Automated setup for Service Map nodes
=====================================
This repository contains Ansible-scripts for automatically setting up nodes
for Hel Service Map. A Vagrantfile is included for testing in local virtual
machines.

Current version sets up replication between two PostgreSQL-instances,
one serving as master and other as a standby. Testing has only been done on
Ubuntu.

Directory /deployment contains the actual ansible scripts (playbook).
Notable files:
production:	ansible inventory, needs to be customized for the used hosts
vars.yml:	configuration for the scripts, currently IPs defined in
		inventory need to be set here as well
initial.yml	playbook: sets the hosts up for management
site.yml	playbook: sets up the actual services for Service Map

NOTE: LOCALE PROBLEMS
---------------------

Unfortunately many installation scripts in Debian and Ubuntu packages
depend on correctly set locale. In particular, PostgreSQL UTF-8 support
behaves differently if the package is not installed with UTF-8 locale. To
make matters worse, Ansible modules always set the locale to "C", which is
not a UTF-8 locale.

This can be fixed by setting:
export ANSIBLE_MODULE_LANG="en_US.UTF-8"
before running any Ansible commands.

Initial use
----
Hosts that are going to be managed need to have, at minimum, SSH-server
running and either direct root access or access to a user with sudo access
to every user.

If the initial configurations fails, it can leave the hosts inaccessible
remotely. Thus it has been split into a separate playbook.

The initialization playbook provides two services:
-copy over an SSH public key
-set up a passwordless sudo for the management account

The playbook expects the private SSH-key to be in a file called:
deployment/private/id_deployment

And its public counterpart in:
deployment/managed/files/id_deployment.pub

*NOTE!* Before running the initialization playbook, it a very good idea to
test ssh connectivity to each host. Especially unknown SSH host keys
will cause problems and obscure error message from Ansible. Remember to use
the exact same hostname as in your inventory (domain included!).

As the SSH-key is not yet installed ansible needs to be told to use
passwords:
ansible-playbook -i production -u {remote_username} --ask-pass --ask-sudo-pass initial.yml

Remote usernames can also be configured in the inventory file. See the
supplied inventory for example.

If you need to use different passwords for hosts, it is easiest to set
them up on separate runs with separate inventory files

Daily use
----
For daily use, the SSH-key should be used for authentication. On a typical
Debian or Ubuntu installation this is done with:
ssh-add deployment/private/id_deployment

This adds the key to the ssh-agent and no passwords are needed for
SSH-connections thereafter.

The playbook can then be run with:
ansible-playbook -i production -u {remote_username} site.yml

Testing with vagrant
----
For testing Vagrant and Virtualbox are required. Any other Vagrant-supported
virtualization provider might work as well.

Starting a master-standby pair (this also runs Ansible provisioning):
vagrant up

Testing provision on both or either end:
vagrant provision [master|standby]