d64c713948
|
||
|---|---|---|
| aws | ||
| roles | ||
| .gitignore | ||
| CODE_OF_CONDUCT.md | ||
| README.md | ||
README.md
AWS Ansible-based docker development environment for Firefox Accounts
Prerequisites
macOS
Use: brew install ansible && pip install boto3
Usage
To run on AWS change directory to aws
cd aws
- Set the
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYenvironment variables - create a
environments/foo.ymlfile ('foo' can be anything) a) seeenvironments/EXAMPLE.ymlfor a base reference b) it is recommended that you set values forownerandreaper_spare_me - run
make foo
After the cloudformation stacks has been created, cloud-init will run an
initial ansible playbook to set up the box. A cronjob run every 10 minutes
will pick up changes as needed. The logs for the initial playbook run are in
/var/log/cloud-init-output.log. If the cloudformation was created OK, but
the services do not come up, check that log output for why.
SSH
You can ssh into the EC2 instance with ssh ec2-user@meta-{{ whatever you configured in foo.yml }}.
Custom Docker tags
By default, the latest tag will be used. This can be adjusted
to use other image tags by setting any of {auth_docker_tag, authdb_docker_tag, content_docker_tag, customs_docker_tag, oauth_docker_tag, profile_docker_tag, rp_docker_tag} in
your environments/foo.yml configuration file.
NOTE: you must commit and push changes to that file to affect an existing EC2 instance.
Docker stopped|started:
By default, all docker containers are 'started'. If
you want to selectively keep a service 'stopped', you can set any of
{auth_docker_state, authdb_docker_state, basket_docker_state, content_docker_state, customs_docker_state, oauth_docker_state, profile_docker_state, rp_docker_state} in
your environments/foo.yml configuration file.
NOTE: you must commit and push changes to that file to affect an existing EC2 instance.
Custom fxa-dev branch
You can control the branch of fxa-dev for each environment by changing the {fxadev_git_version} value in the environment configuration file.
Layout Notes
- fxa sources are in
/data/fxa-dev. - node processes are run by docker
- config is setup by ansible
docker_containermodule (e.g., roles/auth/tasks/main.yml) - run
docker ps; docker imagesfor info
- config is setup by ansible
- ansible will do a docker pull, and restart the container if the image, or configuration, has changed.
- nginx is the web frontend
- config in
/etc/nginx/conf.d
- config in
- node process logs are available with, e.g.,
docker logs auth-server.
Example urls
- content server: https://latest.dev.lcip.org
- auth server: https://latest.dev.lcip.org/auth/
- oauth server: https://oauth-latest.dev.lcip.org
- profile server: https://latest.dev.lcip.org/profile
- demo oauth site: https://123done-latest.dev.lcip.org
- ssh access: ec2-user@meta-latest.dev.lcip.org
About using docker_container and quoting of environment values
docker_container (>=2.8) now insists that environment values be quoted. However, when evaluating "{{ foo }}", those quotes are removed. So use the to_json jinja2 filter to ensure that the value is quoted. Note: I use to_json instead of quote because quote will not quote Boolean values true and false.
If not quoted, the error will look like "Non-string value found for env option. Ambiguous env options must be wrapped in quotes to avoid them being interpreted. Key: ENV_VAR_NAME". If you see this error, add a to_json in your templates and try again.