Nodes are initialized by the userdata.sh in the Infrastructure repository.
Each node is instantiated by Terraform with an /etc/environment
file generated by userdata.sh. This file contains the most basic level of configuration for a node. Environment variables defined here are available to any systemd unit with the use of EnvironmentFile=/etc/environment
in the [Service]
section. All environment variables defined here are also available by default in the shell.
# /etc/environment
#
# This file is parsed by pam_env module
#
# Syntax: simple "KEY=VAL" pairs on separate lines
#
UUID=2078ffe0-e6cf-48ab-9422-c9ee48d0c884
ID=2078ffe0
ANSIBLE_REPO="git@github.com:psev/ansible"
HOSTNAME=build-development-2078ffe0
REGION=us-west-2
TAGS=base,build
DEPLOY=development
Also upon instantiation, Terraform adds an SSH Key to each node for access to GitHub. It then creates a systemd unit file called /etc/systemd/system/bootstrap.service
which is started at the end of userdata.sh. Keep in mind that changes to this file require a redeployment of the node.
# /etc/systemd/system/bootstrap.service
[Unit]
Description=Ansible Bootstrap
Requires=network-online.target
After=network-online.target
[Service]
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/git clone \$${ANSIBLE_REPO} /root/ansible
ExecStartPre=/usr/bin/git -C /root/ansible pull
ExecStart=/usr/bin/ansible-playbook -i /root/ansible/inventory \
/root/ansible/archlinux/bootstrap.yml \
-e "ansible_python_interpreter=/usr/bin/python2"
The primary function of the bootstrap role is to run the systemd role which handles the configuration of the node's initilization system. It configures network interfaces, enables systmed-journal-gatewayd which can be used for centralized logging and provides environment variables for network details.
Configuration of services such as docker and unbound require the information about the node's network interfaces. This data is made available by environment.py and environment.service.
When run, environment.service
invokes environment.py
which uses the netifaces Python module to garner network interface addresses and also parses /etc/resolv.conf
for domain name details write that data to /etc/environment.network
.
# /etc/environment.network
HOST_DOMAIN_1=sugarush-development.us-west-2.aws
HOST_DNS_1=172.16.0.2
HOST_IP=172.16.0.36
Network details are accessible in systemd units by including EnvironmentFile=/etc/environment.network
in the [Service]
section.
The bootstrap process also handles a variety of other system level configuration by applying roles defined in it's meta section.
The ansible service is enabled at the end of the bootstrap process via the ansible timer. This service calls the primary playbook main.yml that uses the TAGS
environment variable, which is a comma separated list, to apply various roles to a node. See the Pre Bootstrap section for an example.