The ansible playbooks are tested on ubuntu 14 so far. Trying to run them on a debian machine I’m following the tutorial https://github.com/openfoodfoundation/ofn-install/wiki/Setup The language-pack-en-base package can not be found since the ubuntu package repositories are missing on debian. What is it used for? Also “sudo” needs to be installed manually on debian for ansible to run.
Currently I’m stuck on the last webserver task “update unicorn”
“msg”: "Could not find the requested service “‘unicorn_openfoodnetwork’”: "}
Can debian be the reason?
vars.yml contains overlapping configuration with inventory/…
The file is not mentioned in the deployment tutorial. What is it for?
I try to stick to ubuntu and tested containers, friends are moving to BSD
for its more integrated approach to devops- so it could help OFN in the
future… G
Changing RAILS_ENV and re-running only the deploy playbook did not work because the monit conf.d file (for delayed job workers) and the unicorn init script both contain rails_env but are part of the provision playbook. Hence the delayed job workers, unicorn and the configured mail method had different rails environments.
@orangeman there are some great points you’ve raised here.
About the other community forum posts you list, would you be able to make a note of what in those was useful on top of the ofn-install wiki docs? Ideally the wiki docs would be complete.
There are several issues also. Might you be up for creating GH issues for those to break them down?
I think the vars.yml file is no longer needed and the example file should be removed. All that config should now be under /inventory.
After the playbooks finish is everything supposed to be readily running?
(Maybe due to docker?) I had to start nginx/memcached/unicorn/delayed_job manually. So basically the last wiki page https://github.com/openfoodfoundation/ofn-install/wiki/Deployment-with-Ansible were missing the final steps in my experience and I still don’t understand how monit is supposed to be configured to work. Currently the delayed job worker runs manually as root which seems to create permission problems during backup/rollback
that’s great to hear @organgeman, I’m planning to get more involved with a
pilot for the NorthernColorado local food network, so I"m eager to use this
technique as well. when all is working perfectly, its easy to test locally
and easy to get changes up to the dev brach, from where its easy to pull
changes back down to our local dev instances… toward devops nirvana!
running the ansible playbooks in a local docker container worked great
except for letsencrypt ssl certificate registration handshakes…
That’s why I ended up running everything on the server
A few days ago I took it offline because:
letsencrypt certificate expired
How to renew it?
needed the ip for a different website
In order to host multiple sites on the same ip it would help to have the nginx reverse proxy separately outside the docker container. Nginx would then forward requests differently depending on host domain name. The ofn docker image could then be build and run locally as well since nginx takes care of letsencrypt ssl. Maybe also the postgresql database could be split out and be shared as a separate docker container…
there is a way to have a cron run every 2.5 months… so that by 3 months
time it will be current rather than expired keep it current,
If you look on the letsentrypt site FAQ it explains, otherwise I can help
you to know how to set up the cron tab from the command line or in your
docker playbook ( new method for me as well )
request routing? you could do dev on amazon first year free… the idea of
containers is to separate concerns and make things more secure, but I do
understand the cost savings of setting up a shared host, and how it would
help the many groups. I would prefer to run open food network rails code on
its own machine if possible, so that it does not get interfered with by
other activities on the server., and it won’t bother other sites…
for me, working in Prestashop lately, it has been easiest in the devops
world to use one vagrant machine which has a db and apache2 served files in
the same place for dev. In the future I hope to configure a way to push my
local changes up to two or more machines - live, dev, and db//
I am still figuring out the fineries of lets enctrypt, but I think as
line as you gave it a local name, it would encypt. it does not issue certs
for ip addresses alone…
@pmackay yes the ofn-install scripts did setup letsencrypt. It worked perfectly for about three months. Is it supposed to renew by itself? or do I need to trigger that manually somehow?
and It looks like you will have to set a cron by adding something like the
following until we add it to the docker file…
FYI- I’m also working with bro ‘intrusion detection’ for better server
security, and piwik for locally managed stats… I’m not sure what ofn is
doing for those features, but they are decisions to make for any local
deployment.
bro is pretty hugely popular it seems.
the issues had been related to the ofn setup and not necessarily to docker. I tried running (all) the ansible scripts inside a (single) ubuntu docker container.
Docker is not intended to be used as virtual machine / compatibility layer but as small lightweight cointainers (with only one linux process) that can flexibly be composed together… OFN deployment would be comprised of many containers. The benefit would be flexibility, e.g. trying a different reverse (caching) proxy or sharing the (heavy weight) postgres database between instances, etc… @almereyda once did a promising docker deploy Early draft of a docker compose deployment but I could only get it running 95%
But github is probably a good place to clarify 
