Get the IDR playbooks working smoothly with multiple deployments

ansible/README-os-idr.md

@@ -10,84 +10,67 @@ Most of these scripts should also work on other platforms, providing the VM is b
 The guest must be running CentOS 7.
 
 
-Guide for the Impatient
------------------------
+Openstack: Creation of instances, volumes and security groups
+-------------------------------------------------------------
 
-Setup your OpenStack environment variables, and run:
+[Setup your OpenStack environment variables](http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html), edit the variables in `os-idr-playbooks/os-idr-create-example.yml` (especially `idr_vm_keyname` and `idr_environment`), then run:
 
-    ansible-playbook -i inventory -e omero_vm_name=FOO -e omero_vm_key_name=YOUR_KEY os-idr-uod.yml
+    ansible-playbook os-idr-playbooks/os-idr-create-example.yml
 
 
-`os-idr-playbooks/os-omero.yml`
--------------------------------
-
-This is the Ansible playbook that will be run to setup OMERO.
-You can also run it manually to install OMERO on localhost.
-
-
-`os-idr-playbooks/os-create.yml`
---------------------------------
+Openstack: Installing the IDR
+-----------------------------
 
-This playbook will connect to OpenStack and spin up a VM.
-The Ansible modules in this playbook require the `shade` Python module.
+Find the floating IP of the proxy/bastion server.
+Set `BASTION_IP` to the IP, and `IDR_ENVIRONMENT` to match the value from above.
+Run:
 
-Before running the playbook you must [setup your OpenStack environment variables](http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html).
-You can override variables at the command line, for example (note double quoting is necessary if spaces are present):
+    BASTION_IP=10.0.0.0
+    IDR_ENVIRONMENT=idr
+    ansible-playbook \
+        -i inventory/openstack-private.py \
+        -u centos \
+        -e idr_environment=$IDR_ENVIRONMENT \
+        -e idr_nginx_ssl_self_signed=True \
+        -e ansible_ssh_common_args="'-o ProxyCommand=\\\"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -q centos@$BASTION_IP\\\" -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'" \
+        idr-playbooks/os-idr-volumes.yml \
+        idr-playbooks/idr-dundee-nfs.yml \
+        idr-playbooks/idr-ebi-nfs.yml \
+        idr-playbooks/idr.yml \
+        idr-playbooks/idr-docker.yml
 
-    ansible-playbook os-idr-playbooks/os-create.yml -e omero_vm_name=FOO \
-        -e omero_vm_key_name=YOURKEY -e "omero_vm_flavour='m2.xxlarge'"
 
-If this step fails it could be due to an incorrect variable, the Ansible `os_server` module usually gives an uninformative "Error in creating instance" message.
-If the VM was created the floating IP of the VM will be printed out.
+Deploying the IDR on existing infrastructure
+--------------------------------------------
 
-To delete the VM and related security group:
+If you have already created your servers and just wish to install a plain IDR then run:
 
-    ansible-playbook os-idr-playbooks/os-delete.yml -e omero_vm_name=FOO
+    ansible-playbook \
+        -i inventory \
+        -u centos \
+        -e idr_environment=$IDR_ENVIRONMENT \
+        -e idr_nginx_ssl_self_signed=True \
+        idr-playbooks/idr-omero.yml
 
-If another instance is using the OMERO security group, the task will fail but can be safely ignored.
+where `inventory` contains groups described in the following section.
 
 
-Inventory
----------
+`idr-playbooks/idr-omero.yml`
+-----------------------------
 
-This directory takes advantage of an
-[Ansible dynamic inventory script for OpenStack (`openstack.py`)](http://docs.ansible.com/ansible/intro_dynamic_inventory.html#example-openstack-external-inventory-script)
-instead of having to manage an inventory file when using Ansible to push out changes.
-For example:
+This is the Ansible playbook that will be run to setup OMERO.
+This can be run independently of the openstack playbooks providing you have an inventory with groups:
+- `{{ idr_environment }}-data-hosts`
+- `{{ idr_environment }}-omero-hosts`
+- `{{ idr_environment }}-proxy-hosts`
 
-    ansible-playbook -i inventory -l os-image-centos os-idr-playbooks/os-omero.yml -vv
 
-Variables for the groups defined in `os-idr-playbooks/os-create.yml` as `omero_vm_groups` can be added under inventory/variables.
+TODO: explain other `idr-playbooks/*.yml` playbooks
 
 
 Deploying the IDR
 =================
 
-
-The production IDR is setup using a private configuration repository.
-Replace `{{ inventory_dir }}` with the path to the inventory directory.
-You can use `inventory` in this directory if you have configured the required variables, such as by creating a group_vars file if necessary in `{{ inventory_dir }}/group_vars/`, e.g. `{{ inventory_dir }}/group_vars/os-idr.yml`
-This should match the value of the `idr_environment` variable (default `os-idr`), and can be used to support multiple deployment environments with different variables.
-
-Decide on your openstack dynamic inventory.
-If you are using a single floating IP use `{{ inventory_dir }}/openstack-private.py`.
-using private internal IPs and a gateway server on the Openstack cloud.
-If you are using floating IPs for all instances you can optionally use `{{ inventory_dir }}/openstack.py` instead.
-
-Select your playbook, for instance `os-idr-uod.yml` for the Dundee cloud.
-
-For example (using the default `os-idr` host-group and variables):
-
-    ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml
-        -e vm_key_name="KEY_NAME" -e vm_prefix=PREFIX
-
-Or using a custom group called `os-idrstaging` with additional variable overrides:
-
-    ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml
-        -e vm_key_name="KEY_NAME" -e vm_prefix=PREFIX
-        -e @vars/test-overrides.yml -e idr_environment=os-idrstaging
-
-
 Component playbooks
 -------------------
 

ansible/Vagrantfile

@@ -63,14 +63,16 @@ Vagrant.configure(2) do |config|
         ansible.playbook = "idr-playbooks/idr-omero.yml"
         ansible.limit = "idr"
         ansible.groups = {
-          "database-hosts" => ["idr-database"],
-          "omero-hosts" => ["idr-omero"],
-          "proxy-hosts" => ["idr-gateway"],
-          "idr:children" => ["database-hosts", "omero-hosts", "proxy-hosts"],
+          "idr-database-hosts" => ["idr-database"],
+          "idr-omero-hosts" => ["idr-omero"],
+          "idr-proxy-hosts" => ["idr-gateway"],
+          "idr:children" => ["idr-database-hosts", "idr-omero-hosts", "idr-proxy-hosts"],
           "idr:vars" => {
             # Vagrant uses eth0 for NAT, eth1 for private guest network
             "idr_net_iface" => "eth1",
             "idr_nginx_ssl_self_signed" => "True",
+            "omero_release" => "0.0.7-rc1",
+            "omero_omego_additional_args" => "--downloadurl https://downloads.openmicroscopy.org/idr",
           }
         }
       end

ansible/idr-playbooks/files/IDR-OMERO-52-omero.j2

@@ -26,7 +26,7 @@ config set omero.web.secure_proxy_ssl_header '["HTTP_X_FORWARDED_PROTO_OMERO_WEB
 config set omero.web.public.enabled True
 config set omero.web.public.server_id 1
 config set omero.web.public.user public
-config set omero.web.public.password {{ idr_secret_omero_web_public_password | default("") }}
+config set omero.web.public.password {{ omero_web_public_password }}
 config set omero.web.public.url_filter ^/(webadmin/myphoto/|webclient/(?!(action|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as)))
 
 # Group/User drop down menu

ansible/idr-playbooks/group_vars/omero-hosts.yml

@@ -17,6 +17,8 @@ omero_upgrade: True
 # Recursively chown data dir (this may take a very long time)
 #omero_datadir_chown: True
 
+omero_web_public_password: "{{ idr_secret_omero_web_public_password | default('public') }}"
+
 omero_prestart_file: "{{ playbook_dir }}/files/IDR-OMERO-52-omero.j2"
 
 omero_logmonitor_slack_token: "{{ idr_secret_omero_logmonitor_slack_token | default(None) }}"

ansible/idr-playbooks/group_vars/proxy-hosts.yml

@@ -54,4 +54,4 @@ nginx_proxy_direct_locations:
 #nginx_proxy_block_locations:
 #- "^~ /login"
 
-nginx_proxy_set_header_host: 'idr-demo.openmicroscopy.org'
+#nginx_proxy_set_header_host: 'idr-demo.openmicroscopy.org'

ansible/idr-playbooks/idr-dundee-nfs.yml

@@ -2,7 +2,7 @@
 # The default is to use NFS, if you are using samba you must install the
 # dependencies (cifs-utils) yourself.
 
-- hosts: uod-nfs
+- hosts: "{{ idr_environment | default('idr') }}-uod-nfs"
 
   vars:
     idr_mountpoint: /uod/idr

ansible/idr-playbooks/idr-local-files.yml

@@ -5,7 +5,7 @@
 # This should be cleaned up and moved/combined into an appropriate role
 
 # Variables should be in a private group_vars file
-- hosts: proxy-hosts
+- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts"
 
   tasks:
 

ansible/idr-playbooks/idr-local-users.yml

@@ -2,7 +2,7 @@
 # Playbook for creating local user accounts on Openstack instances
 
 # Variables should be in a private group_vars file
-- hosts: database-hosts, omero-hosts, proxy-hosts
+- hosts: "{{ idr_environment | default('idr') }}-database-hosts, {{ idr_environment | default('idr') }}-omero-hosts, {{ idr_environment | default('idr') }}-proxy-hosts"
   roles:
   - role: sudoers
 #    sudoers_individual_commands:

ansible/idr-playbooks/idr-monitoring.yml

@@ -1,6 +1,6 @@
 # Monitoring playbook
 
-- hosts: omero-hosts
+- hosts: "{{ idr_environment | default('idr') }}-omero-hosts"
 
   pre_tasks:
   - name: Get short hostname (not the same as the Ansible hostname vars)

ansible/idr-playbooks/idr-omero.yml

@@ -12,8 +12,7 @@
 # - `idr_net_iface=iface` if your servers use a network interface other
 #   then eth0 for inter-machine networking
 
-
-- hosts: database-hosts
+- hosts: "{{ idr_environment | default('idr') }}-database-hosts"
 
   roles:
   - role: postgresql
@@ -29,7 +28,7 @@
     postgresql_server_chown_datadir: True
 
 
-- hosts: omero-hosts
+- hosts: "{{ idr_environment | default('idr') }}-omero-hosts"
 
   pre_tasks:
 
@@ -44,15 +43,21 @@
     become: yes
 
   - set_fact:
-      # omero_db_host_ansible: "{{ hostvars[groups['database-hosts'][0]]['ansible_ssh_host'] | default(hostvars[groups['database-hosts'][0]]['ansible_host']) }}"
-      # omero_db_host_ansible: "{{ hostvars[groups['database-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}"
+      omero_db_host_ansible: "{{ hostvars[groups[idr_environment | default('idr') + '-database-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}"
 
   roles:
-  - { role: upgrade-distpackages, tags: "upgrade-distpackages" }
-  - { role: versioncontrol-utils, tags: "versioncontrol-utils" }
-  - { role: omero-server, tags: "omero-server" }
-  - { role: python-pydata, tags: "python-pydata" }
-  - { role: omero-web-apps, tags: "omero-web-apps" }
+  - role: basedeps
+    tags: "basedeps"
+  - role: cli-utils
+    tags: "cli-utils"
+  - role: versioncontrol-utils
+    tags: "versioncontrol-utils"
+  - role: omero-server
+    tags: "omero-server"
+  - role: python-pydata
+    tags: "python-pydata"
+  - role: omero-web-apps
+    tags: "omero-web-apps"
 
   vars:
     omero_dbhost: "{{ omero_db_host_ansible }}"
@@ -110,13 +115,12 @@
   # Additional vars are in group_vars/omero-hosts.yml
 
 
-- hosts: proxy-hosts
+- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts"
 
   pre_tasks:
 
   - set_fact:
-      # omero_omero_host_ansible: "{{ hostvars[groups['omero-hosts'][0]]['ansible_ssh_host'] | default(hostvars[groups['omero-hosts'][0]]['ansible_host']) }}"
-      # omero_omero_host_ansible: "{{ hostvars[groups['omero-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}"
+      omero_omero_host_ansible: "{{ hostvars[groups[idr_environment | default('idr') + '-omero-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}"
 
   roles:
   - role: nginx-ssl-selfsigned

ansible/idr-playbooks/idr.yml

@@ -1,5 +1,6 @@
-# Runs all public playbooks for setting up the IDR infrastructure
-# The remaining playbooks require additional private configuration
+# Runs all public playbooks for setting up the IDR infrastructure in any
+# environment. This does not run any storage/networking/cloud specific
+# tasks, nor does it run playbooks requiring private configuration
 - include: idr-local-users.yml
 - include: idr-omero.yml
 - include: idr-local-files.yml

ansible/idr-playbooks/os-idr-volumes.yml

@@ -0,0 +1,27 @@
+---
+# Initialise openstack volumes from inside VMs if necessary
+
+- hosts: "{{ idr_environment | default('idr') }}-database-hosts"
+  roles:
+  - role: storage-volume-initialise
+    storage_volume_initialise_device: "{{ database_db_vol_dev | default('/dev/vdb') }}"
+    storage_volume_initialise_mount: /var/lib/pgsql
+
+- hosts: "{{ idr_environment | default('idr') }}-omero-hosts"
+  roles:
+  - role: storage-volume-initialise
+    storage_volume_initialise_device: "{{ omero_data_vol_dev | default('/dev/vdb') }}"
+    storage_volume_initialise_mount: /data
+
+- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts"
+  roles:
+  - role: storage-volume-initialise
+    storage_volume_initialise_device: "{{ gateway_nginxcache_vol_dev | default('/dev/vdb') }}"
+    storage_volume_initialise_mount: /var/cache/nginx
+
+# Use this group for any other IDR VMs that should have a volume mounted on /data
+- hosts: "{{ idr_environment | default('idr') }}-data-hosts"
+  roles:
+  - role: storage-volume-initialise
+    storage_volume_initialise_device: "{{ data_vol_dev | default('/dev/vdb') }}"
+    storage_volume_initialise_mount: /data

ansible/os-idr-ebi.yml

@@ -4,7 +4,7 @@
 
 - include: os-idr-playbooks/os-create.yml
   vars:
-    omero_vm_extra_groups: "ebi-nfs,idr-hosts"
+    omero_vm_extra_groups: "{{ idr_environment | default('idr') }}-ebi-nfs"
     os_cloud_provider: ebi
 
 - include: os-idr-playbooks/os-volumes.yml
@@ -14,19 +14,19 @@
 - include: idr-playbooks/idr-local-users.yml
 # Variables for this section are in a private file
 
-- hosts: database-hosts
+- hosts: "{{ idr_environment | default('idr') }}-database-hosts"
   roles:
   - role: storage-volume-initialise
     storage_volume_initialise_device: /dev/vdb
     storage_volume_initialise_mount: /var/lib/pgsql
 
-- hosts: omero-hosts
+- hosts: "{{ idr_environment | default('idr') }}-omero-hosts"
   roles:
   - role: storage-volume-initialise
     storage_volume_initialise_device: /dev/vdb
     storage_volume_initialise_mount: /data
 
-- hosts: proxy-hosts
+- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts"
   roles:
   - role: storage-volume-initialise
     storage_volume_initialise_device: /dev/vdb
@@ -39,6 +39,4 @@
 
 - include: idr-playbooks/idr-local-files.yml
 
-- include: idr-playbooks/idr-user-utils.yml
-
 #- include: idr-playbooks/idr-monitoring.yml