Chef cookbooks for project damepraci.cz.
Simple cookbook for service monitoring using Monit.
Provides recipes for elasticsearch, nginx and redis monitoring.
Cookbook for provisioning applications which are necessary for damepraci.cz project.
Recipes:
- default — recipe for application user and directories preparation
- ruby — recipe for Ruby installation and configuration
- hunspell — recipe for elasticsearch's hunspell analyzer dictionary
- api — recipe for provisioning pickwick-api
- app — recipe for provisioning frontend application pickwick-app
- validator — recipe for provisioning job-posting-validator
- workers — recipe for provisioning pickwick-workers
Whole infrastructure is divided into several roles.
- api — role for application API. This role installs and configures elasticsearch which is main storage in this project. Installs Ruby and pickwick-api repository.
- app — role for frontend applications. This role installs and configures Ruby and pickwick-app repository.
- elasticsearch — role for elasticsearch installation and configuration. This role is not used separately in the infrustructure. It is used in api role.
- sidekiq-redis — role for redis installation and configuration. This role is not used separately in the infrustructure. It is used in workers role.
- validator — role for job-posting-validator installation and configuration.
- workers — role for pickwick-workers installation and configuration.
First, you need to have a valid Chef Server account, your user validation key, and your organization validation key.
The easiest way is to create a free account in Hosted Chef, provided by Opscode.
You need to export the following environment variables for the provisioning scripts:
export CHEF_ORGANIZATION='<your organization name>'
export CHEF_ORGANIZATION_KEY='/path/to/your/your-organization-validator.pem'
export NGINX_USER='<nginx username>'
export NGINX_PASSWORD='<nginx user password>'
export MONIT_USER='<monit username>'
export MONIT_PASSWORD='<monit user password>'
export MONIT_ALERT_EMAIL='<email for alerts>'
export MONIT_FROM_EMAIL='<email from>'
export MONIT_SMTP_SERVER='<smtp server>'
export MONIT_SMTP_PORT='<smtp port>'
export MONIT_SMTP_USER='<smtp username>'
export MONIT_SMTP_PASSWORD='<smtp password>'
export PICKWICK_API_URL='<url of API>'
export PICKWICK_API_TOKEN='<read only API token>'
export PICKWICK_API_RW_TOKEN='<API token>'
export PICKWICK_ADMIN_USERNAME='<admin username>'
export PICKWICK_ADMIN_PASSWORD='<admin password>'
export SIDEKIQ_USERNAME='<sidekiq username>'
export SIDEKIQ_PASSWORD='<sidekiq password>'
git clone https://github.com/OPLZZ/pickwick-chef.git
cd pickwick-chef
... install the required rubygems:
bundle install
... install the site cookbooks with Berkshelf:
berks vendor ./site-cookbooks/
... upload the cookbooks and roles to Chef Server:
bundle exec rake chef:sync
... build server
... create ~/.ssh/digitalocean-damepraci using ssh-keygen
... set environment variable to public key
export SSH_PUBLIC_FILE=~/.ssh/digitalocean-damepraci.pub
export SSH_IDENTITY_FILE=~/.ssh/digitalocean-damepraci
... add ssh key to digitalocean account
bundle exec knife digital_ocean sshkey create --sshkey-name digitalocean-damepraci \
--public-key $SSH_PUBLIC_FILE
... get ssh key id
export SSH_KEY_ID=$(bundle exec knife digital_ocean sshkey list | grep digitalocean-damepraci | cut -d' ' -f1)
... create droplet
bundle exec knife digital_ocean droplet create --server-name damepraci.cz \
--image debian-7-x64 \
--location fra1 \
--size 2gb \
--ssh-keys $SSH_KEY_ID \
--bootstrap \
--distro debian \
--ssh-port 22 \
--identity-file $SSH_IDENTITY_FILE
... create volume named damepraci.cz using DigitalOcean UI and attach it to the damepraci.cz droplet
... add desired role to the node
bundle exec knife node run_list add damepraci.cz "role[whole_stack]"
... run chef-client again
knife ssh "name:damepraci.cz" -a ipaddress -x root --identity-file $SSH_IDENTITY_FILE chef-client
