diff options
| -rw-r--r-- | README.mdwn | 30 | ||||
| -rw-r--r-- | database/packer_template.json | 9 | ||||
| -rw-r--r-- | database/user_config.yml | 13 |
3 files changed, 37 insertions, 15 deletions
diff --git a/README.mdwn b/README.mdwn index 747160b4..7cd0600e 100644 --- a/README.mdwn +++ b/README.mdwn @@ -57,32 +57,36 @@ To deploy a development instance: To deploy this system to production: packer build -only=production database/packer_template.json - nova create \ - --flavor 2 --image 'database-mariadb' \ - --key-name=<your-keypair> database-mariadb + nova boot \ + --flavor dc1.1x1 --image 'database-mariadb' \ + --key-name=<your-keypair> database-mariadb \ + --nic='net-id=d079fa3e-2558-4bcb-ad5a-279040c202b5,v4-fixed-ip=192.168.222.30' nova volume-create \ --display-name database-volume \ --display-description 'Database volume' \ - 10G + 10 nova volume-attach database-mariadb <volume ID> auto nova floating-ip-associate database-mariadb <some floating IP> # Set up the volume inside the machine - ansible <IP> --user=fedora --sudo -m shell \ + echo <IP> > dbhost + ansible \* -i dbhost --user=fedora --sudo -m shell \ -a "mkfs.ext4 /dev/vdb -L database-volume" - ansible <IP> --user=fedora --sudo -m lineinfile \ + ansible \* -i dbhost --user=fedora --sudo -m lineinfile \ -a "dest=/etc/fstab create=yes line='LABEL=database-volume /var/lib/mysql ext4 defaults 1 2'" + ansible \* -i dbhost --user=fedora --sudo -m shell \ + -a "mount -a" # FIXME: here we start the service before setting the root password!!!! - ansible <IP> --user=fedora --sudo -m service \ + ansible \* -i dbhost --user=fedora --sudo -m service \ -a "name=mariadb enabled=true state=started" - # edit 'hosts' line of database/user_accounts.yml to point to the server's IP - ansible-playbook database/user_accounts.yml + ansible-playbook -i dbhost --user=fedora database/user_config.yml nova floating-ip-disassociate database-mariadb <some floating IP> + OpenID provider --------------- @@ -102,9 +106,13 @@ To deploy this system to production: # the 'database' machine. packer build -only=production database/packer_template.json nova boot openid_provider + --flavor dc1.1x1 --image 'baserock_openid_provider' \ + --key-name=<your-keypair> openid.baserock.org \ + --nic='net-id=d079fa3e-2558-4bcb-ad5a-279040c202b5' + +Now you need to SSH into the system (via the frontend system perhaps) and run +the database migrations, before the app will work: - # Now you need to SSH into the system (via the frontend system perhaps) - # and run the database migrations, before the app will work: python /srv/baserock_openid_provider/manage.py migrate diff --git a/database/packer_template.json b/database/packer_template.json index 0e65a435..c82726b7 100644 --- a/database/packer_template.json +++ b/database/packer_template.json @@ -31,6 +31,15 @@ }, { "type": "shell", + "inline": [ + "sudo yum install -y libselinux-python", + "sudo ansible localhost -m selinux -a state=disabled", + "sudo setenforce 0", + ], + "only": ["production"] + }, + { + "type": "shell", "inline": [ "sync; sync; sleep 10; sync" ], "only": ["production"] } diff --git a/database/user_config.yml b/database/user_config.yml index 069b66d1..0318222a 100644 --- a/database/user_config.yml +++ b/database/user_config.yml @@ -10,10 +10,11 @@ # You should then remove the floating IP from the instance (you can re-add one # any time you want to remotely administer the database). --- -- hosts: localhost +- hosts: all vars_files: - root.database_password.yml - baserock_openid_provider.database_password.yml + - baserock_storyboard.database_password.yml tasks: - name: configuring the root database user mysql_user: | @@ -33,13 +34,14 @@ - name: adding databases mysql_db: | - name={{ item.name }} + name={{ item }} state=present login_host=127.0.0.1 login_user=root login_password={{ root_password }} with_items: - - { name: baserock_openid_provider } + - openid_provider + - storyboard # We could probably restrict the privileges of these users further... # @@ -60,4 +62,7 @@ with_items: - name: openid password: "{{ baserock_openid_provider_password }}" - priv: baserock_openid_provider.*:ALL; + priv: openid_provider.*:ALL + - name: storyboard + password: "{{ baserock_storyboard_password }}" + priv: storyboard.*:ALL |