/var/www/{files,files2,osc,specials} are static files service via /etc/nginx/sites-available/files.
varnish servers everything through port 80 (as configured in /etc/default/varnish) via configuration in /etc/varnish/varnish.vcl.
webview is served by nginx via /etc/nginx/sites-available/webview.
{archive, publishing, authoring} are served via python process. Their configuration is stored local to the project checkout of the production branch.
prerender is hit through configuration in /etc/nginx/sites-available/webview.
prerender is run ???
accounts is typically on another system somewhere in AWS land.
In production, the apps (including legacy) and database run on tundra. Varnish and nginx are running on steppe.
We may want to use roles_path later on to consolidate some of the openstax playbooks with cnx playbooks. This will probably mean that common roles will live in a separate repo than their main deployment playbooks.
A pip like tool called ansible-role-manager (arm) is a useful for managing external role/module resources from galaxy. Also, it has some handy boilerplate helpers.
$ pip install ansible-role-manager
$ arm -hThe practice I'm toying with at the moment includes using it to manage external dependencies.
$ arm freeze > ansible_requirements.txt
$ arm install -r ansible_requirements.txt- cnx-devops ssh keypair needs to be pushed onto the machine
- ssh-agent needs started with env-vars,
eval $(ssh-agent) - ansible must pass
-HEwhen using sudo. - chown should be called on projects to change their ownership.