-
Notifications
You must be signed in to change notification settings - Fork 0
201_Automated Scripts
The scripts may not run successfully since VPSs are configured in specific ways at JMA Consulting. For example, certain steps will cat a root password stored in a text file somewhere on the VPS since it was configured to automatically generate using another Ansible playbook. If you would like to use these scripts, you will have to take the time to make adjustments to certain lines of the playbook to suit your own VPS configuration.
This page provides instructions for configuring everything for civipress using ansible. Note 1: there will still be manual intevention at times. Note 2: Even though each new step indicates shelling into the server, it is not nessecary often as you can continue on a previously open terminal that is already shelled into the server. The goal is to provide ease of understanding if a specific portion needs to be configured or changed in contrast from going through start to finish.
The following values will be used for the examples:
| Parameter | Value |
|---|---|
| User on VPS servers | luke |
| Vault active server | d1.jmaconsulting.biz |
| Vault standby server | d2.jmaconsulting.biz |
| Vault standby server | d3.jmaconsulting.biz |
| Primary Percona Server | d4.jmaconsulting.biz |
| Secondary Percona Server | d5.jmaconsulting.biz |
| CiviPress Front-End Server | d6.jmaconsulting.biz |
This example uses servers on the same bare metal machine but in order to achieve high availability and failover, each of the individual components need to be spread over several different bare metal machines. Consider the following example:
Vault Active: b1.jmaconsulting.biz Vault Standy A: c1.jmaconsulting.biz Vault Standby B: d1.jmaconsulting.biz
Percona Primary: b2.jmaconsulting.biz Percona Secondary: c2.jmaconsulting.biz
Front end: d2.jmaconsulting.biz
Notice that a Vault or Percona server is never found with another Vault or Percona server on the same bare metal server. If a bare metal server fails, the infrastructure will continue to function.
- 6 VPS's configured
Clone the repository from here
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [active_vault_server] ./vault.yml -i production -K
# enter the following:
# certbot email
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d1.jmaconsulting.biz ./vault.yml -i production -K
- [email protected]Repeat step 1 for the other two vault servers, following the second set of instructions prompted at the end of the script
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./percona_1.yml -i production -K
# enter the following:
# certbot email
# percona server number (1, 2, etc)
# server of the active vault instance
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./percona_1.yml -i production -K
Enter cerbot email: [email protected]
Enter Percona Server Number (int): 1
Only for secondary servers: Enter Primary Percona Root Password (cat /root/.mysql.root on Primary Percona server):
Enter host and domain of active vault server: d1.jmaconsulting.biz
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./percona_2.yml -i production -K
# enter the following:
# percona server number (1, 2, etc)
# server of the active vault instance
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./percona_2.yml -i production -K
- 2
- d1.jmaconsulting.bizRepeat step 2 for the secondary percona server
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./percona_replication_primary.yml -i production -K
# enter the following:
# secondary percona server
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./percona_replication_primary.yml -i production -K
- d5.jmaconsulting.biz
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [secondary_percona_server] ./percona_replication_secondary.yml -i production -K
# enter the following:
# primary percona server
# percona replication user password (sudo cat /root/.mysql.repl on primary server))
# ===== example ===== #
$ ansible-playbook -l d5.jmaconsulting.biz ./percona_replication_secondary.yml -i production -K
- d4.jmaconsulting.biz
- password
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./start_replication.yml -i production -K
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./start_replication.yml -i production -KIdentity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./front_end_1.yml -i production -K
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./front_end_1.yml -i production -K
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [front_end_server] ./front_end_1.yml -i production -K
# enter the following:
# certbot email
# primary percona server
# primary percona host
# secondary percona server
# proxysql monitor user (cat /root/.mysql.proxy_monitor on the primary percona server)
# orchestrator topolgy user password (cat /root/.mysql.orch on the primary percona server)
# wordpress database name
# wordpress user
# civicrm database name
# civicrm user
# wp_user password (cat /root/.mysql.wp_user on the primary percona server)
# crm_user password (cat /root/.mysql.crm_user on the primary percona server)
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d6.jmaconsulting.biz ./front_end_2.yml -i production -K
- [email protected]
- d4.jmaconsulting.biz
- d4
- d5.jmaconsulting.biz
- password
- password
- wp_db
- wp_user
- crm_db
- crm_user
- password
- passwordIdentity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [third_percona_server] ./percona_1.yml -i production -K
# enter the following:
# certbot email
# percona server number (1, 2, etc)
# server of the active vault instance
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d7.jmaconsulting.biz ./percona_1.yml -i production -K
- [email protected]
- 3
- d1.jmaconsulting.biz
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [third_percona_server] ./percona_2.yml -i production -K
# enter the following:
# percona server number (1, 2, etc)
# server of the active vault instance
# ===== example ===== #
$ ansible-playbook -l d7.jmaconsulting.biz ./percona_2.yml -i production -K
- 3
- d1.jmaconsulting.bizIdentity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./percona_replication_primary.yml -i production -K
# enter the following:
# third percona server
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./percona_replication_primary.yml -i production -K
- d7.jmaconsulting.biz
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [third_percona_server] ./percona_replication_secondary.yml -i production -K
# enter the following:
# primary percona server
# percona replication user password (sudo cat /root/.mysql.repl on primary server))
# ===== example ===== #
$ ansible-playbook -l d7.jmaconsulting.biz ./percona_replication_secondary.yml -i production -K
- d4.jmaconsulting.biz
- password
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./start_replication.yml -i production -K
# enter the following:
# primary percona server
# percona replication user password (sudo cat /root/.mysql.repl on primary server))
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./start_replication.yml -i production -K
- d4.jmaconsulting.biz
- passwordFollow the steps in the link below to setup a front-end aegir instance. Proceed to steps 6b and onwards for a regular WordPress + CiviCRM instance connected to the CiviPress infrastructure. For JMA, we likely will never use steps 6b and onwards.
STOP HERE AT THIS STEP. All the proceeding steps are useful to have documented, but will likely not be used by JMA consulting in favour of using Aegir for front end bulk hosting.
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./front_end_1.yml -i production -K
# enter the following:
# wordpress database name
# wordpress user
# civicrm database name
# civicrm user
# front end server
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./front_end_1.yml -i production -K
- acornwp_db
- acornwp_user
- acorncrm_db
- acorncrm_user
- d8.jmaconsulting.biz
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [front_end_server] ./front_end_1.yml -i production -K
# enter the following:
# certbot email
# primary percona server
# primary percona host
# proxysql monitor user (cat /root/.mysql.proxy_monitor on the primary percona server)
# orchestrator topolgy user password (cat /root/.mysql.orch on the primary percona server)
# wordpress database name
# wordpress user
# civicrm database name
# civicrm user
# wp_user password (cat /root/.mysql.wp_user on the primary percona server)
# crm_user password (cat /root/.mysql.crm_user on the primary percona server)
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d6.jmaconsulting.biz ./front_end_2.yml -i production -K
- [email protected]
- d4.jmaconsulting.biz
- d4
- password
- password
- acornwp_db
- acornwp_user
- acorncrm_db
- acorncrm_user
- password
- password- block port 3000 on front end server after orchestrator configuration is complete
- revoke vault initial root token
- $ vault token revoke [root_token_previously_stored]
- To create a new root token:
- https://developer.hashicorp.com/vault/tutorials/operations/generate-root