Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


This articles describes how to setup the Maestrano Hub component on a server / auto-scaling group using mno-deploy, Maestrano's Ansible automation framework.




Table of Contents
stylenone




1 - Prerequisites

This documentation is tailored for AWS. While the steps can be adapted for other platforms you may need to contact us to get further guidance if you are trying to use the below instructions for Azure, SoftLayer or Google Compute Cloud.

In order to perform this installation you will need to setup a Github repository to store your configuration (e.g. mno-deploy-myproject) and setup a build process to package this repository as a tar.gz archive and push it to one of your AWS S3 buckets. This section provides more information on what to include in this configuration repository.

2 - Configuration

This section describes how to setup the ansible configuration parameters in mno-deploy to deploy Maestrano Hub. These configuration activities should be performed on your configuration project (e.g. mno-deploy-myproject) under ansible/vars/<environment_name>.yml and ansible/vars/<environment_name>_secrets.yml

1.1 - Infrastructure configuration

In order to setup Maestrano Hub you need to fill certain parameters describing how the Load Balancer, Launch Configuration and Auto-Scale group should be configured for MnoHub.

A basic example is provided here: https://github.com/maestrano/mno-deploy/blob/develop/ansible/vars/example.yml#L91

Below is a commented example of what each parameter means. You can see the full list of default values by looking at the group_vars on github.

Code Block
# MnoHub Infrastructure Configuration
mnohub:
  # should this component be setup or not
  skip: false
  launch_configuration:
	# AWS instance size for mnohub
    instance_type: c3.large
	# OPTIONAL - you can use spot instances in test environments
    spot_price: 0.0235
  auto_scaling_group:
	# how many instances of MnoHub should be launched at minima
    min_size: 1
	# max number of instances to launch
    max_size: 2
	# target number - used when failure occurs on one of the machines
    desired_capacity: 1
  elastic_load_balancer:
	# this block specifies how to load balance traffic
    listeners:
      - 
		# incoming traffic protocol - if you are behind a firewall you may set it to HTTP
		protocol: https
		# incoming traffic port - if you are behind a firewall you may set it to 80
        load_balancer_port: 443
		# protocol to use on the instance - if encryption in transit is required you may set it to https
        instance_protocol: http
		# port to use on the instance - if encryption in transit is required you may set it to 443
        instance_port: 80
		# IAM certificate to use on the ELB side. Only required if load_balancer_port is 443 and protocol is https
        ssl_certificate_id: "arn:aws:iam::647381683421:server-certificate/some.iam.certificate"


1.2 - Application configuration

The configuration block below relates the Maestrano Hub runtime configuration. This runtime configuration is split between settings and secrets. Therefore the configuration is spread over two files:

  • settings: ansible/vars/<environment_name>.yml
  • secrets (encrypted): ansible/vars/<environment_name>_secrets.yml

Below is a commented example of what each parameter means. You can see the full list of default values by looking at the group_vars on github.

Code Block
mnohub_config:
  # Whether to run migration. Should be set to false
  skip_migrations: false
  # Enable/Disable sidekiq for Maestrano Hub. Should be set to false
  background_jobs_disabled: false
  # This section describes how assets (images, js/css files)
  carrierwave:
	# Name of the AWS buckets where assets will be stored
    public_bucket: some-aws-bucket
	# Domain used to serve assets. Typically this will be the s3 host or cloudfront host
	# if you have activated Cloudfront for your S3 bucket
    asset_host: some-cloudfront-id.cloudfront.net
  general:
	# OPTIONAL: only required if you want to enable hosted apps by us. Please contact us.
    nex_host: "https://{{ nex.dns_record.record }}"
	# OPTIONAL: only required if hosted apps are enabled. Please contact us.
    apps_domain: "apps.uat.maestrano.io"
	# This value is used to generate unique email addresses for application providers
    virtual_email_domain: "appmail.somearbitrarydomain.com"
  # OPTIONAL (will default to maestrano.dns_record.record)
  # This block defines how Maestrano Hub should be accessed outside of the VPC
  # This configuration block is typically used by other applications
  public_dns:
    scheme: https
    host: api-hub.mydomain.com
  # OPTIONAL (will default to maestrano.dns_record.record)
  # This block defines how Maestrano Hub should be accessed inside the VPC
  # This configuration block is typically used by other applications 
  private_dns:
    scheme: http
    host: api-hub.internal
  # OPTIONAL (will default to rds.endpoint)
  # Describe the database access
  database:
    host: some-db-host.somedomain.com
  # OPTIONAL: if specified then an initial tenant will be created on first deploy
  default_tenant:
    name: Some Tenant Name
    id: some-uuid
    key: some-secret-key
    scheme: https
    host: frontend-host.example.com
  # OPTIONAL: New Relic app name and enablement flag. The global var newrelic_license_key must be set.
  new_relic:
    enabled: true
    app_name: MnoHub
  # OPTIONAL: whether to monitor the application using Splunk. The global vars splunk_* must be set
  splunk:
    enabled: true
  # OPTIONAL: whether to monitor the application using Splunk. The global configuration block 'sumologic' must be set
  sumocollector:
    enabled: true


Below is an example of secrets configuration block. Note that the <environment_name>_secret.yml must stay encrypted using ansible-vault.

Code Block
# MnoHub configuration
mnohub_config:
  # Database credentials
  database:
    username: db_username
    password: some_password
  # Rails secrets
  secrets:
    # This key is used to encrypt credentials in database. Use "rake secret" to generate it.
    encryption_key: some_random_key
    # This service is used to convert monetary values. Put your OpenExchangeRate.org API key
    open_exchange_rate_id: open_exchange_rate_api_key
	# Rails secret. Use "rake secret" to generate it.
    secret_token: some_random_key
	# Rails secret. Use "rake secret" to generate it.
    secret_key_base: some_random_key
  # The AWS credentials to use to manage the 'assets' bucket (used to upload images, js/css files)
  s3_bucket:
    access_key: aws_key
    secret_access_key: aws_secret
  # OPTIONAL: Payment gateway. eWay credentials.
  eway:
    login: eway_login
    username: eway_username
    password: eway_password
  # OPTIONAL: Payment gateway. Braintree credentials.
  braintree:
    merchant_id: braintree_merchant_id
    public_key: braintree_public_api_key
    private_key: braintree_private_api_key


3 - Infrastructure setup

1.1 - Using Ansible

1.2 - Manual Setup