This project uses Ansible MC Hub to deploy the MC Hub web application on mc.computecanada.dev. It adds the required encrypted configuration files (including API keys and cryptographic keys) to deploy the full application.
If you are not an employee of Compute Canada or are not authorized to deploy to
mc.computecanada.dev, you may instead setup your own web server with Ansible MC Hub or simply MC Hub.
In order to deploy and maintain mc.computecanada.dev, you need to send a private message to Frédéric Fortier-Chouinard (me) on Slack or open an issue on Github.
First, in order to access the secret files, you will need to own a GPG key pair and send your public key in order to decrypt the secret files with git-crypt.
Then, you can ask to have your SSH key pair authorized to deploy the Ansible playbooks to the VM instance of mc.computecanada.dev. To do so, you will need to also provide your SSH public key.
-
Clone this repository.
git clone --recurse-submodules https://github.com/ComputeCanada/mc.computecanada.dev -
Decrypt the configuration files.
git-crypt unlockgit-crypt uses your GPG private keys to try to decrypt the content of secret files. Make sure GPG has access to a private key that is authorized by the project. Otherwise, decryption will fail.
This project only allows access to users that have the LDAP attribute ccServiceAccess set to cc_mchub.
-
Start an SSH agent and add the private key of the host CentOS instance.
eval `ssh-agent` ssh-add <SSH_PRIVATE_KEY_FILE>
-
Optionally, make changes to the playbook, inventory or configuration files.
-
Run the Ansible playbook.
ansible-playbook -i hosts.yml ansible-mc-hub/site.yml
-
Navigate to
mc.computecanada.devand make sure everything is working correctly.
If you ever need to make changes to a configuration file, make the modification and run the Ansible playbook again. You may need to restart the instance too.