WSO2 Identity Server deployment with Ansible — Part II
This blog is the second part of the series WSO2 Identity Server deployment with Ansible. The series aims to provide a brief introduction to Ansible and how it's used for deploying WSO2 Identity Server cluster setup. If you haven’t gone through the first part of this series kindly request you to go through it.
Let’s see how we can use Ansible in order to deploy the WSO2 Identity Server cluster setup
WSO2 has already provided basic Ansible scripts in order to deploy the WSO2 Identity Server and automate configuration management in the cluster.
Ansible Installation
- Ansible needs to be installed on the machine which is to be used as the controller node (master node). https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
- Ansible uses SSH to connect to remote hosts(managed nodes) and do the setup.
- No software needed to be installed beforehand on remote hosts.
- Create the connection between the controller node and remote hosts(managed nodes) which are to be used as Identity Server nodes, using SSH with the public key of the Ansible control node.
For Aws ec2 instances, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
For Azure VMs, https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys
Ansible Playbook Architecture
Site.yaml
We have site.yaml which is the Ansible playbook. There you can configure the remote hosts(managed nodes) that you need to ship your changes according to the Ansible role.
Inventory
Ansible works by connecting to remote hosts (using SSH) defined in the inventory file, which contains information(IP addresses and usernames) about remote servers to be managed.
Ansible role
We have Ansible roles. Each role defines a product runtime or a product profile. Since we are going to deploy WSO2 Identity Server, here we have the “is” role.
In is role, we can keep a set of templates.
ex-:
- wso2is.service.j2
- deployment.toml.j2
- wso2server.sh.j2
These are files from the product which are parameterized to apply values based on your environment. You can change or add any configuration to these templates as you wish.
Parameter values & Environments
On top of the “is” role, you can see the different environments. WSO2 Ansible-is resource only contains a dev environment. However, you can keep any number of environments as you wish. One environment is having group_vars, host_vars & inventory file. In group vars, all the common variables which are related to the templates for all the nodes are defined in is.yaml file.
In the hosts_vars, you can define the variables specific to each host in an environment. Those variables can be defined in yaml files as is_1.yaml, is_2.yaml accordingly.
Tasks
We have a set of tasks there, which includes everything needed to be done to achieve the required state of the managed node. There we have a main.yaml and a custom.yaml inside ansible-is/roles/is/tasks directory. The main yaml contains all the main tasks. Anything you want to add, you can just add to the custom yaml. So extending and customizing is just a matter of adding your code to the custom.yml
Running WSO2 Identity Server Ansible scripts
These Ansible scripts contain the configurations to set up a two node WSO2 Identity Server cluster for a dev environment. In order to deploy the cluster, you need to define the ip_address & username of remote hosts where you need to deploy the Identity Server in the inventory file under the dev folder. An example is given below.
[is]
is_1 ansible_host=20.121.27.226 ansible_user=node1user
is_2 ansible_host=20.127.109.216 ansible_user=node2user
If you need to add another IS node to your cluster, you can just include the ip address and username to the inventory file as follows,
[is]
is_1 ansible_host=20.121.27.226 ansible_user=node1user
is_2 ansible_host=20.127.109.216 ansible_user=node2user
is_3 ansible_host=20.127.109.104 ansible_user=node3user
Also you need to create a is_3.yaml file inside the host_vars folder for that 3rd node and change relevant parameters accordingly. Furthermore add is_3 under the hosts in site.yaml as follows.
- name: Apply Identity Server configuration to IS nodes
hosts:
- is_1
- is_2
- is_3
If you need to alter the configurations given, please change the parameterized values in the yaml files under group_vars and host_vars.
Thereafter run the following command to run the scripts.
ansible-playbook -i <environment folder name> site.yml.Customize the WSO2 Ansible scripts
In case you need to customize or change some configuration files(any web.xml file or etc) of the identity server from the Ansible control node, you can keep that file inside the ansible-is and add the file mapping to the ansible-is/roles/is/tasks/custom.yml file as follows.
Step 1
Uncomment the following line in main.yml under the is role..
- import_tasks: custom.yml
Step 2
Add the file mapping configuration to the custom.yml.
For example, let’s say if you need to customize the scim2-schema-extension.config file residing in the IS-Home/repository/conf directory, you can keep that file inside the ansible-is/files/configuration_files directory. Then you should add the file mapping into the custom.yml file as follows,
- name: “Copy scim2-schema-extension.config file”
template:
src: path/to/the/file/scim2-schema-extension.config
dest: destination/example.xml.j2
When you run the playbook, that customized file will be replaced with the destination scim2-schema-extension.config file in your newly deployed IS nodes.
Continuous updates
The above diagram is to give you an understanding of how the updates are shipped to the environments managed by Ansible. As you can see, there are three environments here. Dev, Staging, and Production. All the managed nodes are synched with the Ansible server. The update level of all the environments is update level X.
By running the update.sh(resides in ansible-is/scripts directory) script provided with this WSO2 Ansible resources as follows, you can update your product to the latest update level using the updates 2.0 update tool. Then we can apply the configs and ship them to the environments as required.
./update.sh
Please note that when you run the update.sh script, it will update your local IS pack(pack resides in ansible control node). In order to deploy the updated IS pack to your remote hosts, simply run the “ansible-playbook -i <environment> site.yml” command again from the ansible-is home directory as usual after running the update.sh script.
You can download the default Wso2 ansible-is repository from here
References:
