This repository contain all the ansible required to fully install OpenMRS community machines.
All commands assume you are in the ansible directory.
- ansible 2.10.3 installed on the same machine the repo is cloned to. That's a pretty old ansible, so an older python (3.10) is advisable.
- Install git-crypt and run
git-crypt unlock.- If you are not part of git-crypt by any reason, you'll need to retrieve the vault password file from LP or ask to be added in git-crypt.
- Install
pip install passlib(needed to create a jira user on OSX) - [Optional] Install latest Vagrant and virtualbox (if you want to run tests locally)
# Download all roles/modules (needs to be done every time there's a commit to a role)
$ ansible-galaxy install -p roles -r requirements.yml --force
In order to run ansible for any machine, you need to know which inventory they belong to. The tiers docs can explain our support tiers, as well as their expectations
# Run main ansible playbook in a single testing machine (e.g. narok)
$ ansible-playbook -vv -i inventories/prod-tier4 --limit narok.openmrs.org site.yml
# Run ansible in all machines in tier 4
$ ansible-playbook -vv -i inventories/prod-tier4 site.yml
# if you do not have your PGP key in our repo to unlock the .vault_pass file, you can get it from the LastPass folder and interactively enter it.
$ ansible-playbook -vv -i inventories/prod-tier4 --limit narok.openmrs.org site.yml --ask-vault-pass
# Adding or removing DNS entries to letsencrypt (example: narok)
# after changing the host_vars
$ ansible-playbook -vv -i inventories/prod-tier4 --limit narok.openmrs.org remove-certs.yml
$ ansible-playbook -vv -i inventories/prod-tier4 --limit narok.openmrs.org --tags tls,web,docker site.yml
$ ansible-vault edit --vault-password-file .vault_pass /path/to/encrypted/file
Instead of deploying ansible to another machine, it's possible to use vagrant VM instead:
# see status of all VMs
$ vagrant status
# starting soe (base) VM
$ vagrant up soe
# rerunning ansible and serverspec tests
$ vagrant provision soe
# ssh into the VM
$ vagrant ssh soe
# stop the VM
$ vagrant halt soe
# destroy the VM
$ vagrant destroy soe
Ansible is a tool to run playbooks for machines of a certain inventory. Each machine
in an inventory can belong to several different groups. You can configure global variables
(an special group called all), per group or per host. Some of these configuration files
are encrypted using ansible-vault, and the shared key for vault is encrypted using git-crypt
and can be opened using private GPG keys previously added to the key ring.
Ansible will run over SSH, you your SSH needs to be working to the target machines.
Please note that instead of forking roles into their own repos, we are keeping files in custom_roles.
That makes it simpler to modify them without requiring multiple repositories and coordination.
-
site.yml: default playbook, used to install everything
-
remove-certs.yml: playbook used to clean letsencrypt certificate and regenerate it (note: it stops nginx)
-
remove-users.yml: playbook used to delete old users and home folders
-
group_vars : variables and configuration per group
-
host_vars: variables and configuration per host
-
inventories : machine definitions (groups per machine)
-
tasks: tasks used in playbooks
-
roles: external roles/modules downloaded by
galaxy -
custom_roles: modules we ended up forking or creating ourselves
-
requirements.txt: roles to be downloaded by
galaxyinto roles folder -
ansible.cfg: ansible configuration file
-
Vagrantfile: VM definition to test VMs locally
-
spec: test files called from vagrant VM