Ns web vm deployment

[kennethgillen]

Deployment of https://trello.com/c/vxPG2L3a/714-new-nightshade-web-vm

Configuration in management tools at https://github.com/openmicroscopy/management_tools/pull/352

Still in development

[kennethgillen]

This version run yesterday to provision ns-web-vm.

LS27172:nightshade-web kenny$ echorun ansible-playbook -l ns-web.openmicroscopy.org -i ~/Forks/management_tools/ansible/inventory/prod-hosts --ask-become-pass playbook.yml | tee ns-web-provision_$(date -u +"%Y%m%d-%H%M%SZ").log

Run:
ns-web-provision_20170329-150136Z.txt

Run (after removing yum exclusions for check-mk):
ns-web-provision_20170329-152200Z.txt

[kennethgillen]

This version run a few minutes ago, installing SSL config and certificate.

LS27172:nightshade-web kenny$ echorun ansible-playbook --diff -l ns-web.openmicroscopy.org -i ~/Forks/management_tools/ansible/inventory/prod-hosts --ask-become-pass --ask-vault-pass playbook.yml | tee ns-web-p
rovision_$(date -u +"%Y%m%d-%H%M%SZ").txt
# Fri  7 Apr 2017 16:41:23 BST:  ansible-playbook --diff -l ns-web.openmicroscopy.org -i /Users/kenny/Forks/management_tools/ansible/inventory/prod-hosts --ask-become-pass --ask-vault-pass playbook.yml

Dependent config in private repo https://github.com/openmicroscopy/management_tools/pull/352

ns-web-provision_20170407-154123Z.txt

https://ns-web.openmicroscopy.org/webgateway/img_detail/3933597/

[kennethgillen]

(temporary) manual configuration of ns-web performed installs the web-extensions to bring ns-web to feature parity with Nightshade. Server ready for testing. Not added to the playbook, as it's changes that won't be necessary with 5.3.0. Can be added later if required.

[kennethgillen]

Now added the 'manual' install steps for figure and webtagging, as mentioned in #255 (comment), as I want to use the Ansible to push more config settings, so require it to continue to work.

[manics]

The omero-common role already includes a set of useful handlers, you should be able to use that instead of redefining one here.

[kennethgillen]

👍 - I didn't realise I could use things defined 'underneath' the playbook when I wrote that. From programming, I wouldn't have expected global scope for defined functions like that. I subsequently used e.g. the 'restart systemd' handler too, so you can see I learned, but didn't strip the original nginx one from the playbook.

[manics]

Do you need the fancy formatting provided by |2+? Will just plain | do?

[kennethgillen]

I couldn't make it work any other way, so leaving it as 'this works'. Other options failed completely with errors, or didn't give the indenting in the destination. I am pretty new to YAML and the whitespace significance, though.

[manics]

Does this directory need to be writeable by the web user? And similarly for the tasks below.

[kennethgillen]

Not sure, but this works, and it's how it's set up elsewhere. If you've another suggestion, happy to hear it.

[manics]

Make it owned by root unless you have reason to believe OMERO.web needs write access to its code.

[kennethgillen]

Let's try it.

[manics]

Does this need to be writeable by web?

[kennethgillen]

Set now to root:root.

[manics]

Can you use the handler from omero-common restart omero-web instead of the one embedded in the omero-web role which was intended for internal use by the role?

[kennethgillen]

¯_(ツ)_/¯ I just grep -R restart * and found this in use elsewhere and having learned it's possible to re-use them, I used it. I can try.

[kennethgillen]

Yep, seems to work

changed: [infra-testpr.openmicroscopy.org]

RUNNING HANDLER [openmicroscopy.omero-common : restart omero-web] **************
changed: [infra-testpr.openmicroscopy.org]

PLAY RECAP *********************************************************************
infra-testpr.openmicroscopy.org : ok=3    changed=2    unreachable=0    failed=0

[manics]

Minor point: there's no significant templated variables in here, so it could be a plain file (task copy instead of a template)

[kennethgillen]

👍 will consider it for next time.

[kennethgillen]

Current 7003b1e successfully working on infra-testpr, figure generation and tagsearch both AOK.

PLAY RECAP *********************************************************************
infra-testpr.openmicroscopy.org : ok=65   changed=37   unreachable=0    failed=0

[manics]

A couple of non-blocker comments. Looks good to me.

[manics]

with_dict looks a bit weird here, though I haven't seen the actual variable.

[kennethgillen]

@manics - see https://dantehranian.wordpress.com/2015/07/24/managing-secrets-with-ansible-vault-the-missing-guide-part-1-of-2/ - it's exactly like this example.

[manics]

OK, looks overly complicated since the owner/group/mode don't vary

[manics]

For full reproducibility you should use the versioned zip https://downloads.openmicroscopy.org/figure/1.2.1/figure-1.2.1.zip since you've got creates: "{{ omero_web_extensionsdir }}/figure-{{omero_web_extensions_figure_ver}}" below

[manics]

Remember to add versions once these have been tagged.

[joshmoore]

👍 see workaround in ome/pydoop-features@fec18e1 until we have tags being properly pushed to galaxy again (ansible/galaxy-issues#252)

[manics]

Alternatively since you've got git installed on the machine that's running Ansible you can just add version: X.X.X, e.g. IDR/deployment@d74d7c3
The main advantage of ome/pydoop-features@fec18e1 is you don't need to install git.

[kennethgillen]

ns-web reset to 'post provision' snapshot, and redeployed this playbook at current version, combined with private config at 11901be

ns-web-provision_20170412-173859Z.txt
ns-web-provision_20170412-171603Z.txt

[kennethgillen]

re-ran with updated 'total cores' math (matching private config https://github.com/openmicroscopy/management_tools/pull/352/commits/9292f47b294acb09d6e043fe626ae45237357113)

ns-web-provision_20170413-101658Z.txt

PLAY RECAP *********************************************************************
ns-web.openmicroscopy.org  : ok=59   changed=4    unreachable=0    failed=0