Professional Documents
Culture Documents
Installation Runbook - Milkbasket
Installation Runbook - Milkbasket
PREPARED BY
devops@sourcefuse.com
Table of Contents
Section 1
Ansible- Dynamic Inventory
Section 2
Loki Set-up on EC2 Server
Promtail Agent Set-up on EC2 server
Section 3
Run NodeJS Application With Yarn using Systemctl service
Pre-requisites:
On CentOS:
$ sudo yum install epel-release
$ curl -O
https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.9.25-1.el7.ans.noarch
.rpm
$ sudo yum install python-paramiko python2-cryptography sshpass
$ sudo rpm -ivh ansible-2.9.25-1.el7.ans.noarch.rpm
$ ansible --version
Note: For ec2-amazon linux machines, the amazon-linux-extras was removed for 2023 ami. We
are exploring this part, we will give a solution asap.
Step 1: Install Ansible-EC2 plugin- Run the below command in order to install the Ansible-EC2
plugin
Step 2: Ensure you have python3 & pip3 installed in your Ansible server.
If you have used the Ansible ppa for installation, install pip using the following command.
Step 3: Create an inventory directory under /opt and cd into the directory.
$ sudo vi aws_ec2.yaml
Copy the following configuration to the file. If you are running an ansible server outside the AWS
environment, replace add your AWS access key and secret to the config file.
---
plugin: aws_ec2
aws_access_key: <YOUR-AWS-ACCESS-KEY-HERE>
aws_secret_key: <YOUR-AWS-SECRET-KEY-HERE>
keyed_groups:
- key: tags
prefix: tag
If an ansible server is running inside the AWS environment, attach an ec2 instance role with the
required AWS ec2 permissions (please follow the step 5 else go to step 6).
$ sudo vi /etc/ansible/ansible.cfg
Find the [inventory] section and add the following line to enable the ec2 plugin.
[inventory]
enable_plugins = aws_ec2
The above command returns the list of ec2 instances with all its parameters in JSON format.
If you want to use the dynamic inventory as a default Ansible inventory, edit the
/etc/ansible/ansible.cfg file and search for inventory parameters under defaults. Change the
inventory parameter value as shown below.
inventory = /opt/ansible/inventory/aws_ec2.yaml
Now if you run the inventory list command without passing the inventory file, Ansible looks for
the default location and picks up the aws_ec2.yaml inventory file.
Step 8: Grouping of instances- Add the below code in the aws_ec2.yaml file
---
plugin: aws_ec2
aws_access_key: <YOUR-AWS-ACCESS-KEY-HERE>
aws_secret_key: <YOUR-AWS-SECRET-KEY-HERE>
keyed_groups:
- key: tags
prefix: tag
- prefix: instance_type
key: instance_type
- key: placement.region
prefix: aws_region
Run the below command in order to check the output for grouped instances.
$ ansible-inventory -i aws_ec2.yml --graph
Step-5. Create data directory for loki and provide ownership to loki user - sudo mkdir /tmp/loki
&& sudo chown loki:loki /tmp/loki
Step-6. Create Systemctl Service for Loki - sudo vi /etc/systemd/system/loki.service
Description=Loki service
After=network.target
[Service]
Type=simple
User=loki
ExecStart=/usr/local/bin/loki-linux-amd64 -config.file /usr/local/bin/loki-config.yml
Restart=always
[Install]
WantedBy=multi-user.target
–--
Install LOKI using Ansible -
To run the ansible, please provide the key-pair file and run the following command :
ansible-playbook loki.yml -i inven-loki.txt
Remark :: Please provide the ownership of the log file to promtail user to collect the logs and
Attach the IAM role with full EC2 permissions for sd_config (or provide access keys with full EC2
permissions)
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: 'http://<loki-server-address>/loki/api/v1/push'
scrape_configs:
- job_name: journal
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: systemd-journal
relabel_configs:
- source_labels: ["__journal__systemd_unit"]
target_label: "unit"
- job_name: system
static_configs:
- targets: [<target-ip-address>]
labels:
job: varlog
__path__: /var/log/*.log
- job_name: 'aws'
ec2_sd_configs:
- region: "ap-south-1"
access_key: <access-key>
secret_key: <secret-access-key>
filters:
- name: instance-state-name
values:
- running
relabel_configs:
- source_labels: [__meta_ec2_tag_Name]
target_label: name
action: replace
- source_labels: [__meta_ec2_tag_Account]
action: replace
target_label: Account
- source_labels: [__meta_ec2_instance_type]
target_label: instance_type
- action: replace
replacement: /var/log/secure
target_label: __path__
- source_labels: [__meta_ec2_instance_id]
target_label: instance_id
Step-5. Create Systemctl Service for Promtail - sudo vi /etc/systemd/system/promtail.service
[Unit]
Description=Promtail service
After=network.target
[Service]
Type=simple
User=promtail
ExecStart=/usr/local/bin/promtail-linux-amd64 -config.file
/usr/local/bin/promtail-config.yml
Restart=always
[Install]
WantedBy=multi-user.target
___
Steps to run the ansible playbook to install promtail on the host machines:
Prerequisite:
● A server that has ansible installed in it. (Please refer to the dynamic inventory set up
section).
● Finish the Initial set-up for dynamic inventory . (Please refer to the dynamic inventory set
up section).
–--
Install Promtail using Ansible -
Please update the log file which needs to be fetched in the task folder and according to the log
file, please update promtail-config.yml in the template folder. Also provide aws access keys for
ec2_sd_config in vars files with FullEC2 permissions.
To run the ansible, please provide the key-pair file and run the following command :
ansible-playbook promtail.yml -i inven-prom.txt
To deploy a nodejs application with yarn as a no-shell user (app) on ec2-server (amazon linux)
with systemctl service, We have to follow these steps.
Step-1. Create No Shell User - sudo useradd -rs /bin/false app (app is a no-shell user)
Step-2. Install Nodejs and Yarn on EC2 server based on Linux AMi Version. (run these
command with user which have sudo privilege)
Step-3. Make Directory for application - sudo mkdir /opt/myapp (/opt/myapp is app directory)
Step-4. Provide ownership of the application directory to the no shell user - sudo chown app:app
/opt/myapp
Step-5. Run yarn in the app directory - cd /opt/myapp/ && yarn install --production
Step-6. Create systemctl service - sudo vi /etc/systemd/system/myapp.service
[Unit]
Description=My Node.js Web Server
After=network.target
[Service]
ExecStart=/usr/bin/yarn start
WorkingDirectory=/opt/myapp
User=app
Environment=PORT=3005 → (port where application will run)
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=nodejs_server
Restart=always
RestartSec=30s
[Install]
WantedBy=multi-user.target
Step-7. For Logging purpose install rsyslog - sudo yum -y install rsyslog
Step-8. Create Log file and provide ownership to no shell user - sudo touch /var/log/myapp.log
&& sudo chown app:app /var/log/myapp.log
Step-9. Reload the system daemon - sudo systemctl daemon-reload
Step-10. Start the node js service - sudo systemctl start myapp.service
Step-11. Create config for rsyslog file and paste the content - sudo vi /etc/rsyslog.d/myapp.conf
Step-18. Restart Nginx - sudo systemctl restart nginx && sudo systemctl enable nginx
Step-19. To automatically start nodejs systemctl service when code changes -
sudo vi /etc/systemd/system/watcher.service
[Unit]
Description=nodejs restarter
After=network.target
StartLimitIntervalSec=20
StartLimitBurst=5
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart nodejs.service
[Install]
WantedBy=multi-user.target
AND
[Path]
PathModified=/opt/myapp/ → Application directory path
[Install]
WantedBy=multi-user.target
Jenkins::