emi_openproject

---

Project Infrastructure and Technology Stack

• Created all role directories using ansible-galaxy to facilitate development.
• Technologies used:
  • PostgreSQL
  • Apache
  • Ruby
  • Node.js
  • ACL (Access Control Lists)
  • Jinja2 templating
  • SSH for remote access
  • Vagrant for local virtualization

Infrastructure Configuration for OpenProject with Ansible

• Automated installation and setup of PostgreSQL.
• Automated installation and configuration of Apache with Passenger for Ruby on Rails.
• Modular and reusable Ansible roles.
• Dynamic file configuration using Jinja2 templates.
• Inventory management separating web and database servers.
• Management of ACL permissions via Ansible.
• Vagrant used to provision and manage local virtual machines.

Steps for Running the Application

• The application was developed on Windows 11 using WSL (Windows Subsystem for Linux).

• Vagrant and VirtualBox are installed natively on Windows, so the virtual machines (VMs) are created from the Windows host.

• All configuration and scripting were done inside WSL, but the VMs are started from PowerShell using:

  vagrant up

• To avoid SSH key conflicts, remove old SSH keys from the known_hosts file with:

  ssh-keygen -f ~/.ssh/known_hosts -R 192.168.56.11   # for webserver
  ssh-keygen -f ~/.ssh/known_hosts -R 192.168.56.12   # for dbserver

• Copy the private SSH keys from the .vagrant folder for each VM into your ~/.ssh directory:

  cp /mnt/c/Users/[path_to_your_project]/.vagrant/machines/db/virtualbox/private_key ~/.ssh/vagrant_db_key
  cp /mnt/c/Users/[path_to_your_project]/.vagrant/machines/web/virtualbox/private_key ~/.ssh/vagrant_web_key
  chmod 600 ~/.ssh/vagrant_db_key ~/.ssh/vagrant_web_key

• Test manual SSH connections to the VMs using the keys:

  ssh -i ~/.ssh/vagrant_db_key vagrant@192.168.56.12
  ssh -i ~/.ssh/vagrant_web_key vagrant@192.168.56.11

• Verify Ansible connectivity with the ping module:

  ansible all -i inventory.ini -m ping

  Note: Even if you set inventory=inventory.ini in your ansible.cfg, Ansible may still show warnings about SSH permissions because Windows doesn't support Unix-style permission settings.

Running the Monitoring Playbooks

You have multiple options for running the monitoring playbooks:

• Using Ansible facts, systemd, and shell commands
  This method gathers system data and checks service statuses using built-in Ansible modules.

  ansible-playbook -i inventory.ini monitor.yml

• Using Loki and Promtail services
  This method leverages Loki and Promtail for log collection and analysis.

  ansible-playbook -i inventory.ini monitor_loki_promtail.yml

• Using Prometheus and Grafana
  This approach sets up Prometheus and Grafana. You can then access their web interfaces using the webserver's IP address.

  ansible-playbook -i inventory.ini prometheus.yml -l web1

Note: Issues may occur when installing postgres_exporter. If the GitHub download link is outdated or broken, you can either update the link directly in the playbook or manually install the binary on the target machine.

OpenProject log rotation playbook

ansible-playbook -i inventory.ini logrotate.yml

• Logs rotated daily,with a retention of 7 old log files
• Logs compressed after rotation to save space
• Skips rotation if logs are missing or empty to avoid errors