new eru information for deployment

Author: Bryan Kendall

ansible/delta-hosts/variables

@@ -27,8 +27,16 @@ drake_http_rollbar_token=52ad749ddb8e47b2a8e15312b6b300fb
 drake_worker_rollbar_token=14152b8572034943b714da27ca607698
 
 [eru:vars]
+eru_subdomain=eru
 eru_github_id=46a23f5f99f0aa9460f8
 eru_github_secret=a0336d72e3d540fb9fbbed2c123a81e1cb329dab
+eru_aws_access_key_id=AKIAIFCVEISSC5JMPWDA
+eru_aws_secret_access_key=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
+eru_aws_environment=delta
+eru_mongodb_database=delta
+eru_mongodb_password=tilde-rawboned-lotus-hideaway-diastole
+eru_mongodb_username=eru
+eru_mongodb_replset=delta-rs0
 
 [khronos:vars]
 intercom_api_key=14771f14efb617900724a16345e57beb55ba9beb

ansible/epsilon-hosts/variables

@@ -26,8 +26,16 @@ drake_http_rollbar_token=52ad749ddb8e47b2a8e15312b6b300fb
 drake_worker_rollbar_token=14152b8572034943b714da27ca607698
 
 [eru:vars]
-eru_github_id=8abb08f83f6d1c52bd1a
-eru_github_secret=74a23ee56486d57b14f292283cb04625f600917c
+eru_subdomain=eru
+eru_github_id=1834e6be0811db20d219
+eru_github_secret=dda712ce9bdb92cd9187b14c0897319e90dd5462
+eru_aws_access_key_id=AKIAIFCVEISSC5JMPWDA
+eru_aws_secret_access_key=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
+eru_aws_environment=epsilon
+eru_mongodb_database=epsilon
+eru_mongodb_password=success-nan-europium-rerun-sheep
+eru_mongodb_username=eru
+eru_mongodb_replset=epsilon-rs0
 
 [khronos:vars]
 khronos_mongo_auth=api:3f5210b8-8fe3-11e5-8e62-07b6eff19ecb

ansible/eru.yml

@@ -1,12 +1,18 @@
 ---
-- hosts: redis
 - hosts: consul
+- hosts: mongodb
+- hosts: redis
 
 - hosts: eru
   vars_files:
-    - "group_vars/alpha-eru.yml"
+  - group_vars/alpha-eru.yml
+  roles:
+  - { role: notify, tags: [ notify ] }
+  - { role: builder, tags: [ build ] }
+  - role: container_start
+
+- hosts: socket-server-proxy
+  vars_files:
+  - group_vars/alpha-eru.yml
   roles:
-  - { role: notify, tags: "notify" }
-  - { role: redis_key, tags: ["setup", "redis_key"] }
-  - { role: builder, tags: "build" }
-  - { role: container_kill_start }
+  - role: eru

ansible/gamma-hosts/variables

@@ -26,8 +26,16 @@ drake_http_rollbar_token=52ad749ddb8e47b2a8e15312b6b300fb
 drake_worker_rollbar_token=14152b8572034943b714da27ca607698
 
 [eru:vars]
+eru_subdomain=eru
 eru_github_id=8abb08f83f6d1c52bd1a
 eru_github_secret=74a23ee56486d57b14f292283cb04625f600917c
+eru_aws_access_key_id=AKIAIFCVEISSC5JMPWDA
+eru_aws_secret_access_key=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
+eru_aws_environment=gamma
+eru_mongodb_database=gamma
+eru_mongodb_password=success-nan-europium-rerun-sheep
+eru_mongodb_username=eru
+eru_mongodb_replset=gamma-rs0
 
 [khronos:vars]
 khronos_mongo_auth=api:3f5210b8-8fe3-11e5-8e62-07b6eff19ecb

ansible/group_vars/all.yml

@@ -95,8 +95,6 @@ aws_access_key: "AKIAIB3IJCCJZQWQMVSQ"
 aws_secret_key: "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"
 
 # eru
-eru_port: 57831
-eru_hostname: admin.{{ domain }}
 
 # filibuster
 filibuster_port: 3112

ansible/group_vars/alpha-eru.yml

@@ -1,26 +1,40 @@
+---
 name: eru
 
 container_image: registry.runnable.com/runnable/{{ name }}
 container_tag: "{{ git_branch }}"
 repo: git@github.com:CodeNow/{{ name }}.git
-hosted_ports: ["{{ eru_port }}"]
-node_version: "0.12.0"
-npm_version: "2.1.18"
+hosted_ports: [ "5501", "5502" ]
+node_version: lts
+npm_version: 2
+has_shrinkwrap: true
 
-# for redis
-redis_key: frontend:{{ eru_hostname }}
-is_redis_update_required: yes
+dockerfile_post_install_commands:
+- apt-get update && apt-get install -y supervisor
+- npm run build
 
-container_envs: >
-  -e ADMIN_DOMAIN={{ eru_hostname }}
-  -e ADMIN_GITHUB_ID={{ eru_github_id }}
-  -e ADMIN_GITHUB_SECRET={{ eru_github_secret }}
-  -e API_URL={{ api_url }}
-  -e RUNNABLE_HOST={{ domain }}
-  -e PORT={{ hosted_ports[0] }}
+container_envs: >-
+  -e AWS_ACCESS_KEY={{ eru_aws_access_key_id }}
+  -e AWS_ENVIRONMENT={{ eru_aws_environment }}
+  -e AWS_SECRET_KEY={{ eru_aws_secret_access_key }}
+  -e DOMAIN={{ eru_subdomain }}.{{ domain }}
+  -e GITHUB_CLIENT_ID={{ eru_github_id }}
+  -e GITHUB_CLIENT_SECRET={{ eru_github_secret }}
+  -e MONGODB_DATABASE={{ eru_mongodb_database }}
+  -e MONGODB_PASSWORD={{ eru_mongodb_password }}
+  -e MONGODB_HOSTS={{ mongo_hosts }}
+  -e MONGODB_REPLSET={{ eru_mongodb_replset }}
+  -e MONGODB_USERNAME={{ eru_mongodb_username }}
+  -e NODE_ENV=production
+  -e REDIS_HOSTNAME={{ redis_host_address }}
+  -e REDIS_PORT={{ redis_port }}
+  -e RUNNABLE_DOMAIN={{ domain }}
 
 container_run_opts: >
   -h {{ name }}
   -d
-  -p {{ hosted_ports[0] }}:{{ hosted_ports[0] }}
+  -P
+  -v /var/log:/var/log:rw
   {{ container_envs }}
+
+container_run_args: supervisord --configuration supervisord.conf --nodaemon

ansible/roles/eru/tasks/main.yml

@@ -0,0 +1,49 @@
+---
+- name: get ports from eru
+  delegate_to: "{{ groups['eru'][0] }}"
+  tags: [ config, deploy ]
+  become: true
+  shell: |
+    for c in $(docker ps | awk '/eru/{ print $1 }'); do
+      docker port $c 5501 | cut -d ':' -f 2
+      docker port $c 5502 | cut -d ':' -f 2
+    done
+  args:
+    executable: /bin/bash
+  register: ports
+
+- name: register IP as variable
+  tags: [ config, deploy ]
+  set_fact:
+    eru_server_hostname: "{{ hostvars[groups['eru'][0]].ansible_default_ipv4.address }}"
+
+- name: make nginx config directory
+  tags: [ config, deploy ]
+  become: yes
+  file:
+    state: directory
+    dest: /etc/nginx
+
+- name: put configuration in place
+  tags: [ config, deploy ]
+  become: yes
+  template:
+    src: "{{ item }}"
+    dest: /etc/nginx/sites-available/{{ item }}
+  with_items:
+    - 11-eru-server.conf
+
+- name: link configuration
+  tags: [ config, deploy ]
+  become: yes
+  file:
+    state: link
+    dest: /etc/nginx/sites-enabled/{{ item }}
+    src: /etc/nginx/sites-available/{{ item }}
+  with_items:
+    - 11-eru-server.conf
+
+- name: reload nginx
+  tags: [ config, deploy ]
+  become: yes
+  shell: docker ps | awk '/nginx/{ print $1 }' | xargs -n 1 docker kill --signal SIGHUP

ansible/roles/eru/templates/11-eru-server.conf

@@ -0,0 +1,54 @@
+server {
+  listen 80;
+  server_name eru.{{ domain }};
+
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  server_name eru.{{ domain }};
+  gzip off;
+
+  ssl on;
+  ssl_certificate /etc/ssl/certs/{{ domain }}/{{ domain }}.chained.crt;
+  ssl_certificate_key /etc/ssl/private/{{ domain }}.key;
+  ssl_trusted_certificate /etc/ssl/certs/{{ domain }}/ca.pem;
+
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_prefer_server_ciphers on;
+  ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+
+  add_header Strict-Transport-Security "max-age=15724800; includeSubdomains; preload";
+  add_header X-Frame-Options "DENY";
+
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  resolver 8.8.8.8 8.8.4.4 valid=300s;
+  resolver_timeout 5s;
+
+  rewrite ^/app\/.+ /app/;
+
+  location / {
+    expires 300;
+    proxy_pass http://{{ eru_server_hostname }}:{{ ports.stdout_lines[0] | trim }};
+    proxy_set_header Host $host;
+    proxy_set_header x-real-ip $remote_addr;
+    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
+    proxy_set_header x-forwarded-protocol 'https';
+    proxy_set_header x-forwarded-proto 'https';
+  }
+
+  location /graphql {
+    proxy_pass http://{{ eru_server_hostname }}:{{ ports.stdout_lines[1] | trim }};
+    proxy_set_header Host $host;
+    proxy_set_header x-real-ip $remote_addr;
+    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
+    proxy_set_header x-forwarded-protocol 'https';
+    proxy_set_header x-forwarded-proto 'https';
+  }
+}