• Issue/Task tracking: https://huboard.com/CenterForOpenScience/cos-ansible-base

• ansible >= 2.1
• virtualbox
• vagrant >= 1.6
• invoke (Python task execution library)
• python >= 2.7 or >= 3.4 with pip
• fwknop >= 2.6.5
• At least 2Gb of memory

Virtualbox and Vagrant can be installed with homebrew cask. If you have homebrew installed, run the following from the project directory:

$ brew bundle

Invoke can be installed with pip

$ pip install invoke
$ pip install -r requirements.txt

To clone cos-ansible-base locally, run:

$ git clone https://github.com/CenterForOpenScience/cos-ansible-base --recursive

The --recursive option ensures that all submodules will be cloned.

Once you have Vagrant and ansible installed, follow these steps:

• Generate your ssh key with ssh-keygen

$ ssh-keygen

• Run vagrant up <machine_to_run>. Then will start the VM provision with invoke vprovision. Use the --limit (or -l) option to limit to a specific group.

# Start the osf-staging server
$ vagrant up osf-staging
# Provision the osf-staging server
$ invoke vprovision --limit osf-staging

To ssh into your Vagrant box, run vagrant ssh <box-name>:

$ vagrant ssh osf-staging

To generate a password, run

$ invoke genpass

This crypted password can be used by the generic-users role in a group_vars file.

Playbooks can be run with the ansible-playbook command. You need to specify which inventory file with the -i option as well as a user with the -u option. Run in sudo mode with -s

$ ansible-playbook security.yml -i vagranthosts -u sloria -s

Or, using invoke for shorthand:

$ invoke play security.yml -i vagranthosts -u sloria

The site.yml playbook is responsible for provisioning all servers in an inventory.

Run it like so:

$ ansible-playbook site.yml -i vagranthosts -u sloria -s

The above command runs the site.yml playbook using the vagrant inventory file with user sloria in sudo mode.

Or, if you prefer to use invoke:

$ invoke provision -i vagranthosts -u sloria

NOTE: You can also provision the vagrant box by running invoke vprovision with no arguments.

Many of the roles use variables defined in their defaults/main.yml file. You can override these on the command line with the -e option:

$ ansible-playbook site.yml -i vagranthosts -u sloria -e "ssh_test=false"

or, equivalently:

$ invoke provision -u sloria -e "ssh_test=false"

The above would temporarily disable SSH configuration testing.

If using encryption and HMAC keys, execute on client:

fwknop -A tcp/22 -a PUBLIC_CLIENT_IP -D TARGET_SERVER_IP --key-gen --use-hmac --save-rc-stanza

Print your newly generated keys:

grep KEY ~/.fwknoprc

And add to Single Packet Authorization Server access configuration /etc/fwknop/access.conf:

SOURCE              ANY
KEY_BASE64          [KEY]
HMAC_KEY_BASE64     [HMAC_KEY]

You will need to set up agent forwarding in order to be able to properly authenticate with Github over SSH in ansible. To do so, add the following to your ~/.ssh/config/ file.

Host staging.osf.io
    HostName 66.228.46.171
    User sloria
    ForwardAgent yes

Host osf.io
    HostName 69.164.210.152
    User sloria
    ForwardAgent yes

The deploy.yml script is used to deploy the OSF.

To deploy on staging:

$ invoke deploy_staging -u sloria

You will be prompted for the branch to checkout on staging.

To deploy to production:

$ invoke deploy_production -u sloria

This will deploy to the production server, checking out the master branch from Github.

Want to help save science? Want to get paid to develop free, open source software? Check out our openings!