Group and Host Variables - HeliumEdu/deploy GitHub Wiki
The ansible/group_vars
and ansible/host_vars
folders can contains definitions for Ansible's inventory.
Configurations for non-dev environments are ignored in Git so they do not get committed by accident.
The group_vars
folder should contain a committed copy of all.yml
, inventory items that are applicable to all environments, and
devbox.yml.example
, an example inventory file that also works with the supplied Vagrant configuration. To get started,
rename devbox.yml.example
to devbox.yml
.
Note that credentials to third-party services (for example, AWS services like SES) need to be set in the
devbox.yml
file before those services will work properly (see here for an AWS setup guide). Do NOT
commit real credentials to third-party services, even in example files.
Making a New Inventory Configuration
Aside from the obvious updates that need to be made to any host or credentials variable (note that most hosts in
devbox.yml.example
end in .test
), these are variables should be updated when configuring a new group.
environment
should match the name of the group; it is used as a prefix or suffix for server variables (for instance, the name of a datastore) to distinguish between environments- Any
secret
orkey
should be regenerated; do NOT reuse these between environments helium_host
should be updated to reflect the domain of the new environmentplatform_host_protocol
andplatform_ssl
along withfrontend_host_protocol
andfrontend_ssl
should be updated if the new group supports SSLletsencrypt_ssl
can be added and set toTrue
if you want to auto-generate and renew SSL certificates and your hosts are resolvable externallyproject_serve_local
,PROJECT_SERVE_LOCAL
, andPROJECT_DISABLE_EMAILS
should be removed from non-dev environments, as they fallback on safe defaultsplatform_num_workers
, the number of Celery Supervisor workers that will be deployed on the worker node, should be added and likely increased in production environments (the default is2
if not set)- If
platform
is going to be deployed in two clusters (one forweb
nodes, one forworker
nodes, as they utilize the same codebase), be sure to use- { role: helium-platform, web_node: False }
for theworker
node configuration
Note that if the new inventory calls for SSL but does not use Let's Encrypt as described above, the following
corresponding SSL files will need to be in ansible/private/ssl
:
apache.{{ domain_environment }}.{{ host }}.crt
apache.{{ domain_environment }}.{{ host }}.key
apache.{{ domain_environment }}.{{ host }}.ca-bundle