pheidi] +default-main + +[github-varnish] +default-main + +[single-host-proxy] +default-main + +[docks] + +[dock] + +[prometheus] +default-main + +[bear-clone:children] +api +bastion +big-poppa +charon +consul +cream +dock +docker-listener +docks +drake +hipache +ingress +khronos +metis +mongodb +navi +optimus +pheidi +prometheus +rabbitmq +redis +redis-slave +registry +sauron +shiva +single-host-proxy +socket-server +socket-server-proxy +swarm-manager +userland +web +worker + +[local] +127.0.0.1 + +[ec2] +local + +[targets] +localhost ansible_connection=local bastion_name=default-bastion diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables new file mode 100644 index 00000000..c1722bf3 --- /dev/null +++ b/ansible/default-hosts/variables @@ -0,0 +1,172 @@ +[api_group:vars] +api_aws_access_key_id=${ AWS_ACCESS_KEY_ID_1 } +api_aws_secret_access_key=${ AWS_SECRET_ACCESS_KEY_1 } +api_github_client_id=${ GITHUB_CLIEND_ID } +api_github_client_secret=${ GITHUB_CLIENT_SECRET } +api_github_deploy_keys_bucket=runnable.deploykeys.${ ENV } +api_mongo_auth=${ MONGO_USERNAME }:${ MONGO_PASSWORD } +api_mongo_database=${ ENV } +api_mongo_replset_name=${ ENV }-rs0 +api_s3_context_bucket=runnable.context.resources.${ ENV } + +[big-poppa:vars] +big_poppa_pg_pass=${ POSTGRES_PASSWORD } +big_poppa_pg_host=${ POSTGRES_HOST }:${ POSTGRES_PORT } +big_poppa_pg_port=${ POSTGRES_PORT } +big_poppa_pg_user=big_poppa +big_poppa_github_token=${ GITHUB_ACCESS_TOKEN } +big_poppa_mongo_auth=${ MONGO_USERNAME }:${ MONGO_PASSWORD } +big_poppa_mongo_database=${ MONGO_DATABASE_NAME } +big_poppa_mongo_replset_name=${ MONGO_DATABASE_NAME }-rs0 +big_poppa_pg_pool_min=10 +big_poppa_pg_pool_max=20 + +[cream:vars] +cream_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN } +cream_stripe_secret_key=${ STRIPE_SECRET_KEY } +cream_stripe_publishable_key=${ STRIPE_SECRET_KEY } + +[docks:vars] +docker_config=docks +docks_rollbar_key=${ ROLLBAR_TOKEN_DOCKS } + +[dock:vars] +docks_rollbar_key=${ ROLLBAR_TOKEN_DOCKS } + +[drake:vars] +drake_port=80 + +[khronos:vars] +khronos_mongo_auth=${ MONGO_USER }:${ MONGO_PASSWORD } +khronos_mongo_database=${ MONGO_DATABASE_NAME } +khronos_mongo_replset_name=${ MONGO_DATABASE_NAME } + +[metis:vars] + +[navi:vars] +navi_cookie_secret=${ COOKIE_SECRET } +_navi_proxy_port=65100 +_navi_proxy_ssl_port=65101 + +[optimus:vars] +optimus_aws_access_id=${ AWS_ACCESS_KEY_ID_1 } +optimus_aws_secret_id=${ AWS_SECRET_ACCESS_KEY_1 } +optimus_github_deploy_keys_bucket=runnable.deploykeys.${ ENV } + +[palantiri:vars] + +[pheidi:vars] +pheidi_mongo_auth=${ MONGO_USER }:${ MONGO_PASSWORD } +pheidi_mongo_database=${ MONGO_DATABASE } +pheidi_mongo_replset_name=${ MONGO_DATABASE } +pheidi_runnabot_tokens=${ GITHUB_ACCESS_TOKEN } + +[sauron:vars] + +[registry:vars] +registry_s3_access_key=AWS_ACCESS_KEY_ID_1 +registry_s3_secret_key=AWS_SECRET_ACCESS_KEY_1 +registry_s3_bucket=runnableimages.bear-clone +registry_s3_region=us-west-2 + +[shiva:vars] +aws_access_key_id=AWS_ACCESS_KEY_ID_1 +aws_secret_access_key=AWS_SECRET_ACCESS_KEY_1 +shiva_consult_hostname=10.4.0.148 +shiva_aws_region=us-west-2 +shiva_dock_security_groups=sg-ec0da194 +shiva_ssh_key_name=gamma-key +shiva_aws_instance_image_id=ami-278a3447 +shiva_aws_instance_image_name=bear-clone-dock-2.0.10 +shiva_aws_instance_type=t2.medium +shiva_dock_pool_asg_name=bear-clone-asg-dock-pool +shiva_aws_launch_configuration_name=bear-clone-lc-2.0.10.10 +shiva_aws_auto_scaling_group_subnets=subnet-9cb197f9 +shiva_aws_auto_scaling_group_max=29 +shiva_aws_auto_scaling_group_prefix=asg-bear-clone- + +[swarm-manager:vars] +aws_access_key=AWS_ACCESS_KEY_ID_1 +aws_secret_key=AWS_SECRET_ACCESS_KEY_1 +environment_name=bear-clone + +[vault:vars] +vault_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af +vault_aws_access_key_id=AWS_ACCESS_KEY_ID_1 +vault_aws_secret_key=AWS_SECRET_ACCESS_KEY_1/ +# vault_aws_access_key_id=AKIAIALSDNO3WSKPWOEA +# vault_aws_secret_key=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 +vault_aws_region=us-west-2 +vault_root_token=2865193c-8abc-9ffd-74eb-23e7fc593f5b +vault_unseal_tokens={'one':'d09b3002044f8746271cb987601849faa16b90ddfdc651e89f5df111926c873001', 'two': '4c702650257794387da65d5aa0cad24d2e9fde5c06f7eb240dedcf70d08c55d602', 'three': '6db4c9d33289452fc8e25b929d5273e4285fc2eb3b05708d95cafca5496fa7b403', 'four': '41c7c6251fa23e84197cf52b968b0b288c499b119159b83b97066fa343dc645a04', 'five': '600329a6085cef93ac38f3e3ab13aa818a8987a6acab23920f215c76da3f963805'} +_vault_port=65240 +_vault_ssl_port=65241 + +[bear-clone:vars] +ansible_ssh_private_key_file=~/.ssh/gamma.pem +bastion_sshd_port=60709 +datadog_tags=env:bear-clone +datadog_mongodb_user=datadog +datadog_mongodb_pwd= +domain=runnable.rocks +mongo_port=27017 +node_env=bear-clone +pg_user=astral +pg_pass=MgZQTuJcFZxM3aoJHtXn +pg_host=big-poppa-bear-clone.cnksgdqarobf.us-west-2.rds.amazonaws.com:32659 +rabbit_password=wKK7g7NWKpQXEeSzyWB7mIpxZIL8H2mDSf3Q6czR3Vk +rabbit_username=o2mdLh9N9Ke2GzhoK8xsruYPhIQFN7iEL44dQJoq7OM +registry_host=10.4.0.148 +_registry_port=65001 +_consul_api_port=65200 +_consul_https_port=65201 +_swarm_master_port=65250 +user_content_domain=runnable-beta.com +max_navi_port=65000 +_redis_port=65075 +_redis_tls_port=65076 +api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af +vault_auth_token=f025895e-bfde-13d0-8913-0cea0c33cd4a +vault_token_01=1618e6c73c18a7b2fad20b915b62f09d46244b2a217980a93e6f12d11e4d324501 +vault_token_02=d3a0b4741e673cd93f17486478a03f78bc53c60c2345213477f1808ef339d31402 +vault_token_03=a5e9f76f14fc3de2e3e7258f5e3b943111428fdc657c3f07f9709005b00bee3d03 +vault_token_04=7a3fedd99659dfb1ca5dc7274880376f1df2d222e28dc1d008c8a3a0ba7b023404 +vault_token_05=0c76aec29cc2de8a16adaacc6e1b9c26b0e39bf2a4b4dfe38649b32bf9493f1d05 +# vault_auth_token=2865193c-8abc-9ffd-74eb-23e7fc593f5b +# vault_token_01=d09b3002044f8746271cb987601849faa16b90ddfdc651e89f5df111926c873001 +# vault_token_02=4c702650257794387da65d5aa0cad24d2e9fde5c06f7eb240dedcf70d08c55d602 +# vault_token_03=6db4c9d33289452fc8e25b929d5273e4285fc2eb3b05708d95cafca5496fa7b403 +# vault_token_04=41c7c6251fa23e84197cf52b968b0b288c499b119159b83b97066fa343dc645a04 +# vault_token_05=600329a6085cef93ac38f3e3ab13aa818a8987a6acab23920f215c76da3f963805 +github_domain=api.github.com +is_github_enterprise=false +github_protocol=https +proxy_container_image=runnable/sticky-nginx +proxy_container_image_version=v1.8.1 + +[ec2:vars] +env=bear-clone +aws_custid=437258487404 +bastion_sshd_port=60709 +region=us-west-2 +vpc_id=vpc-c53464a0 +sg_api=sg-3b0c7b5f +sg_app_services=sg-35d14052 +sg_bastion=sg-91eb81f5 +sg_consul=sg-899616ee +sg_dock=sg-577a0d33 +sg_dock_services=sg-12d14075 +sg_hipache=sg-e70c7883 +sg_mongo=sg-977a0df3 +sg_nat=sg-b595ffd1 +sg_navi=sg-45633421 +sg_rabbit=sg-44b7cb20 +sg_rds=sg-081e596c +sg_redis=sg-477b0c23 +sg_registry=sg-c8d140af +sg_userland=sg-12ce9876 +sg_web=sg-fe8bf49a + +[web:vars] +web_sift_public_key=eea9746dff +web_intercom_id=xs5g95pd diff --git a/ansible/group_vars/alpha-api-base.yml b/ansible/group_vars/alpha-api-base.yml index 84f9f9da..59246998 100644 --- a/ansible/group_vars/alpha-api-base.yml +++ b/ansible/group_vars/alpha-api-base.yml @@ -48,7 +48,7 @@ api_base_container_envs: >- -e GITHUB_PROTOCOL=http -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} -e KRAIN_PORT={{ krain_port }} - -e MIXPANEL_APP_ID={{ api_mixpanel_app_id }} + {% if api_mixpanel_app_id is defined %} -e MIXPANEL_APP_ID={{ api_mixpanel_app_id }} {% endif %} -e MONGO_REPLSET_NAME={{ api_mongo_replset_name }} -e MONGO=mongodb://{{ mongo_hosts }}/{{ api_mongo_database }} -e NAVI_HOST=http://{{ navi_host_address }}:{{ navi_http_port }} From 50e36c4ddd995a5144a76954ac6799b3c13b87e4 Mon Sep 17 00:00:00 2001 From: thejsj Date: Wed, 1 Feb 2017 16:25:48 -0800 Subject: [PATCH 08/28] Add default variables --- ansible/default-hosts/variables | 121 ++++++++++++-------------------- 1 file changed, 43 insertions(+), 78 deletions(-) diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables index c1722bf3..bc0a4146 100644 --- a/ansible/default-hosts/variables +++ b/ansible/default-hosts/variables @@ -64,109 +64,74 @@ pheidi_runnabot_tokens=${ GITHUB_ACCESS_TOKEN } [sauron:vars] [registry:vars] -registry_s3_access_key=AWS_ACCESS_KEY_ID_1 -registry_s3_secret_key=AWS_SECRET_ACCESS_KEY_1 -registry_s3_bucket=runnableimages.bear-clone -registry_s3_region=us-west-2 +registry_s3_access_key=${ AWS_ACCESS_KEY_ID_1 } +registry_s3_secret_key=${ AWS_SECRET_ACCESS_KEY_1 } +registry_s3_bucket=runnableimages.${ ENV } +registry_s3_region=${ AWS_REGION } [shiva:vars] -aws_access_key_id=AWS_ACCESS_KEY_ID_1 -aws_secret_access_key=AWS_SECRET_ACCESS_KEY_1 -shiva_consult_hostname=10.4.0.148 -shiva_aws_region=us-west-2 -shiva_dock_security_groups=sg-ec0da194 -shiva_ssh_key_name=gamma-key -shiva_aws_instance_image_id=ami-278a3447 -shiva_aws_instance_image_name=bear-clone-dock-2.0.10 +aws_access_key_id=${ AWS_ACCESS_KEY_ID_1 } +aws_secret_access_key=${ AWS_ACCESS_KEY_ID_1 } +shiva_consult_hostname=${ MAIN_HOST_IP_ADDRESS } +shiva_aws_region=${ AWS_REGION } +shiva_dock_security_groups=${ AWS_DOCK_SG } +shiva_ssh_key_name=${ AWS_SSH_KEY_NAME } +shiva_aws_instance_image_id=${ AWS_DOCK_AMI_ID } +shiva_aws_instance_image_name=${ AWS_DOCK_AMI_NAME } shiva_aws_instance_type=t2.medium -shiva_dock_pool_asg_name=bear-clone-asg-dock-pool -shiva_aws_launch_configuration_name=bear-clone-lc-2.0.10.10 -shiva_aws_auto_scaling_group_subnets=subnet-9cb197f9 +shiva_dock_pool_asg_name=${ ENV }-asg-dock-pool +shiva_aws_launch_configuration_name=${ ENV }-lc-${ AWS_LC_VERSION } +shiva_aws_auto_scaling_group_subnets=${ AWS_ASG_SUBNET } shiva_aws_auto_scaling_group_max=29 -shiva_aws_auto_scaling_group_prefix=asg-bear-clone- +shiva_aws_auto_scaling_group_prefix=asg-${ ENV }- [swarm-manager:vars] -aws_access_key=AWS_ACCESS_KEY_ID_1 -aws_secret_key=AWS_SECRET_ACCESS_KEY_1 -environment_name=bear-clone +aws_access_key=${ AWS_ACCESS_KEY_ID_1 } +aws_secret_key=${ AWS_SECRET_ACCESS_KEY_1 } +environment_name=${ ENV } [vault:vars] -vault_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af -vault_aws_access_key_id=AWS_ACCESS_KEY_ID_1 -vault_aws_secret_key=AWS_SECRET_ACCESS_KEY_1/ -# vault_aws_access_key_id=AKIAIALSDNO3WSKPWOEA -# vault_aws_secret_key=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 -vault_aws_region=us-west-2 -vault_root_token=2865193c-8abc-9ffd-74eb-23e7fc593f5b -vault_unseal_tokens={'one':'d09b3002044f8746271cb987601849faa16b90ddfdc651e89f5df111926c873001', 'two': '4c702650257794387da65d5aa0cad24d2e9fde5c06f7eb240dedcf70d08c55d602', 'three': '6db4c9d33289452fc8e25b929d5273e4285fc2eb3b05708d95cafca5496fa7b403', 'four': '41c7c6251fa23e84197cf52b968b0b288c499b119159b83b97066fa343dc645a04', 'five': '600329a6085cef93ac38f3e3ab13aa818a8987a6acab23920f215c76da3f963805'} +vault_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE } +vault_aws_access_key_id=${ AWS_ACCESS_KEY_ID_1 } +vault_aws_secret_key=${ AWS_SECRET_ACCESS_KEY_1 } +vault_aws_region=${ AWS_REGION } +vault_root_token=${ LOCAL_VAULT_ROOT_TOKEN } +vault_unseal_tokens={'one':'${ LOCAL_VAULT_TOKEN_1 }', 'two': '${ LOCAL_VAULT_TOKEN_2 }', 'three': '${ LOCAL_VAULT_TOKEN_3 }', 'four': '${ LOCAL_VAULT_TOKEN_4 }', 'five': '${ LOCAL_VAULT_TOKEN_5 }'} _vault_port=65240 _vault_ssl_port=65241 -[bear-clone:vars] -ansible_ssh_private_key_file=~/.ssh/gamma.pem +[${ ENV }:vars] +ansible_ssh_private_key_file=~/.ssh/${ PEM_KEY_NAME } bastion_sshd_port=60709 -datadog_tags=env:bear-clone +datadog_tags=env:${ ENV } datadog_mongodb_user=datadog datadog_mongodb_pwd= -domain=runnable.rocks +domain=${ DOMAIN } mongo_port=27017 -node_env=bear-clone +node_env=${ ENV } pg_user=astral -pg_pass=MgZQTuJcFZxM3aoJHtXn -pg_host=big-poppa-bear-clone.cnksgdqarobf.us-west-2.rds.amazonaws.com:32659 -rabbit_password=wKK7g7NWKpQXEeSzyWB7mIpxZIL8H2mDSf3Q6czR3Vk -rabbit_username=o2mdLh9N9Ke2GzhoK8xsruYPhIQFN7iEL44dQJoq7OM -registry_host=10.4.0.148 +pg_pass=${ POSTGRES_PASSWORD } +pg_host=${ POSTGRES_HOST }:${ POSTGRES_PORT } +rabbit_password=${ RABBIT_PASSWORD } +rabbit_username=${ RABBIT_USERNAME } +registry_host=${ MAIN_HOST_IP_ADDRESS } _registry_port=65001 _consul_api_port=65200 _consul_https_port=65201 _swarm_master_port=65250 -user_content_domain=runnable-beta.com +user_content_domain=${ USER_CONTENT_DOMAIN } max_navi_port=65000 _redis_port=65075 _redis_tls_port=65076 -api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af -vault_auth_token=f025895e-bfde-13d0-8913-0cea0c33cd4a -vault_token_01=1618e6c73c18a7b2fad20b915b62f09d46244b2a217980a93e6f12d11e4d324501 -vault_token_02=d3a0b4741e673cd93f17486478a03f78bc53c60c2345213477f1808ef339d31402 -vault_token_03=a5e9f76f14fc3de2e3e7258f5e3b943111428fdc657c3f07f9709005b00bee3d03 -vault_token_04=7a3fedd99659dfb1ca5dc7274880376f1df2d222e28dc1d008c8a3a0ba7b023404 -vault_token_05=0c76aec29cc2de8a16adaacc6e1b9c26b0e39bf2a4b4dfe38649b32bf9493f1d05 -# vault_auth_token=2865193c-8abc-9ffd-74eb-23e7fc593f5b -# vault_token_01=d09b3002044f8746271cb987601849faa16b90ddfdc651e89f5df111926c873001 -# vault_token_02=4c702650257794387da65d5aa0cad24d2e9fde5c06f7eb240dedcf70d08c55d602 -# vault_token_03=6db4c9d33289452fc8e25b929d5273e4285fc2eb3b05708d95cafca5496fa7b403 -# vault_token_04=41c7c6251fa23e84197cf52b968b0b288c499b119159b83b97066fa343dc645a04 -# vault_token_05=600329a6085cef93ac38f3e3ab13aa818a8987a6acab23920f215c76da3f963805 +api_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE } +vault_auth_token=${ REMOTE_VAULT_ROOT_TOKEN } +vault_token_01=${ REMOTE_VAULT_TOKEN_1 } +vault_token_02=${ REMOTE_VAULT_TOKEN_2 } +vault_token_03=${ REMOTE_VAULT_TOKEN_3 } +vault_token_04=${ REMOTE_VAULT_TOKEN_4 } +vault_token_05=${ REMOTE_VAULT_TOKEN_5 } github_domain=api.github.com is_github_enterprise=false github_protocol=https proxy_container_image=runnable/sticky-nginx proxy_container_image_version=v1.8.1 - -[ec2:vars] -env=bear-clone -aws_custid=437258487404 -bastion_sshd_port=60709 -region=us-west-2 -vpc_id=vpc-c53464a0 -sg_api=sg-3b0c7b5f -sg_app_services=sg-35d14052 -sg_bastion=sg-91eb81f5 -sg_consul=sg-899616ee -sg_dock=sg-577a0d33 -sg_dock_services=sg-12d14075 -sg_hipache=sg-e70c7883 -sg_mongo=sg-977a0df3 -sg_nat=sg-b595ffd1 -sg_navi=sg-45633421 -sg_rabbit=sg-44b7cb20 -sg_rds=sg-081e596c -sg_redis=sg-477b0c23 -sg_registry=sg-c8d140af -sg_userland=sg-12ce9876 -sg_web=sg-fe8bf49a - -[web:vars] -web_sift_public_key=eea9746dff -web_intercom_id=xs5g95pd From b74fc644215e83d364645095a63dc1b70cf6daef Mon Sep 17 00:00:00 2001 From: thejsj Date: Wed, 1 Feb 2017 16:39:01 -0800 Subject: [PATCH 09/28] Add ENVs in other files --- ansible/default-hosts/docks.js | 8 ++++---- ansible/default-hosts/variables | 2 +- ansible/roles/docker_client/README.md | 2 +- ansible/roles/docker_client/scripts/genClientCert.sh | 12 +++++++----- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/ansible/default-hosts/docks.js b/ansible/default-hosts/docks.js index 29526a4c..bfc13839 100755 --- a/ansible/default-hosts/docks.js +++ b/ansible/default-hosts/docks.js @@ -4,9 +4,9 @@ var aws = require('aws-sdk'); var ec2 = new aws.EC2({ - accessKeyId: 'AKIAJ3RCYU6FCULAJP2Q', - secretAccessKey: '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', - region: 'us-west-2' + accessKeyId: '${ AWS_ACCESS_KEY_ID_1 }', + secretAccessKey: '${ AWS_SECRET_ACCESS_KEY_1 }', + region: '${ AWS_REGION }' }); var params = { @@ -14,7 +14,7 @@ var params = { // Only search for docks in the cluster security group { Name: 'instance.group-id', - Values: ['sg-ec0da194'] // This script is the same for all environments + Values: ['${ AWS_DOCK_SG }'] // This script is the same for all environments }, // Only fetch instances that are tagged as docks { diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables index bc0a4146..98dd3806 100644 --- a/ansible/default-hosts/variables +++ b/ansible/default-hosts/variables @@ -24,7 +24,7 @@ big_poppa_pg_pool_max=20 [cream:vars] cream_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN } cream_stripe_secret_key=${ STRIPE_SECRET_KEY } -cream_stripe_publishable_key=${ STRIPE_SECRET_KEY } +cream_stripe_publishable_key=${ STRIPE_PUBLISHABLE_KEY } [docks:vars] docker_config=docks diff --git a/ansible/roles/docker_client/README.md b/ansible/roles/docker_client/README.md index 3b95b530..f6bf908d 100644 --- a/ansible/roles/docker_client/README.md +++ b/ansible/roles/docker_client/README.md @@ -7,7 +7,7 @@ Ansible Role to Install Docker Client Certs on Ubuntu Creating new docker client certs: 1. cd into this dir ```cd ``` 2. ensure you have ca-key.pem here `roles/docker_client/ca-key.pem` -3. run cert generator ```sudo ./scripts/genClientCert.sh ``` +3. run cert generator ```sudo ./scripts/genClientCert.sh ``` ## Author Information diff --git a/ansible/roles/docker_client/scripts/genClientCert.sh b/ansible/roles/docker_client/scripts/genClientCert.sh index 4c98ef21..b8693035 100755 --- a/ansible/roles/docker_client/scripts/genClientCert.sh +++ b/ansible/roles/docker_client/scripts/genClientCert.sh @@ -7,10 +7,12 @@ fi CLIENT=./files/certs/$1 echo 'WARN: hard coded alpha-api-old gamma-services and beta-services for SWARM' -# if [[ $2 = '' ]]; then -# echo 'script requires a client ip address' -# exit 1 -# fi +if [[ $2 = '' ]]; then + echo 'script requires a client ip address' + exit 1 +fi + +MAIN_HOST_IP_ADDRESS=$2 mkdir $CLIENT @@ -28,7 +30,7 @@ openssl req \ chmod 400 "$CLIENT/client.csr" echo extendedKeyUsage=clientAuth,serverAuth > "$CLIENT/extfile.cnf" -echo subjectAltName=IP:10.4.0.148,IP:127.0.0.1,DNS:localhost,DNS:swarm-staging-codenow.runnable-beta.com >> "$CLIENT/extfile.cnf" +echo subjectAltName=IP:${MAIN_HOST_IP_ADDRESS},IP:127.0.0.1,DNS:localhost >> "$CLIENT/extfile.cnf" # generate cert for client openssl x509 \ From 5ba8128c050418df449331c0639ec65c7a394642 Mon Sep 17 00:00:00 2001 From: thejsj Date: Wed, 1 Feb 2017 16:41:44 -0800 Subject: [PATCH 10/28] Change spacing --- ansible/default-hosts/docks.js | 8 +- ansible/default-hosts/variables | 150 ++++++++++++++++---------------- 2 files changed, 79 insertions(+), 79 deletions(-) diff --git a/ansible/default-hosts/docks.js b/ansible/default-hosts/docks.js index bfc13839..b2804306 100755 --- a/ansible/default-hosts/docks.js +++ b/ansible/default-hosts/docks.js @@ -4,9 +4,9 @@ var aws = require('aws-sdk'); var ec2 = new aws.EC2({ - accessKeyId: '${ AWS_ACCESS_KEY_ID_1 }', - secretAccessKey: '${ AWS_SECRET_ACCESS_KEY_1 }', - region: '${ AWS_REGION }' + accessKeyId: '${AWS_ACCESS_KEY_ID_1}', + secretAccessKey: '${AWS_SECRET_ACCESS_KEY_1}', + region: '${AWS_REGION}' }); var params = { @@ -14,7 +14,7 @@ var params = { // Only search for docks in the cluster security group { Name: 'instance.group-id', - Values: ['${ AWS_DOCK_SG }'] // This script is the same for all environments + Values: ['${AWS_DOCK_SG}'] // This script is the same for all environments }, // Only fetch instances that are tagged as docks { diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables index 98dd3806..74879875 100644 --- a/ansible/default-hosts/variables +++ b/ansible/default-hosts/variables @@ -1,135 +1,135 @@ [api_group:vars] -api_aws_access_key_id=${ AWS_ACCESS_KEY_ID_1 } -api_aws_secret_access_key=${ AWS_SECRET_ACCESS_KEY_1 } -api_github_client_id=${ GITHUB_CLIEND_ID } -api_github_client_secret=${ GITHUB_CLIENT_SECRET } -api_github_deploy_keys_bucket=runnable.deploykeys.${ ENV } -api_mongo_auth=${ MONGO_USERNAME }:${ MONGO_PASSWORD } -api_mongo_database=${ ENV } -api_mongo_replset_name=${ ENV }-rs0 -api_s3_context_bucket=runnable.context.resources.${ ENV } +api_aws_access_key_id=${AWS_ACCESS_KEY_ID_1} +api_aws_secret_access_key=${AWS_SECRET_ACCESS_KEY_1} +api_github_client_id=${GITHUB_CLIEND_ID} +api_github_client_secret=${GITHUB_CLIENT_SECRET} +api_github_deploy_keys_bucket=runnable.deploykeys.${ENV} +api_mongo_auth=${MONGO_USERNAME}:${MONGO_PASSWORD} +api_mongo_database=${ENV} +api_mongo_replset_name=${ENV}-rs0 +api_s3_context_bucket=runnable.context.resources.${ENV} [big-poppa:vars] -big_poppa_pg_pass=${ POSTGRES_PASSWORD } -big_poppa_pg_host=${ POSTGRES_HOST }:${ POSTGRES_PORT } -big_poppa_pg_port=${ POSTGRES_PORT } +big_poppa_pg_pass=${POSTGRES_PASSWORD} +big_poppa_pg_host=${POSTGRES_HOST}:${POSTGRES_PORT} +big_poppa_pg_port=${POSTGRES_PORT} big_poppa_pg_user=big_poppa -big_poppa_github_token=${ GITHUB_ACCESS_TOKEN } -big_poppa_mongo_auth=${ MONGO_USERNAME }:${ MONGO_PASSWORD } -big_poppa_mongo_database=${ MONGO_DATABASE_NAME } -big_poppa_mongo_replset_name=${ MONGO_DATABASE_NAME }-rs0 +big_poppa_github_token=${GITHUB_ACCESS_TOKEN} +big_poppa_mongo_auth=${MONGO_USERNAME}:${MONGO_PASSWORD} +big_poppa_mongo_database=${MONGO_DATABASE_NAME} +big_poppa_mongo_replset_name=${MONGO_DATABASE_NAME}-rs0 big_poppa_pg_pool_min=10 big_poppa_pg_pool_max=20 [cream:vars] -cream_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN } -cream_stripe_secret_key=${ STRIPE_SECRET_KEY } -cream_stripe_publishable_key=${ STRIPE_PUBLISHABLE_KEY } +cream_hello_runnable_github_token=${GITHUB_ACCESS_TOKEN} +cream_stripe_secret_key=${STRIPE_SECRET_KEY} +cream_stripe_publishable_key=${STRIPE_PUBLISHABLE_KEY} [docks:vars] docker_config=docks -docks_rollbar_key=${ ROLLBAR_TOKEN_DOCKS } +docks_rollbar_key=${ROLLBAR_TOKEN_DOCKS} [dock:vars] -docks_rollbar_key=${ ROLLBAR_TOKEN_DOCKS } +docks_rollbar_key=${ROLLBAR_TOKEN_DOCKS} [drake:vars] drake_port=80 [khronos:vars] -khronos_mongo_auth=${ MONGO_USER }:${ MONGO_PASSWORD } -khronos_mongo_database=${ MONGO_DATABASE_NAME } -khronos_mongo_replset_name=${ MONGO_DATABASE_NAME } +khronos_mongo_auth=${MONGO_USER}:${MONGO_PASSWORD} +khronos_mongo_database=${MONGO_DATABASE_NAME} +khronos_mongo_replset_name=${MONGO_DATABASE_NAME} [metis:vars] [navi:vars] -navi_cookie_secret=${ COOKIE_SECRET } +navi_cookie_secret=${COOKIE_SECRET} _navi_proxy_port=65100 _navi_proxy_ssl_port=65101 [optimus:vars] -optimus_aws_access_id=${ AWS_ACCESS_KEY_ID_1 } -optimus_aws_secret_id=${ AWS_SECRET_ACCESS_KEY_1 } -optimus_github_deploy_keys_bucket=runnable.deploykeys.${ ENV } +optimus_aws_access_id=${AWS_ACCESS_KEY_ID_1} +optimus_aws_secret_id=${AWS_SECRET_ACCESS_KEY_1} +optimus_github_deploy_keys_bucket=runnable.deploykeys.${ENV} [palantiri:vars] [pheidi:vars] -pheidi_mongo_auth=${ MONGO_USER }:${ MONGO_PASSWORD } -pheidi_mongo_database=${ MONGO_DATABASE } -pheidi_mongo_replset_name=${ MONGO_DATABASE } -pheidi_runnabot_tokens=${ GITHUB_ACCESS_TOKEN } +pheidi_mongo_auth=${MONGO_USER}:${MONGO_PASSWORD} +pheidi_mongo_database=${MONGO_DATABASE} +pheidi_mongo_replset_name=${MONGO_DATABASE} +pheidi_runnabot_tokens=${GITHUB_ACCESS_TOKEN} [sauron:vars] [registry:vars] -registry_s3_access_key=${ AWS_ACCESS_KEY_ID_1 } -registry_s3_secret_key=${ AWS_SECRET_ACCESS_KEY_1 } -registry_s3_bucket=runnableimages.${ ENV } -registry_s3_region=${ AWS_REGION } +registry_s3_access_key=${AWS_ACCESS_KEY_ID_1} +registry_s3_secret_key=${AWS_SECRET_ACCESS_KEY_1} +registry_s3_bucket=runnableimages.${ENV} +registry_s3_region=${AWS_REGION} [shiva:vars] -aws_access_key_id=${ AWS_ACCESS_KEY_ID_1 } -aws_secret_access_key=${ AWS_ACCESS_KEY_ID_1 } -shiva_consult_hostname=${ MAIN_HOST_IP_ADDRESS } -shiva_aws_region=${ AWS_REGION } -shiva_dock_security_groups=${ AWS_DOCK_SG } -shiva_ssh_key_name=${ AWS_SSH_KEY_NAME } -shiva_aws_instance_image_id=${ AWS_DOCK_AMI_ID } -shiva_aws_instance_image_name=${ AWS_DOCK_AMI_NAME } +aws_access_key_id=${AWS_ACCESS_KEY_ID_1} +aws_secret_access_key=${AWS_ACCESS_KEY_ID_1} +shiva_consult_hostname=${MAIN_HOST_IP_ADDRESS} +shiva_aws_region=${AWS_REGION} +shiva_dock_security_groups=${AWS_DOCK_SG} +shiva_ssh_key_name=${AWS_SSH_KEY_NAME} +shiva_aws_instance_image_id=${AWS_DOCK_AMI_ID} +shiva_aws_instance_image_name=${AWS_DOCK_AMI_NAME} shiva_aws_instance_type=t2.medium -shiva_dock_pool_asg_name=${ ENV }-asg-dock-pool -shiva_aws_launch_configuration_name=${ ENV }-lc-${ AWS_LC_VERSION } -shiva_aws_auto_scaling_group_subnets=${ AWS_ASG_SUBNET } +shiva_dock_pool_asg_name=${ENV}-asg-dock-pool +shiva_aws_launch_configuration_name=${ENV}-lc-${AWS_LC_VERSION} +shiva_aws_auto_scaling_group_subnets=${AWS_ASG_SUBNET} shiva_aws_auto_scaling_group_max=29 -shiva_aws_auto_scaling_group_prefix=asg-${ ENV }- +shiva_aws_auto_scaling_group_prefix=asg-${ENV}- [swarm-manager:vars] -aws_access_key=${ AWS_ACCESS_KEY_ID_1 } -aws_secret_key=${ AWS_SECRET_ACCESS_KEY_1 } -environment_name=${ ENV } +aws_access_key=${AWS_ACCESS_KEY_ID_1} +aws_secret_key=${AWS_SECRET_ACCESS_KEY_1} +environment_name=${ENV} [vault:vars] -vault_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE } -vault_aws_access_key_id=${ AWS_ACCESS_KEY_ID_1 } -vault_aws_secret_key=${ AWS_SECRET_ACCESS_KEY_1 } -vault_aws_region=${ AWS_REGION } -vault_root_token=${ LOCAL_VAULT_ROOT_TOKEN } -vault_unseal_tokens={'one':'${ LOCAL_VAULT_TOKEN_1 }', 'two': '${ LOCAL_VAULT_TOKEN_2 }', 'three': '${ LOCAL_VAULT_TOKEN_3 }', 'four': '${ LOCAL_VAULT_TOKEN_4 }', 'five': '${ LOCAL_VAULT_TOKEN_5 }'} +vault_hello_runnable_github_token=${GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE} +vault_aws_access_key_id=${AWS_ACCESS_KEY_ID_1} +vault_aws_secret_key=${AWS_SECRET_ACCESS_KEY_1} +vault_aws_region=${AWS_REGION} +vault_root_token=${LOCAL_VAULT_ROOT_TOKEN} +vault_unseal_tokens={'one':'${LOCAL_VAULT_TOKEN_1}', 'two': '${LOCAL_VAULT_TOKEN_2}', 'three': '${LOCAL_VAULT_TOKEN_3}', 'four': '${LOCAL_VAULT_TOKEN_4}', 'five': '${LOCAL_VAULT_TOKEN_5}'} _vault_port=65240 _vault_ssl_port=65241 -[${ ENV }:vars] -ansible_ssh_private_key_file=~/.ssh/${ PEM_KEY_NAME } +[${ENV}:vars] +ansible_ssh_private_key_file=~/.ssh/${PEM_KEY_NAME} bastion_sshd_port=60709 -datadog_tags=env:${ ENV } +datadog_tags=env:${ENV} datadog_mongodb_user=datadog datadog_mongodb_pwd= -domain=${ DOMAIN } +domain=${DOMAIN} mongo_port=27017 -node_env=${ ENV } +node_env=${ENV} pg_user=astral -pg_pass=${ POSTGRES_PASSWORD } -pg_host=${ POSTGRES_HOST }:${ POSTGRES_PORT } -rabbit_password=${ RABBIT_PASSWORD } -rabbit_username=${ RABBIT_USERNAME } -registry_host=${ MAIN_HOST_IP_ADDRESS } +pg_pass=${POSTGRES_PASSWORD} +pg_host=${POSTGRES_HOST}:${POSTGRES_PORT} +rabbit_password=${RABBIT_PASSWORD} +rabbit_username=${RABBIT_USERNAME} +registry_host=${MAIN_HOST_IP_ADDRESS} _registry_port=65001 _consul_api_port=65200 _consul_https_port=65201 _swarm_master_port=65250 -user_content_domain=${ USER_CONTENT_DOMAIN } +user_content_domain=${USER_CONTENT_DOMAIN} max_navi_port=65000 _redis_port=65075 _redis_tls_port=65076 -api_hello_runnable_github_token=${ GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE } -vault_auth_token=${ REMOTE_VAULT_ROOT_TOKEN } -vault_token_01=${ REMOTE_VAULT_TOKEN_1 } -vault_token_02=${ REMOTE_VAULT_TOKEN_2 } -vault_token_03=${ REMOTE_VAULT_TOKEN_3 } -vault_token_04=${ REMOTE_VAULT_TOKEN_4 } -vault_token_05=${ REMOTE_VAULT_TOKEN_5 } +api_hello_runnable_github_token=${GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE} +vault_auth_token=${REMOTE_VAULT_ROOT_TOKEN} +vault_token_01=${REMOTE_VAULT_TOKEN_1} +vault_token_02=${REMOTE_VAULT_TOKEN_2} +vault_token_03=${REMOTE_VAULT_TOKEN_3} +vault_token_04=${REMOTE_VAULT_TOKEN_4} +vault_token_05=${REMOTE_VAULT_TOKEN_5} github_domain=api.github.com is_github_enterprise=false github_protocol=https From 1ea6ff6851d06c2c41967ccd6d3ec72e9f9ae4cd Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Wed, 1 Feb 2017 16:46:34 -0800 Subject: [PATCH 11/28] Add >65000 port for deployment --- ansible/delta-hosts/variables | 2 +- ansible/gamma-hosts/variables | 1 - ansible/group_vars/alpha-agreeable-egret.yml | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index 29bb4db3..419a86a1 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -1,5 +1,5 @@ [agreeable-egret:vars] -agreeable_egret_port=80 +agreeable_egret_port=65520 agreeable_egret_api_url=https://api.runnable.io [api_group:vars] diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index b58cb05c..535e73a3 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -1,6 +1,5 @@ [agreeable-egret:vars] agreeable_egret_port=80 -agreeable_egret_api_url=https://api.runnable-gamma.com [api_group:vars] api_aws_access_key_id=AKIAIDC4WVMTCGV7KRVQ diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index c571a79d..4222c2a3 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -22,5 +22,5 @@ container_envs: > container_run_opts: > -h {{ name }} -d - -P + -p {{ hosted_ports[0] }}:{{ hosted_ports[0] }} {{ container_envs }} From 080d7bc587da227af34f9d6e0732a3f00841b134 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Wed, 1 Feb 2017 18:07:26 -0800 Subject: [PATCH 12/28] Container Kill Start --- ansible/agreeable-egret.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/agreeable-egret.yml b/ansible/agreeable-egret.yml index a3ec7d26..7c3ab7af 100644 --- a/ansible/agreeable-egret.yml +++ b/ansible/agreeable-egret.yml @@ -7,4 +7,4 @@ - role: notify tags: [ notify ] - { role: builder, tags: [build] } - - { role: container_start } + - { role: container_kill_start } From ac326a90ee77c75535ac72ac1537f17371a50d7f Mon Sep 17 00:00:00 2001 From: thejsj Date: Thu, 2 Feb 2017 11:11:00 -0800 Subject: [PATCH 13/28] Remove variable for IP address and change it with hosts --- ansible/bear-clone-hosts/variables | 1 - ansible/default-hosts/variables | 1 - ansible/group_vars/alpha-metis.yml | 2 +- ansible/group_vars/alpha-shiva.yml | 4 ++-- ansible/roles/base_ubuntu/tasks/main.yml | 2 +- ansible/roles/consul-services/tasks/main.yml | 2 +- ansible/roles/runnable-domain-proxy/templates/registry.tmpl | 6 +++--- 7 files changed, 8 insertions(+), 10 deletions(-) diff --git a/ansible/bear-clone-hosts/variables b/ansible/bear-clone-hosts/variables index fb4502eb..46252f44 100644 --- a/ansible/bear-clone-hosts/variables +++ b/ansible/bear-clone-hosts/variables @@ -117,7 +117,6 @@ pg_pass=MgZQTuJcFZxM3aoJHtXn pg_host=big-poppa-bear-clone.cnksgdqarobf.us-west-2.rds.amazonaws.com:32659 rabbit_password=wKK7g7NWKpQXEeSzyWB7mIpxZIL8H2mDSf3Q6czR3Vk rabbit_username=o2mdLh9N9Ke2GzhoK8xsruYPhIQFN7iEL44dQJoq7OM -registry_host=10.4.0.148 _registry_port=65001 _consul_api_port=65200 _consul_https_port=65201 diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables index 74879875..15ce6255 100644 --- a/ansible/default-hosts/variables +++ b/ansible/default-hosts/variables @@ -114,7 +114,6 @@ pg_pass=${POSTGRES_PASSWORD} pg_host=${POSTGRES_HOST}:${POSTGRES_PORT} rabbit_password=${RABBIT_PASSWORD} rabbit_username=${RABBIT_USERNAME} -registry_host=${MAIN_HOST_IP_ADDRESS} _registry_port=65001 _consul_api_port=65200 _consul_https_port=65201 diff --git a/ansible/group_vars/alpha-metis.yml b/ansible/group_vars/alpha-metis.yml index fe371c36..a0a4761f 100644 --- a/ansible/group_vars/alpha-metis.yml +++ b/ansible/group_vars/alpha-metis.yml @@ -27,7 +27,7 @@ container_envs: > -e REDIS_CACERT={{ redis_ca_cert_path }} -e REDIS_HOST={{ redis_host_address }} -e REDIS_PORT={{ redis_tls_port }} - -e REGISTRY_HOST={{ registry_host }} + -e REGISTRY_HOST={{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }} -e ROLLBAR_KEY={{ metis_rollbar_key }} -e DOCKER_PORT={{ docker_port }} diff --git a/ansible/group_vars/alpha-shiva.yml b/ansible/group_vars/alpha-shiva.yml index 24f3daa5..244d5b39 100644 --- a/ansible/group_vars/alpha-shiva.yml +++ b/ansible/group_vars/alpha-shiva.yml @@ -24,10 +24,10 @@ container_envs: > -e REDIS_CACERT={{ redis_ca_cert_path }} -e REDIS_PORT={{ redis_tls_port }} -e REDIS_IPADDRESS={{ redis_host_address }} - -e REGISTRY_HOST={{ registry_host }} + -e REGISTRY_HOST={{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }} {% if shiva_rollbar_token is defined %} -e ROLLBAR_KEY={{ shiva_rollbar_token }} {% endif %} -e DOCKER_PORT={{ docker_port }} - {% if shiva_consult_hostname is defined %} -e CONSUL_HOSTNAME={{ shiva_consult_hostname }} {% endif %} + {% if shiva_consult_hostname is defined %} -e CONSUL_HOSTNAME={{ hostvars[groups['dock'][0]]['ansible_default_ipv4']['address'] }} {% endif %} {% if shiva_aws_region is defined %} -e AWS_REGION={{ shiva_aws_region }} {% endif %} {% if shiva_dock_security_groups is defined %} -e AWS_DOCK_SECURITY_GROUPS={{ shiva_dock_security_groups }} {% endif %} {% if shiva_ssh_key_name is defined %} -e AWS_SSH_KEY_NAME={{ shiva_ssh_key_name }} {% endif %} diff --git a/ansible/roles/base_ubuntu/tasks/main.yml b/ansible/roles/base_ubuntu/tasks/main.yml index ee624a85..33f5ba32 100644 --- a/ansible/roles/base_ubuntu/tasks/main.yml +++ b/ansible/roles/base_ubuntu/tasks/main.yml @@ -4,6 +4,6 @@ when: dock is not defined lineinfile: dest=/etc/hosts - line="{{ registry_host }} registry.runnable.com" + line="{{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }} registry.runnable.com" state=present regexp=".+ registry\.runnable\.com" diff --git a/ansible/roles/consul-services/tasks/main.yml b/ansible/roles/consul-services/tasks/main.yml index 26458199..dc76654b 100644 --- a/ansible/roles/consul-services/tasks/main.yml +++ b/ansible/roles/consul-services/tasks/main.yml @@ -29,7 +29,7 @@ tags: ['master'] port: '{{ redis_port }}' - name: 'registry' - host_address: '{{ registry_host }}' + host_address: "{{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }}" tags: ['master'] port: '{{ registry_port }}' diff --git a/ansible/roles/runnable-domain-proxy/templates/registry.tmpl b/ansible/roles/runnable-domain-proxy/templates/registry.tmpl index c0500a16..769850b8 100644 --- a/ansible/roles/runnable-domain-proxy/templates/registry.tmpl +++ b/ansible/roles/runnable-domain-proxy/templates/registry.tmpl @@ -1,5 +1,5 @@ upstream docker-registry { - server {{ registry_host }}:{{ registry_port }}; + server {{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }}:{{ registry_port }}; } server { @@ -13,7 +13,7 @@ server { location / { auth_basic off; - proxy_pass http://{{ registry_host }}:{{ registry_port }}; + proxy_pass http://{{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }}:{{ registry_port }}; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP } @@ -25,7 +25,7 @@ server { return 404; } - proxy_pass http://{{ registry_host }}:{{ registry_port }}; + proxy_pass http://{{ hostvars[groups['registry'][0]]['ansible_default_ipv4']['address'] }}:{{ registry_port }}; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 4c6ea19d6fd218ee9c2d67b4742cdd2bd35867e6 Mon Sep 17 00:00:00 2001 From: thejsj Date: Thu, 2 Feb 2017 12:48:24 -0800 Subject: [PATCH 14/28] Fix vars --- ansible/default-hosts/variables | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables index 15ce6255..a5128c5d 100644 --- a/ansible/default-hosts/variables +++ b/ansible/default-hosts/variables @@ -16,8 +16,8 @@ big_poppa_pg_port=${POSTGRES_PORT} big_poppa_pg_user=big_poppa big_poppa_github_token=${GITHUB_ACCESS_TOKEN} big_poppa_mongo_auth=${MONGO_USERNAME}:${MONGO_PASSWORD} -big_poppa_mongo_database=${MONGO_DATABASE_NAME} -big_poppa_mongo_replset_name=${MONGO_DATABASE_NAME}-rs0 +big_poppa_mongo_database=${MONGO_DATABASE} +big_poppa_mongo_replset_name=${MONGO_DATABASE}-rs0 big_poppa_pg_pool_min=10 big_poppa_pg_pool_max=20 @@ -38,8 +38,8 @@ drake_port=80 [khronos:vars] khronos_mongo_auth=${MONGO_USER}:${MONGO_PASSWORD} -khronos_mongo_database=${MONGO_DATABASE_NAME} -khronos_mongo_replset_name=${MONGO_DATABASE_NAME} +khronos_mongo_database=${MONGO_DATABASE} +khronos_mongo_replset_name=${MONGO_DATABASE} [metis:vars] @@ -72,7 +72,6 @@ registry_s3_region=${AWS_REGION} [shiva:vars] aws_access_key_id=${AWS_ACCESS_KEY_ID_1} aws_secret_access_key=${AWS_ACCESS_KEY_ID_1} -shiva_consult_hostname=${MAIN_HOST_IP_ADDRESS} shiva_aws_region=${AWS_REGION} shiva_dock_security_groups=${AWS_DOCK_SG} shiva_ssh_key_name=${AWS_SSH_KEY_NAME} @@ -101,7 +100,6 @@ _vault_port=65240 _vault_ssl_port=65241 [${ENV}:vars] -ansible_ssh_private_key_file=~/.ssh/${PEM_KEY_NAME} bastion_sshd_port=60709 datadog_tags=env:${ENV} datadog_mongodb_user=datadog From 4add3a7bd6fa06f66b0a95318ce7bf86476303ae Mon Sep 17 00:00:00 2001 From: thejsj Date: Fri, 3 Feb 2017 10:56:04 -0800 Subject: [PATCH 15/28] Add values to consul --- ansible/group_vars/alpha-consul.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/group_vars/alpha-consul.yml b/ansible/group_vars/alpha-consul.yml index b94c19c5..2a9e2c18 100644 --- a/ansible/group_vars/alpha-consul.yml +++ b/ansible/group_vars/alpha-consul.yml @@ -40,3 +40,7 @@ consul_seed: value: "{{ api_hostname }}" - key: api/url value: "{{ api_url }}" + - key: s3/bucket + value: "{{ registry_s3_bucket }}" + - key: s3/region + value: "{{ registry_s3_region }}" From 0b1cf470d61aab37e28a15155c0603dbc2f94a9c Mon Sep 17 00:00:00 2001 From: thejsj Date: Fri, 3 Feb 2017 10:56:51 -0800 Subject: [PATCH 16/28] Add rol for lets encrypt --- .../alpha-lets-encrypt-certs-generation.yml | 19 ++++++++++ ansible/lets-encrypt-certs-generation.yml | 11 ++++++ .../tasks/main.yml | 35 +++++++++++++++++++ .../templates/default | 13 +++++++ .../templates/proxy-nginx.conf | 29 +++++++++++++++ 5 files changed, 107 insertions(+) create mode 100644 ansible/group_vars/alpha-lets-encrypt-certs-generation.yml create mode 100644 ansible/lets-encrypt-certs-generation.yml create mode 100644 ansible/roles/lets-encrypt-certs-generation/tasks/main.yml create mode 100644 ansible/roles/lets-encrypt-certs-generation/templates/default create mode 100644 ansible/roles/lets-encrypt-certs-generation/templates/proxy-nginx.conf diff --git a/ansible/group_vars/alpha-lets-encrypt-certs-generation.yml b/ansible/group_vars/alpha-lets-encrypt-certs-generation.yml new file mode 100644 index 00000000..69ea09ba --- /dev/null +++ b/ansible/group_vars/alpha-lets-encrypt-certs-generation.yml @@ -0,0 +1,19 @@ +--- +name: nginx + +# used by consul template updater +target_container_name: nginx +target_updater_file_path: /etc/nginx/sites-enabled + +# used by container_kill_start +container_image: "{{ name }}" +container_tag: "1.10" + +restart_policy: always + +container_run_opts: > + -d + --name {{ name }} + -p 0.0.0.0:443:443 + -p 0.0.0.0:80:80 + -v /etc/ssl/certs/{{ domain }}:/etc/ssl/certs/{{ domain }}:ro diff --git a/ansible/lets-encrypt-certs-generation.yml b/ansible/lets-encrypt-certs-generation.yml new file mode 100644 index 00000000..eef0fe09 --- /dev/null +++ b/ansible/lets-encrypt-certs-generation.yml @@ -0,0 +1,11 @@ +--- +- hosts: userland + vars_files: + - group_vars/alpha-lets-encrypt-certs-generation.yml + roles: + - role: datadog + has_dd_integration: yes + + - role: lets-encrypt-certs-generation + + - role: container_kill_start diff --git a/ansible/roles/lets-encrypt-certs-generation/tasks/main.yml b/ansible/roles/lets-encrypt-certs-generation/tasks/main.yml new file mode 100644 index 00000000..7357ebd5 --- /dev/null +++ b/ansible/roles/lets-encrypt-certs-generation/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: make sure cert directory is in place + tags: [ configure_proxy, certs ] + become: true + file: + dest: /etc/ssl/certs/{{ domain }} + state: directory + +- name: make sure nginx directory is in place + tags: [ configure_proxy, configure_files ] + become: true + file: + dest: /etc/nginx + state: directory + +- name: put nginx configuration in place + tags: [ configure_proxy, configure_files ] + become: yes + template: + src: proxy-nginx.conf + dest: /etc/nginx/nginx.conf + +- name: assert nginx sites-enabled directory + tags: [ configure_proxy, configure_files ] + become: yes + file: + state: directory + dest: /etc/nginx/sites-enabled + +- name: put lets-encrypt conf in place + tags: [ configure_proxy, configure_files ] + become: yes + template: + src: lets-encrypt.tmpl + dest: /etc/nginx/sites-enabled/lets-encrypt.conf diff --git a/ansible/roles/lets-encrypt-certs-generation/templates/default b/ansible/roles/lets-encrypt-certs-generation/templates/default new file mode 100644 index 00000000..61d40e80 --- /dev/null +++ b/ansible/roles/lets-encrypt-certs-generation/templates/default @@ -0,0 +1,13 @@ +server { + listen [::]:80 default_server; + server_name {{ domain }} *.{{ domain }}; + root /var/www/html; + + location ~ /.well-known { + allow all; + } + + location /test/ { + return 200 "Its alive"; + } +} diff --git a/ansible/roles/lets-encrypt-certs-generation/templates/proxy-nginx.conf b/ansible/roles/lets-encrypt-certs-generation/templates/proxy-nginx.conf new file mode 100644 index 00000000..dc663d03 --- /dev/null +++ b/ansible/roles/lets-encrypt-certs-generation/templates/proxy-nginx.conf @@ -0,0 +1,29 @@ +user www-data; +worker_processes 4; +pid /run/nginx.pid; + +events { + worker_connections 5000; +} + +http { + ## + # Basic Settings + ## + tcp_nodelay on; + keepalive_timeout 65; + server_tokens off; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/sites-enabled/*; +} From 3003d8233a3b26d60a22a0e89923bb627e8d023a Mon Sep 17 00:00:00 2001 From: thejsj Date: Fri, 3 Feb 2017 10:57:41 -0800 Subject: [PATCH 17/28] Split up single-host into parts --- ansible/single-host-part-1-setup.yml | 4 +++ ansible/single-host-part-1.yml | 3 ++ ansible/single-host-part-2.yml | 6 ++++ ansible/single-host-part-3.yml | 28 +++++++++++++++ ansible/single-host.yml | 52 ++-------------------------- 5 files changed, 44 insertions(+), 49 deletions(-) create mode 100644 ansible/single-host-part-1-setup.yml create mode 100644 ansible/single-host-part-1.yml create mode 100644 ansible/single-host-part-2.yml create mode 100644 ansible/single-host-part-3.yml diff --git a/ansible/single-host-part-1-setup.yml b/ansible/single-host-part-1-setup.yml new file mode 100644 index 00000000..d088bc78 --- /dev/null +++ b/ansible/single-host-part-1-setup.yml @@ -0,0 +1,4 @@ +# Initial values (Only run the first time) +- include: consul-values.yml -e write_values="true" # Only run the first time +- include: consul-services.yml # Only run the first time +- include: vault-values.yml -e write_values="true" diff --git a/ansible/single-host-part-1.yml b/ansible/single-host-part-1.yml new file mode 100644 index 00000000..cf21cd4e --- /dev/null +++ b/ansible/single-host-part-1.yml @@ -0,0 +1,3 @@ +## Service Discovery: +- include: consul.yml +- include: vault.yml diff --git a/ansible/single-host-part-2.yml b/ansible/single-host-part-2.yml new file mode 100644 index 00000000..e8b1a51f --- /dev/null +++ b/ansible/single-host-part-2.yml @@ -0,0 +1,6 @@ +# Databases +- include: mongo.yml +- include: rabbitmq.yml +- include: redis.yml +- include: redis-tls.yml # Only used by navi and shiva +- include: registry.yml diff --git a/ansible/single-host-part-3.yml b/ansible/single-host-part-3.yml new file mode 100644 index 00000000..69ff80b5 --- /dev/null +++ b/ansible/single-host-part-3.yml @@ -0,0 +1,28 @@ +# Docks Services +- include: swarm-manager.yml +- include: palantiri.yml git_branch="{{ palantiri_branch }}" -t deploy +- include: sauron.yml git_branch="{{ sauron_branch }}" -t deploy +- include: shiva.yml git_branch="{{ astral_branch }}" -t deploy +- include: khronos.yml git_branch="{{ khronos_branch }}" -t deploy +- include: docker-listener.yml git_branch="{{ docker_listener_branch }}" -t deploy + +## Proxies +- include: registrator-api.yml # Only one of these is neededi, so registrator-navi is not needed +- include: single-host-proxy.yml # API depends on NGINX to be running +- include: github-varnish.yml git_branch="{{ github_varnish_branch }}" -t deploy + +# Main +- include: big-poppa.yml git_branch="{{ big_poppa_branch }}" -t deploy +- include: api.yml git_branch="{{ api_branch }}" -t deploy +- include: cream.yml git_branch="{{ cream_branch }}" -t deploy # CREAM fails if big-poppa or API is down +- include: web.yml git_branch="{{ angular_branch }}" -t deploy # fucked + +# Networking services +- include: detention.yml git_branch="{{ detention_branch }}" -t deploy +- include: link.yml git_branch="{{ link_branch }}" -t deploy +- include: navi.yml git_branch="{{ navi_branch }}" -t deploy # Connects to Redis over tls port + +# Other +- include: optimus.yml git_branch="{{ optimus_branch }}" -t deploy +- include: drake.yml git_branch="{{ drake_branch }}" -t deploy +- include: pheidi.yml git_branch="{{ pheidi_branch }}" -t deploy diff --git a/ansible/single-host.yml b/ansible/single-host.yml index 1888688c..351eabb0 100644 --- a/ansible/single-host.yml +++ b/ansible/single-host.yml @@ -1,49 +1,3 @@ -## configure security group policy -- include: sg_configure.yml - -## Install Datadog Agent -# - include: datadog.yml - -## begin with databases: -- include: consul.yml -- include: vault.yml - -# Initial values (Only run the first time) -- include: consul-values.yml -e write_values="true" # Only run the first time -- include: consul-services.yml # Only run the first time -- include: vault-values.yml -e write_values="true" - -# Databases -- include: rabbitmq.yml -- include: redis.yml -- include: redis-tls.yml # Only used by navi and shiva -- include: registry.yml - -# Docks Services -- include: swarm-manager.yml -- include: palantiri.yml git_branch="{{ palantiri_branch }}" -t deploy -- include: sauron.yml git_branch="{{ sauron_branch }}" -t deploy -- include: shiva.yml git_branch="{{ astral_branch }}" -t deploy -- include: khronos.yml git_branch="{{ khronos_branch }}" -t deploy -- include: docker-listener.yml git_branch="{{ docker_listener_branch }}" -t deploy - -## Proxies -- include: registrator-api.yml # Only one of these is neededi, so registrator-navi is not needed -- include: single-host-proxy.yml # API depends on NGINX to be running -- include: github-varnish.yml git_branch="{{ github_varnish_branch }}" -t deploy - -# Main -- include: big-poppa.yml git_branch="{{ big_poppa_branch }}" -t deploy -- include: api.yml git_branch="{{ api_branch }}" -t deploy -- include: cream.yml git_branch="{{ cream_branch }}" -t deploy # CREAM fails if big-poppa or API is down -- include: web.yml git_branch="{{ angular_branch }}" -t deploy # fucked - -# Networking services -- include: detention.yml git_branch="{{ detention_branch }}" -t deploy -- include: link.yml git_branch="{{ link_branch }}" -t deploy -- include: navi.yml git_branch="{{ navi_branch }}" -t deploy # Connects to Redis over tls port - -# Other -- include: optimus.yml git_branch="{{ optimus_branch }}" -t deploy -- include: drake.yml git_branch="{{ drake_branch }}" -t deploy -- include: pheidi.yml git_branch="{{ pheidi_branch }}" -t deploy +- include: single-host-part-1.yml +- include: single-host-part-2.yml +- include: single-host-part-3.yml From 5479329f801a0fc01638e70d4fe88753ea2fc23f Mon Sep 17 00:00:00 2001 From: Anandkumar Patel Date: Fri, 3 Feb 2017 17:23:23 -0800 Subject: [PATCH 18/28] Fix osx removal of deamon (#592) * do not use deamon anymore * fix killing --- ansible/roles/local-vault/handlers/main.yml | 2 +- ansible/roles/local-vault/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/local-vault/handlers/main.yml b/ansible/roles/local-vault/handlers/main.yml index 572ad76c..7c055ec5 100644 --- a/ansible/roles/local-vault/handlers/main.yml +++ b/ansible/roles/local-vault/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: stop vault local_action: - shell kill $(cat /tmp/vault.pid) + shell kill $(ps aux | grep "vault server" | grep -v grep | cut -d' ' -f3) - name: remove vault config local_action: diff --git a/ansible/roles/local-vault/tasks/main.yml b/ansible/roles/local-vault/tasks/main.yml index 1afb3dce..29befa21 100644 --- a/ansible/roles/local-vault/tasks/main.yml +++ b/ansible/roles/local-vault/tasks/main.yml @@ -11,13 +11,13 @@ - name: start vault daemon run_once: true local_action: - command daemon --pidfile=/tmp/vault.pid -- vault server --config=/tmp/vault.hcl + shell vault server --config=/tmp/vault.hcl > /tmp/log 2>&1 & notify: - stop vault - name: pause for start pause: - seconds: 1 + seconds: 5 - name: check vault seal tags: [ unseal ] From cc87ba3755b2411419b9cc81d5e7c9eb8178eaae Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Mon, 6 Feb 2017 11:23:52 -0800 Subject: [PATCH 19/28] Added postgres connect strings --- ansible/delta-hosts/variables | 1 + ansible/gamma-hosts/variables | 4 +++- ansible/group_vars/alpha-agreeable-egret.yml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index 419a86a1..c308b35d 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -1,6 +1,7 @@ [agreeable-egret:vars] agreeable_egret_port=65520 agreeable_egret_api_url=https://api.runnable.io +egret_postgres_connect_string=postgres://egret:wwHQ5B4RfY9iKS3m@delta-big-poppa.cnksgdqarobf.us-west-2.rds.amazonaws.com/egret [api_group:vars] api_aws_access_key_id=AKIAJWSSSJYUXKNW2ZDA diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index 535e73a3..1e2856fd 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -1,5 +1,7 @@ [agreeable-egret:vars] -agreeable_egret_port=80 +agreeable_egret_port=65520 +agreeable_egret_api_url=https://api.runnable.io +egret_postgres_connect_string=postgres://egret:b3UKjxbGblKZtG6c@gamma-big-poppa.cnksgdqarobf.us-west-2.rds.amazonaws.com:32659/egret [api_group:vars] api_aws_access_key_id=AKIAIDC4WVMTCGV7KRVQ diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index 4222c2a3..5ad981a1 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -18,6 +18,7 @@ container_envs: > -e RUNNABLE_API_URL={{ agreeable_egret_api_url }} -e PORT={{ hosted_ports[0] }} -e RUNNABLE_USER_CONTENT_DOMAIN={{ user_content_domain }} + -e POSTGRES_CONNECT_STRING={{ egret_postgres_connect_string }} container_run_opts: > -h {{ name }} From c6f9fdda5148a1fd23e43cfabbce303b83ce0ef0 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Mon, 6 Feb 2017 13:28:33 -0800 Subject: [PATCH 20/28] PR comments --- ansible/agreeable-egret.yml | 4 ++-- ansible/delta-hosts/hosts | 2 +- ansible/delta-hosts/variables | 7 +++++-- ansible/gamma-hosts/hosts | 2 +- ansible/gamma-hosts/variables | 7 +++++-- ansible/group_vars/alpha-agreeable-egret.yml | 4 ++-- 6 files changed, 16 insertions(+), 10 deletions(-) diff --git a/ansible/agreeable-egret.yml b/ansible/agreeable-egret.yml index 7c3ab7af..126b4ff8 100644 --- a/ansible/agreeable-egret.yml +++ b/ansible/agreeable-egret.yml @@ -6,5 +6,5 @@ roles: - role: notify tags: [ notify ] - - { role: builder, tags: [build] } - - { role: container_kill_start } + - { role: builder, tags: [build] } + - { role: container_kill_start } diff --git a/ansible/delta-hosts/hosts b/ansible/delta-hosts/hosts index ea1ce794..36d63e0e 100644 --- a/ansible/delta-hosts/hosts +++ b/ansible/delta-hosts/hosts @@ -141,6 +141,7 @@ delta-app-services delta-prometheus [delta:children] +agreeable-egret api arithmancy bastion @@ -152,7 +153,6 @@ dock docker-listener docks drake -agreeable-egret eru github-varnish hipache diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index c308b35d..d17d690b 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -1,7 +1,10 @@ [agreeable-egret:vars] agreeable_egret_port=65520 -agreeable_egret_api_url=https://api.runnable.io -egret_postgres_connect_string=postgres://egret:wwHQ5B4RfY9iKS3m@delta-big-poppa.cnksgdqarobf.us-west-2.rds.amazonaws.com/egret +egret_pg_host=delta-big-poppa.cnksgdqarobf.us-west-2.rds.amazonaws.com +egret_pg_port=5432 +egret_pg_user=egret +egret_pg_pass=wwHQ5B4RfY9iKS3m +egret_pg_database=egret [api_group:vars] api_aws_access_key_id=AKIAJWSSSJYUXKNW2ZDA diff --git a/ansible/gamma-hosts/hosts b/ansible/gamma-hosts/hosts index 66f361c1..f30216cf 100644 --- a/ansible/gamma-hosts/hosts +++ b/ansible/gamma-hosts/hosts @@ -131,6 +131,7 @@ gamma-app-services gamma-dock-services [gamma:children] +agreeable-egret api arithmancy bastion @@ -143,7 +144,6 @@ dock docker-listener docks drake -agreeable-egret eru github-varnish hipache diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index 1e2856fd..e2e4b8ba 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -1,7 +1,10 @@ [agreeable-egret:vars] agreeable_egret_port=65520 -agreeable_egret_api_url=https://api.runnable.io -egret_postgres_connect_string=postgres://egret:b3UKjxbGblKZtG6c@gamma-big-poppa.cnksgdqarobf.us-west-2.rds.amazonaws.com:32659/egret +egret_pg_host=gamma-big-poppa.cnksgdqarobf.us-west-2.rds.amazonaws.com:32659 +egret_pg_port=32659 +egret_pg_user=egret +egret_pg_pass=b3UKjxbGblKZtG6c +egret_pg_database=egret [api_group:vars] api_aws_access_key_id=AKIAIDC4WVMTCGV7KRVQ diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index 5ad981a1..a7a84a68 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -15,10 +15,10 @@ is_redis_update_required: 'yes' container_envs: > -e HELLO_RUNNABLE_GITHUB_TOKEN={{ api_hello_runnable_github_token }} -e NODE_ENV={{ node_env }} - -e RUNNABLE_API_URL={{ agreeable_egret_api_url }} + -e RUNNABLE_API_URL={{ api_url }} -e PORT={{ hosted_ports[0] }} -e RUNNABLE_USER_CONTENT_DOMAIN={{ user_content_domain }} - -e POSTGRES_CONNECT_STRING={{ egret_postgres_connect_string }} + -e POSTGRES_CONNECT_STRING=-postgres://{{ egret_pg_user }}:{{ egret_pg_pass }}@{{ egret_pg_host }}/{{ egret_pg_database }} container_run_opts: > -h {{ name }} From 6c2a9814f12b1c5fb7b641a9ed93cc4ef873906c Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Mon, 6 Feb 2017 13:38:07 -0800 Subject: [PATCH 21/28] Remove '-' --- ansible/group_vars/alpha-agreeable-egret.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/group_vars/alpha-agreeable-egret.yml b/ansible/group_vars/alpha-agreeable-egret.yml index a7a84a68..5cf08169 100644 --- a/ansible/group_vars/alpha-agreeable-egret.yml +++ b/ansible/group_vars/alpha-agreeable-egret.yml @@ -18,7 +18,7 @@ container_envs: > -e RUNNABLE_API_URL={{ api_url }} -e PORT={{ hosted_ports[0] }} -e RUNNABLE_USER_CONTENT_DOMAIN={{ user_content_domain }} - -e POSTGRES_CONNECT_STRING=-postgres://{{ egret_pg_user }}:{{ egret_pg_pass }}@{{ egret_pg_host }}/{{ egret_pg_database }} + -e POSTGRES_CONNECT_STRING=postgres://{{ egret_pg_user }}:{{ egret_pg_pass }}@{{ egret_pg_host }}/{{ egret_pg_database }} container_run_opts: > -h {{ name }} From 76e67490d7fc4b6e5932a7eb4355914c32e4f2f9 Mon Sep 17 00:00:00 2001 From: Henry Mollman Date: Mon, 6 Feb 2017 15:35:16 -0800 Subject: [PATCH 22/28] Tags --- ansible/agreeable-egret.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ansible/agreeable-egret.yml b/ansible/agreeable-egret.yml index 126b4ff8..db0f5215 100644 --- a/ansible/agreeable-egret.yml +++ b/ansible/agreeable-egret.yml @@ -6,5 +6,6 @@ roles: - role: notify tags: [ notify ] - - { role: builder, tags: [build] } - - { role: container_kill_start } + - role: builder + tags: [ build ] + - role: container_kill_start From a1e5efd7cb3107f28154edb60cf708a8f7dfd5b3 Mon Sep 17 00:00:00 2001 From: Anton Podviaznikov Date: Thu, 23 Feb 2017 17:00:06 -0800 Subject: [PATCH 23/28] change version (#604) --- ansible/roles/dock-images/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/dock-images/tasks/main.yml b/ansible/roles/dock-images/tasks/main.yml index 1c284621..6a75f343 100644 --- a/ansible/roles/dock-images/tasks/main.yml +++ b/ansible/roles/dock-images/tasks/main.yml @@ -17,7 +17,7 @@ become: true command: docker pull {{ item }} with_items: - - "registry.runnable.com/runnable/image-builder:v4.2.3" + - "registry.runnable.com/runnable/image-builder:v4.3.0" - "swarm:1.2.5" - "registry:2.3.1" - "google/cadvisor:v0.24.1" From cfa5ceeaadee0211684f0e70d6ddb8af84a68554 Mon Sep 17 00:00:00 2001 From: Anandkumar Patel Date: Mon, 27 Feb 2017 15:08:22 -0800 Subject: [PATCH 24/28] remove epsilon (#605) --- ansible/epsilon-hosts/docks.js | 75 ------------- ansible/epsilon-hosts/hosts | 160 --------------------------- ansible/epsilon-hosts/variables | 155 -------------------------- ansible/group_vars/alpha-khronos.yml | 8 +- ansible/group_vars/alpha-pheidi.yml | 6 +- 5 files changed, 6 insertions(+), 398 deletions(-) delete mode 100755 ansible/epsilon-hosts/docks.js delete mode 100644 ansible/epsilon-hosts/hosts delete mode 100644 ansible/epsilon-hosts/variables diff --git a/ansible/epsilon-hosts/docks.js b/ansible/epsilon-hosts/docks.js deleted file mode 100755 index 4049befa..00000000 --- a/ansible/epsilon-hosts/docks.js +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env node - -'use strict'; - -var aws = require('aws-sdk'); -var ec2 = new aws.EC2({ - accessKeyId: 'AKIAJ3RCYU6FCULAJP2Q', - secretAccessKey: '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', - region: 'us-west-2' -}); - -var params = { - Filters: [ - // Only search for docks in the cluster security group - { - Name: 'instance.group-id', - Values: ['sg-3322e454'] - }, - // Only fetch instances that are tagged as docks - { - Name: 'tag:role', - Values: ['dock'] - }, - // Only fetch running instances - { - Name: 'instance-state-name', - Values: ['running'] - } - ] -}; - -ec2.describeInstances(params, function (err, data) { - if (err) { - console.error("An error occurred: ", err); - process.exit(1); - } - - // Get a set of instances from the describe response - var instances = []; - data.Reservations.forEach(function (res) { - res.Instances.forEach(function (instance) { - instances.push(instance); - }); - }); - - // Map the instances to their private ip addresses - // NOTE This will work locally because of the wilcard ssh proxy in the config - var hosts = instances.map(function (instance) { - return instance.PrivateIpAddress; - }); - - var hostVars = {}; - instances.forEach(function (instance) { - for (var i = 0; i < instance.Tags.length; i++) { - if (instance.Tags[i].Key === 'org') { - hostVars[instance.PrivateIpAddress] = { - host_tags: instance.Tags[i].Value + ',build,run' - }; - } - } - }); - - // Output the resulting JSON - // NOTE http://docs.ansible.com/ansible/developing_inventory.html - console.log(JSON.stringify( - { - docks: { - hosts: hosts - }, - _meta : { - hostvars : hostVars - } - } - )); -}); diff --git a/ansible/epsilon-hosts/hosts b/ansible/epsilon-hosts/hosts deleted file mode 100644 index a427f748..00000000 --- a/ansible/epsilon-hosts/hosts +++ /dev/null @@ -1,160 +0,0 @@ -[bastion] -epsilon-bastion - -[hipache] -epsilon-hipache httpsCheckForBackend80=false prependIncomingPort=true subDomainDepth=4 - -[userland] -epsilon-userland - -[mongodb] -epsilon-mongo - -[api_group:children] -worker -api -socket-server - -[api] -epsilon-api - -[big-poppa] -epsilon-app-services - -[cream] -epsilon-app-services - -[consul] -epsilon-consul-a -epsilon-consul-b -epsilon-consul-c - -[docker-listener] -epsilon-dock-services - -[vault] -epsilon-consul-a -epsilon-consul-b -epsilon-consul-c - -[worker] -epsilon-api-worker - -[socket-server] -epsilon-api-socket - -[socket-server-proxy] -epsilon-api-socket-proxy - -[docks] - -[dock] - -[eru] -epsilon-app-services - -[navi] -epsilon-navi - -[mongo-navi] -epsilon-navi - -[link] -epsilon-navi - -[charon] -epsilon-app-services - -[khronos] -epsilon-dock-services - -[optimus] -epsilon-dock-services - -[detention] -epsilon-app-services - -[palantiri] -epsilon-dock-services - -[rabbitmq] -epsilon-rabbit - -[web] -epsilon-app-services - -[redis] -epsilon-redis - -[shiva] -epsilon-app-services - -[registry] -epsilon-registry - -[sauron] -epsilon-dock-services - -[swarm-manager] -epsilon-dock-services - -[metis] -epsilon-app-services - -[drake] -epsilon-app-services - -[pheidi] -epsilon-app-services - -[github-varnish] -epsilon-app-services - -[arithmancy] -epsilon-app-services - -[prometheus] -epsilon-prometheus - -[epsilon:children] -api -arithmancy -bastion -big-poppa -charon -consul -cream -dock -docker-listener -docks -drake -eru -github-varnish -hipache -khronos -metis -mongodb -navi -optimus -rabbitmq -redis -pheidi -prometheus -registry -sauron -shiva -socket-server -socket-server-proxy -swarm-manager -userland -web -worker - -[local] -127.0.0.1 - -[ec2] -local - -[targets] -localhost ansible_connection=local bastion_name=epsilon-bastion diff --git a/ansible/epsilon-hosts/variables b/ansible/epsilon-hosts/variables deleted file mode 100644 index cb56f934..00000000 --- a/ansible/epsilon-hosts/variables +++ /dev/null @@ -1,155 +0,0 @@ -[api_group:vars] -api_aws_access_key_id=AKIAIDC4WVMTCGV7KRVQ -api_aws_secret_access_key=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 -api_github_client_id=baa5c868b6d17d7ae002 -api_github_client_secret=ad4f8527ae98d7eea15a32ee5abbead5c9a25abc -api_github_deploy_keys_bucket=runnable.deploykeys.production-beta -api_mixpanel_app_id=c41affa4b08818443365c526cbb51606 -api_mongo_auth=api:3f5210b8-8fe3-11e5-8e62-07b6eff19ecb -api_mongo_database=epsilon -api_mongo_replset_name=epsilon-rs0 -api_rollbar_key=a90d9c262c7c48cfabbd32fd0a1bc61c -api_workers_rollbar_key=3edfe8fe4fd640ae9fdbbe08fcb9f121 -api_s3_context_bucket=runnable.context.resources.production-beta - -[big-poppa:vars] -big_poppa_pg_pass= -big_poppa_pg_host= -big_poppa_github_token=e11a1264130fb62ce045bf03118bf123f980c205 -big_poppa_http_rollbar_token=1f1eeea0b1334aaeb50fb7bc4a43241a -big_poppa_worker_rollbar_token=98cabb8440024e3a8242cf3220b802c9 - -[cream:vars] -cream_hello_runnable_github_token=798fd0b696df96cf088de249918bf52f71058553 -cream_http_rollbar_token=baa03dbd9f814d14ab0c99863ed6a4fb -cream_worker_rollbar_token=87924b881c3143968cdb059fe41acbc3 -cream_intercom_key=219f46abfc3dce8c9b029d0d799dc1727dce318a -cream_intercom_id=xs5g95pd -cream_stripe_secret_key=sk_test_4De8Zdkfcyb29swkMmjZUMRh -cream_stripe_publishable_key=pk_test_sHr5tQaPtgwiE2cpW6dQkzi8 - -[docks:vars] -docker_config=docks -docks_rollbar_key=d1af6567ed0f464fb1d676f38fd31751 - -[dock:vars] -docks_rollbar_key=d1af6567ed0f464fb1d676f38fd31751 - -[drake:vars] -drake_port=80 -drake_http_rollbar_token=52ad749ddb8e47b2a8e15312b6b300fb -drake_worker_rollbar_token=14152b8572034943b714da27ca607698 - -[eru:vars] -eru_subdomain=eru -eru_github_id=1834e6be0811db20d219 -eru_github_secret=dda712ce9bdb92cd9187b14c0897319e90dd5462 -eru_aws_access_key_id=AKIAIFCVEISSC5JMPWDA -eru_aws_secret_access_key=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 -eru_aws_environment=epsilon -eru_mongodb_database=epsilon -eru_mongodb_password=success-nan-europium-rerun-sheep -eru_mongodb_username=eru -eru_mongodb_replset= - -[khronos:vars] -khronos_mongo_auth=api:3f5210b8-8fe3-11e5-8e62-07b6eff19ecb -khronos_mongo_database=epsilon -khronos_mongo_replset_name=epsilon - -[metis:vars] -metis_rollbar_key=fdc8565a7ce64c6d9432c34be425937c - -[navi:vars] -navi_cookie_secret=e6911c10e7e611e597309a79f06e9478 - -[optimus:vars] -optimus_aws_access_id=AKIAJPA2ZYSVVA5V7XXQ -optimus_aws_secret_id=5V70AUxfIyHeLvlYZe0xaYevDAdgTOWOn5G7nHlt -optimus_github_deploy_keys_bucket=runnable.deploykeys.production-beta - -[palantiri:vars] -palantiri_rollbar_key=f675e9090d6f483ca4e742af2c7f2f83 - -[pheidi:vars] -pheidi_intercom_id=xs5g95pd -pheidi_intercom_key=ro-9367eb0eb11542323371dcf25b8e260891f89b36 -pheidi_mongo_auth=api:3f5210b8-8fe3-11e5-8e62-07b6eff19ecb -pheidi_mongo_database=epsilon -pheidi_mongo_replset_name=epsilon -pheidi_runnabot_tokens=ff3d259c5d988badbb692cc400998e46cdd5f1fc - -[sauron:vars] -sauron_rollbar_key=83157ae2d50d4b6398e404c0b9978d26 - -[registry:vars] -registry_s3_access_key=AKIAJK5EN7W6E62A3C3Q -registry_s3_bucket=runnableimages.beta -registry_s3_secret_key=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 -registry_s3_region=us-east-1 - -[shiva:vars] -aws_access_key_id=AKIAJ3RCYU6FCULAJP2Q -aws_secret_access_key=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 - -[swarm-manager:vars] -aws_access_key=AKIAIB5W3E6HR6Q52HEQ -aws_secret_key=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 -environment_name=epsilon - -[vault:vars] -vault_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af -vault_aws_access_key_id=AKIAJ7R4UIM45KH2WGWQ -vault_aws_secret_key=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 -vault_aws_region=us-east-1 - -[epsilon:vars] -ansible_ssh_private_key_file=~/.ssh/epsilon.pem -api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af -bastion_sshd_port=60519 -datadog_mongodb_pwd=sqa3WBgkCgZsFZuex0kBNahZ -datadog_mongodb_user=datadog -datadog_tags=env:epsilon -domain=runnable-beta.com -github_domain=api.github.com -github_protocol=https -is_github_enterprise=false -mongo_port=27017 -node_env=production-epsilon -pg_host=gamma-infrastructure-db.cnksgdqarobf.us-west-2.rds.amazonaws.com -pg_pass=e9G7zYRCxYmxG9HQ8J9x2BDB -rabbit_password=wKK7g7NWKpQXEeSzyWB7mIpxZIL8H2mDSf3Q6czR3Vk -rabbit_username=o2mdLh9N9Ke2GzhoK8xsruYPhIQFN7iEL44dQJoq7OM -registry_host=10.12.12.99 -user_content_domain=runnablecloud.com -vault_auth_token=6f5dddd1-dea2-472d-03b0-51e7fe8ea8de -vault_token_01=5b58b93e4cbb550d2bebe3324018c978bc89b11ba0a8a4a1430319ab8938dd1802 -vault_token_02=e334c5c53dc979476e1fb27c91dd8f7b0b5f708b876d829ee0ec54d0cba3de9e03 -vault_token_03=8e8918bee9fe08f5558450bceeab71326da91b60a24aed41f6ae7eebb35fe2e204 - -[ec2:vars] -env=epsilon -aws_custid=437258487404 -bastion_sshd_port=60519 -region=us-west-2 -sg_api="sg-c839ffaf" -sg_app_services="sg-307aec57" -sg_bastion="sg-1525e372" -sg_consul="sg-b050f7d7" -sg_dock="sg-3322e454" -sg_dock_services="sg-b87aecdf" -sg_hipache="sg-0822e46f" -sg_mongo="sg-ec22e48b" -sg_nat="sg-c7dd1aa0" -sg_navi="sg-4423e523" -sg_rabbit="sg-ef23e588" -sg_rds="sg-da23e5bd" -sg_redis="sg-b923e5de" -sg_registry="sg-a16ef8c6" -sg_userland="sg-8f20e6e8" -sg_web="sg-cb20e6ac" -vpc_id="vpc-cdb2a3a8" - -[web:vars] -web_intercom_id=xs5g95pd -web_sift_public_key=eea9746dff diff --git a/ansible/group_vars/alpha-khronos.yml b/ansible/group_vars/alpha-khronos.yml index 3179b976..6bace92d 100644 --- a/ansible/group_vars/alpha-khronos.yml +++ b/ansible/group_vars/alpha-khronos.yml @@ -58,11 +58,9 @@ container_envs: > -e INTERCOM_API_KEY={{ khronos_intercom_api_key | default('undefined') }} -e INTERCOM_APP_ID={{ khronos_intercom_app_id | default('undefined') }} -e KHRONOS_MONGO=mongodb://{{ khronos_mongo_auth }}@{{ mongo_hosts }}/{{ khronos_mongo_database }} - {% if node_env != "production-epsilon" %} - -e MONGO_CACERT=/opt/ssl/mongo-client/ca.pem - -e MONGO_CERT=/opt/ssl/mongo-client/cert.pem - -e MONGO_KEY=/opt/ssl/mongo-client/key.pem - {% endif %} + -e MONGO_CACERT=/opt/ssl/mongo-client/ca.pem + -e MONGO_CERT=/opt/ssl/mongo-client/cert.pem + -e MONGO_KEY=/opt/ssl/mongo-client/key.pem -e NODE_ENV={{ node_env }} -e RABBITMQ_HOSTNAME={{ rabbit_host_address }} -e RABBITMQ_PASSWORD={{ rabbit_password }} diff --git a/ansible/group_vars/alpha-pheidi.yml b/ansible/group_vars/alpha-pheidi.yml index f2db8a8e..8b8f95e7 100644 --- a/ansible/group_vars/alpha-pheidi.yml +++ b/ansible/group_vars/alpha-pheidi.yml @@ -30,9 +30,9 @@ container_envs: > -e LOGGLY_TOKEN="{{ loggly_token }}" -e MONGO=mongodb://{{ pheidi_mongo_auth }}@{{ mongo_hosts }}/{{ pheidi_mongo_database }} -e MONGO_REPLSET_NAME={{ pheidi_mongo_replset_name }} - {% if node_env != "production-epsilon" %} -e MONGO_CACERT=/opt/ssl/mongo-client/ca.pem {% endif %} - {% if node_env != "production-epsilon" %} -e MONGO_CERT=/opt/ssl/mongo-client/cert.pem {% endif %} - {% if node_env != "production-epsilon" %} -e MONGO_KEY=/opt/ssl/mongo-client/key.pem {% endif %} + -e MONGO_CACERT=/opt/ssl/mongo-client/ca.pem + -e MONGO_CERT=/opt/ssl/mongo-client/cert.pem + -e MONGO_KEY=/opt/ssl/mongo-client/key.pem -e NODE_ENV="{{ node_env }}" -e RABBITMQ_HOSTNAME="{{ rabbit_host_address }}" -e RABBITMQ_PASSWORD="{{ rabbit_password }}" From e6450f43e1c415bf81d5136188d83440ef2ed7d3 Mon Sep 17 00:00:00 2001 From: thejsj Date: Wed, 1 Mar 2017 13:56:01 -0800 Subject: [PATCH 25/28] Add bucket region for web --- ansible/delta-hosts/variables | 1 + ansible/group_vars/alpha-web.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index d17d690b..11d5d1ea 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -202,3 +202,4 @@ vpc_id=vpc-864c6be3 [web:vars] web_intercom_id=wqzm3rju web_sift_public_key=27e9da5c97 +web_aws_bucket_region=us-west-2 diff --git a/ansible/group_vars/alpha-web.yml b/ansible/group_vars/alpha-web.yml index 9282aafe..d076d944 100644 --- a/ansible/group_vars/alpha-web.yml +++ b/ansible/group_vars/alpha-web.yml @@ -14,6 +14,7 @@ dockerfile_enviroment: [ "MIXPANEL_PROXY_URL {{ mixpanel_proxy_url }}", "AWS_ACCESS_KEY {{ aws_access_key }}", "AWS_BUCKET app.{{ domain }}", + "AWS_REGION {{ web_aws_bucket_region | default('us-standard') }}", "AWS_SECRET_KEY {{ aws_secret_key }}", "INTERCOM_APP_ID {{ web_intercom_id }}", "MARKETING_URL {{ marketing_url }}", From 945f25548076a2989393c2caa8c0f749bc87f398 Mon Sep 17 00:00:00 2001 From: Myztiq Date: Thu, 2 Mar 2017 15:04:10 -0800 Subject: [PATCH 26/28] Updated deploy bucket for marketing. --- ansible/delta-hosts/variables | 1 + ansible/gamma-hosts/variables | 1 + ansible/group_vars/alpha-marketing.yml | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index 11d5d1ea..395d3e09 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -174,6 +174,7 @@ vault_auth_token=578c9767-5af8-8490-0954-5d330f27b088 vault_token_01=0d324dc7d4cbd94790fd08809d06fb1e28e21e185910081c7646e3e49924f6ed01 vault_token_02=42dc8a69df174e77eb47a63b6ef4709bec57101cb1bff11a71c91b73b8bc046102 vault_token_03=47f3cb74f5374fa3c51c90fd25e3d4cc851034de97584995fce5fc5382342f1f03 +marketing_bucket=runnable.com [ec2:vars] aws_custid=437258487404 diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index e2e4b8ba..cd288675 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -154,6 +154,7 @@ vault_auth_token=f9a39e92-99f3-66a0-a27d-a6e07717d30d vault_token_01=2c0be2adf99931bc9ed443000e87bbcd0ef096dddc79f6add97ebe8fa7e93d2c05 vault_token_02=3489b87c913058740537bbbd4503f3720d74f7cb0f4e0c30a9436e1e52a18d7003 vault_token_03=ac4e1e9800cbf77283298d08172a2f0e46d0b7cbc457c47788d04768af12584a02 +marketing_bucket=runnable-gamma.com [ec2:vars] aws_custid=437258487404 diff --git a/ansible/group_vars/alpha-marketing.yml b/ansible/group_vars/alpha-marketing.yml index 94e57d3b..cb8808c3 100644 --- a/ansible/group_vars/alpha-marketing.yml +++ b/ansible/group_vars/alpha-marketing.yml @@ -12,7 +12,7 @@ dockerfile_enviroment: [ "AWS_ACCESS_KEY {{ aws_access_key }}", "AWS_SECRET_KEY {{ aws_secret_key }}", "ANGULAR_URL {{ angular_url }}", - "AWS_BUCKET {{ domain }}", + "AWS_BUCKET {{ marketing_bucket }}", "NODE_ENV {{ node_env }}" ] From 6bbbeafa47fd9cc0fcf3452145ad160cdcdf7aa4 Mon Sep 17 00:00:00 2001 From: Myztiq Date: Thu, 2 Mar 2017 16:01:52 -0800 Subject: [PATCH 27/28] Added marketing deploy keys --- ansible/delta-hosts/hosts | 3 +++ ansible/delta-hosts/variables | 6 +++++- ansible/gamma-hosts/hosts | 3 +++ ansible/gamma-hosts/variables | 6 +++++- ansible/group_vars/alpha-marketing.yml | 5 +++-- ansible/marketing.yml | 2 +- 6 files changed, 20 insertions(+), 5 deletions(-) diff --git a/ansible/delta-hosts/hosts b/ansible/delta-hosts/hosts index 36d63e0e..92536b47 100644 --- a/ansible/delta-hosts/hosts +++ b/ansible/delta-hosts/hosts @@ -95,6 +95,9 @@ delta-rabbit [web] delta-app-services +[marketing] +delta-app-services + [metabase] delta-metabase diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index 395d3e09..cc6d2ebe 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -148,6 +148,11 @@ vault_aws_access_key_id=AKIAJ7R4UIM45KH2WGWQ vault_aws_secret_key=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 vault_aws_region=us-east-1 +[marketing:vars] +marketing_bucket=runnable.com +marketing_aws_access_key=AKIAIPPPY2JIOHX7QVCA +marketing_aws_secret_key=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 + [delta:vars] ansible_ssh_private_key_file=~/.ssh/delta.pem api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af @@ -174,7 +179,6 @@ vault_auth_token=578c9767-5af8-8490-0954-5d330f27b088 vault_token_01=0d324dc7d4cbd94790fd08809d06fb1e28e21e185910081c7646e3e49924f6ed01 vault_token_02=42dc8a69df174e77eb47a63b6ef4709bec57101cb1bff11a71c91b73b8bc046102 vault_token_03=47f3cb74f5374fa3c51c90fd25e3d4cc851034de97584995fce5fc5382342f1f03 -marketing_bucket=runnable.com [ec2:vars] aws_custid=437258487404 diff --git a/ansible/gamma-hosts/hosts b/ansible/gamma-hosts/hosts index f30216cf..7feb4a76 100644 --- a/ansible/gamma-hosts/hosts +++ b/ansible/gamma-hosts/hosts @@ -84,6 +84,9 @@ gamma-rabbit [web] gamma-app-services +[marketing] +gamma-app-services + [redis] gamma-redis diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index cd288675..2179f833 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -130,6 +130,11 @@ vault_aws_access_key_id=AKIAJ7R4UIM45KH2WGWQ vault_aws_secret_key=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 vault_aws_region=us-east-1 +[marketing:vars] +marketing_bucket=runnable-gamma.com +marketing_aws_access_key=AKIAICIWKIZEQCMDXLEA +marketing_aws_secret_key=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 + [gamma:vars] ansible_ssh_private_key_file=~/.ssh/gamma.pem api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af @@ -154,7 +159,6 @@ vault_auth_token=f9a39e92-99f3-66a0-a27d-a6e07717d30d vault_token_01=2c0be2adf99931bc9ed443000e87bbcd0ef096dddc79f6add97ebe8fa7e93d2c05 vault_token_02=3489b87c913058740537bbbd4503f3720d74f7cb0f4e0c30a9436e1e52a18d7003 vault_token_03=ac4e1e9800cbf77283298d08172a2f0e46d0b7cbc457c47788d04768af12584a02 -marketing_bucket=runnable-gamma.com [ec2:vars] aws_custid=437258487404 diff --git a/ansible/group_vars/alpha-marketing.yml b/ansible/group_vars/alpha-marketing.yml index cb8808c3..a97aadca 100644 --- a/ansible/group_vars/alpha-marketing.yml +++ b/ansible/group_vars/alpha-marketing.yml @@ -9,10 +9,11 @@ do_not_push: yes dockerfile_enviroment: [ "API_URL https://{{ api_hostname }}", - "AWS_ACCESS_KEY {{ aws_access_key }}", - "AWS_SECRET_KEY {{ aws_secret_key }}", + "AWS_ACCESS_KEY {{ marketing_aws_access_key }}", + "AWS_SECRET_KEY {{ marketing_aws_secret_key }}", "ANGULAR_URL {{ angular_url }}", "AWS_BUCKET {{ marketing_bucket }}", + "AWS_REGION {{ web_aws_bucket_region | default('us-standard') }}", "NODE_ENV {{ node_env }}" ] diff --git a/ansible/marketing.yml b/ansible/marketing.yml index 3403b7d2..64a8a07b 100644 --- a/ansible/marketing.yml +++ b/ansible/marketing.yml @@ -1,5 +1,5 @@ --- -- hosts: web +- hosts: marketing vars_files: - "group_vars/alpha-marketing.yml" roles: From 4708bc36b31bced18c48bd485be24196d046b77c Mon Sep 17 00:00:00 2001 From: thejsj Date: Fri, 3 Mar 2017 17:44:24 -0800 Subject: [PATCH 28/28] Change region name --- ansible/group_vars/alpha-web.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/group_vars/alpha-web.yml b/ansible/group_vars/alpha-web.yml index d076d944..c34e4f72 100644 --- a/ansible/group_vars/alpha-web.yml +++ b/ansible/group_vars/alpha-web.yml @@ -14,7 +14,7 @@ dockerfile_enviroment: [ "MIXPANEL_PROXY_URL {{ mixpanel_proxy_url }}", "AWS_ACCESS_KEY {{ aws_access_key }}", "AWS_BUCKET app.{{ domain }}", - "AWS_REGION {{ web_aws_bucket_region | default('us-standard') }}", + "AWS_REGION {{ web_aws_bucket_region | default('us-east-1') }}", "AWS_SECRET_KEY {{ aws_secret_key }}", "INTERCOM_APP_ID {{ web_intercom_id }}", "MARKETING_URL {{ marketing_url }}",