Roles

The following roles are currently available:

  • currently disabled --> ssh_host_key_signing | use sign host keys for accessing the servers
  • preinstall | initialize configuration (setup repos for instance)
  • httpd | add a webserver, in this case Apache
  • elasticsearch | add elasticsearch
  • postgres | add a database, in this case postgresql
  • minio | add a minio instance to the system
  • tomcat | add MOLGNENIS-OPS-TOMCAT, to setup tomcat
  • logging | add a logging mechanism, in this case filebeat and metricbeat from elastic
  • node_exporter | add node_exporter to expose load and other system features
  • molgenis | deploy MOLGENIS artifact on system
  • backup | set backup configuration for this server
  • postinstall | additional steps to configure the server

[ preinstall ] - Initialize configuration

Configures repositories and installs all the packages needed to run the following roles on the system.

Specific configuration done by the preinstall role is: - Configure firewall - Synchronise NTP

[ httpd ] - Add httpd

Install the service httpd and enable it on boot time. - Install certificates on host

note: you need to have access to the backup server on the machine you are running Ansible on - Configure HTTPD note: with hostname located in the inventory.ini file

[ elasticsearch ] - Add ElasticSearch

The installation of elasticsearch consists of 3 major steps:

  • Configure Elasticsearch
  • Configure system to work with Elasticsearch
  • Install Elasticsearch

Copy default configuration

  • Copy jvm.options
  • Copy elasticsearch.yml

Configure system configuration

  • Configure 'pam-limits'
  • Configure sysctl to set 'vm.swappiness'

Install elasticsearch

  • Install the Elasticsearch repository
  • Install elasticsearch:5.5.1

[ postgres ] - Add PostgreSQL

The installation of PostgreSQL consists of 5 major steps:

Install PostgreSQL

  • Create the repository
  • Install PostgreSQL RPM

Copy default configuration

  • Install extra packages to use PSQL remote
  • Copy default config to OS (pg_hba.conf)
  • Start and enable PostgreSQL

Configure database

  • Create 'molgenis' database in PSQL
  • Create 'molgenis' user in PSQL
  • Create 'molgenis'-scheme in PSQL
  • Grant right on 'molgenis'-scheme with user 'molgenis'

[ tomcat ] - Add Tomcat

There are 2 steps that are performed when running this role.

  • Install molgenis-ops-tomcat
  • Start and enable molgenis-ops-tomcat

[ logging ] - Add logging to the VM

  • Add repository beat.repo
  • Install package:
  • filebeat
  • Configure logging

[ node_exporter ] - Add monitoring

Install supervisor and node exporter to create monitoring statistics which can be scraped by tools like Prometheus.

[ molgenis ] - Add MOLGENIS

Install MOLGENIS on the system

[ backup ] - Configure backup

  • Configure home dir backup user

    note: check if you have executed the vault cli commands to get the backup.pub

  • Configure backup

[ postinstall ] - Post installation configuration

  • yum versionlock is performed on MOLGENIS rpm's and Elasticsearch