Dev-Ops Repository Overview
Ansible Infrastructure Automation for Path2Response
The dev-ops repository contains Ansible playbooks, roles, and an API for automating server provisioning, application deployment, and infrastructure configuration across Path2Response environments.
Purpose
This repository serves as the single source of truth for all infrastructure automation at Path2Response:
- Server Provisioning - Configure new servers with required users, packages, and settings
- Application Deployment - Deploy and update P2R applications (Data Tools, Dashboards, Order App, etc.)
- Sprint Releases - Orchestrate coordinated releases across multiple applications
- Configuration Management - Manage NGINX, Node.js, Scala, and other dependencies
- Self-Service Deployments - Enable developers to trigger deployments via API
Repository Structure
/dev-ops/
├── ansible.cfg # Ansible configuration (vault, logging, callbacks)
├── update-all.sh # Deno utility update script
├── inventory/ # Environment-specific host definitions
│ ├── global/ # Shared server definitions
│ ├── production/ # Production environment
│ ├── staging/ # Staging/Development environment
│ └── releasecandidate/ # Release Candidate environment
├── playbooks/ # Ansible playbooks organized by purpose
│ ├── application/ # Application-specific deployments (59 playbooks)
│ ├── dependencies/ # Infrastructure setup (users, nginx, firewall)
│ ├── release/ # Sprint release orchestration
│ ├── server/ # Server provisioning playbooks
│ └── test/ # Test playbooks
├── roles/ # Reusable Ansible roles (72 roles)
├── ansible-deployment-api/ # REST API for self-service deployments
├── operations-book/ # mdBook documentation (AWS alarms, Qualys scans)
├── scripts/ # Helper scripts (encryption, JVM upgrades)
└── log/ # Sprint release logs
Environments
Inventory Structure
Each environment has three inventory files:
| File | Purpose |
|---|---|
01-definitions | Environment-specific variables (branch names, Node.js version) |
02-{env} | Host definitions, IP addresses, nginx configs |
03-common | Shared host groups and variables (symlinked across envs) |
Server Groups
| Environment | Servers | Purpose |
|---|---|---|
| Production | edge01 (prod01), edge02 (prod02) | Live production workloads |
| Staging | dev01, dev02 | Development and QA testing |
| Release Candidate | rc01, rc02 | Pre-production validation |
| External | biz-services-01, coop-services-01, site-visitors-api | AWS-hosted services |
| DevOps | coop-ansible-01 | Ansible control server |
Host Groups
| Group | Members | Function |
|---|---|---|
processing | edge01 | Data processing, Data Tools |
datascience | edge02 | Data Science, Order App, Dashboards |
hadoop | edge01, edge02 | Spark/Hadoop compute nodes |
nginx_hosts | All servers | NGINX reverse proxy management |
cass_server | cass, cass2 | Melissa address validation |
all_node_hosts | edge, external, devops | Node.js managed hosts |
Key Playbooks
Sprint Release Playbooks (playbooks/release/)
| Playbook | Purpose |
|---|---|
sprint-release.yml | Full sprint release (all applications) |
sprint-release-and-upgrade.yml | Release + server OS upgrades |
sprint-release-applications.yml | Applications only (no coop-scala) |
sprint-release-coop-scala.yml | coop-scala only |
Sprint Release Workflow:
1. Stop Services (Queue + Data Tools)
2. System Packages (conditional)
3. Deploy coop-scala
4. Deploy cass-ws
5. Deploy client
6. Deploy all applications
7. Upgrade servers (conditional)
8. Start Services (Data Tools + Queue)
Application Playbooks (playbooks/application/)
| Playbook | Application |
|---|---|
dashboards-app.yml | Dashboards reporting application |
datatools.yml | Data Tools processing services |
order-app.yml | Order App (legacy, migrating to BERT) |
convert.yml | Data conversion utilities |
households.yml | Household data processing |
reporting.yml | Reporting services |
biz-services.yml | Business services API |
coop-services.yml | 4Cite API |
digitalaudience.yml | Digital audience processing |
Server Playbooks (playbooks/server/)
| Playbook | Purpose |
|---|---|
edge01.yml | Full provisioning for processing server |
edge02.yml | Full provisioning for data science server |
hadoop.yml | Hadoop/Spark cluster configuration |
coop-dashboards.yml | Dashboards server setup |
Dependencies Playbooks (playbooks/dependencies/)
| Playbook | Purpose |
|---|---|
nginx.yml | NGINX installation and configuration |
node-all.yml | Node.js installation on all hosts |
interactive-users.yml | Developer user accounts |
application-users.yml | Service account configuration |
provision.yml | Base Python installation for Ansible |
setup-build-environment.yml | Build server configuration |
Key Roles
Infrastructure Roles
| Role | Function |
|---|---|
global | Base packages, admin users, SSH keys |
nginx | NGINX from official repo, SSL certs, configs |
nodejs | Node.js LTS installation from tarball |
scala | Scala installation |
spark | Spark configuration |
hadoop | Hadoop configuration |
firewall | UFW firewall rules |
Application Roles
| Role | Function |
|---|---|
datatools | Data Tools deployment (npm, forever, git clone) |
dashboards | Dashboards deployment (pm2, cron jobs) |
order-app | Order App deployment |
convert | Data conversion deployment |
extract | Data extraction tools |
reporting | Reporting services |
biz-services | Business services API |
coop-services | 4Cite API |
Utility Roles
| Role | Function |
|---|---|
clone-install | Git clone + Maven build pattern |
clone-install-cassws | Specialized clone for cass-ws |
system-user | Create service accounts |
system-group | Create system groups |
deploy-hosts-file | Distribute /etc/hosts |
ssh-config | SSH configuration management |
Ansible Deployment API
Location: /ansible-deployment-api/
A Node.js Express application that enables self-service Ansible deployments via REST API.
Purpose
Allows developers to trigger deployments without direct server access or Ansible knowledge.
Endpoints
| Endpoint | Method | Purpose |
|---|---|---|
/services/about | GET | API information |
/services/inventories/list | GET | List available inventories |
/services/playbooks/list | GET | List available playbooks |
/services/playbooks/run | POST | Execute a playbook |
API Authentication
- Basic authentication required for all endpoints
- Credentials configured in
config/config.js(not in git)
Example Usage
# List available inventories
curl -u service-user:password \
'https://ansible-deployment-api.path2response.com/services/inventories/list?devOpsBranch=production'
# Run a playbook
curl -u service-user:password \
'https://ansible-deployment-api.path2response.com/services/playbooks/run' \
-d 'inventory=production&playbook=application/datatools.yml&releaseTag=production&devOpsBranch=production'
Features
- FIFO Queue - Deployments execute sequentially to prevent conflicts
- Slack Notifications - Start, success, and failure notifications
- Logging - Full deployment logs saved with timestamps
- Branch-aware - Can deploy from any dev-ops branch
Project Structure
/ansible-deployment-api/
├── app.js # Express app configuration
├── bin/www # Server entry point
├── config/ # Environment-specific configuration
├── lib/ # Core libraries (devOps, slack, validation)
├── routes/ # Express route definitions
├── services/ # Business logic
│ ├── inventories/ # Inventory listing
│ └── playbooks/ # Playbook listing and execution
├── pm2-config.json # PM2 process management
└── tracking/ # Deployment tracking
Configuration
ansible.cfg
[defaults]
remote_user = root
vault_password_file = ~/.ansible/.vault_pass
roles_path = roles/
log_path = log/ansible.log
any_errors_fatal = true
callback_whitelist = profile_tasks # Task timing
[ssh_connection]
ssh_args = -o ForwardAgent=yes
[p2r]
version = 335.0.0-SNAPSHOT
Environment Variables
| Variable | Purpose |
|---|---|
release_version | Branch name for deployments (production, staging, etc.) |
env | Environment identifier (production, development, releasecandidate) |
onaws | Boolean for AWS-specific configuration |
nodejs_major_version | Node.js LTS version to install (e.g., v24) |
Vault Encryption
Sensitive files (SSH keys, credentials) are encrypted with Ansible Vault:
# Encrypt a file
ansible-vault encrypt <file>
# List all encrypted files
./scripts/listAllEncryptedFiles.sh
# Grep encrypted files
./scripts/grepAllEncryptedFiles.sh <pattern>
Slack Integration
Playbooks send notifications to Slack channels:
| Environment | Channel |
|---|---|
| Production | #system-event-notice |
| Staging | #system-event-notice (muted option available) |
Notification Content:
- Playbook name and version
- Start/complete/failure status
- Environment context
Operations Book
Location: /operations-book/
An mdBook containing operational runbooks and documentation.
Contents
- AWS Alarms configuration
- Failed Console Login Attempts handling
- Qualys Vulnerability Scans procedures
Building
cd operations-book
mdbook build --open
Usage Examples
Deploy Data Tools to Production
ansible-playbook -i inventory/production playbooks/application/datatools.yml
Full Sprint Release
ansible-playbook -i inventory/production playbooks/release/sprint-release.yml
Provision a New Server
ansible-playbook -i inventory/production playbooks/server/edge01.yml
Update NGINX Configuration
ansible-playbook -i inventory/production playbooks/dependencies/nginx.yml
Upgrade Node.js on All Hosts
ansible-playbook -i inventory/production playbooks/dependencies/node-all.yml
Pause Order Queue (for maintenance)
ansible-playbook -i inventory/production playbooks/application/pause-orders-queue.yml
Deployment Patterns
Clone-Install Pattern
Used by most application roles to deploy code:
- Clone - Git checkout to
/tmp/directory with unique SSH key - Build - Maven/npm build on local machine
- Distribute - Sync artifacts to target servers
- Cleanup - Remove temporary SSH keys
- role: clone-install
branch: "{{ coop_scala_branch }}"
checkout_path: "{{ coop_scala_tmp }}"
git_repo: "git@bitbucket.org:path2response/coop-scala.git"
java_home: "/usr/lib/jvm/java-17-openjdk-amd64/"
Service Account Pattern
Applications run under dedicated service accounts:
| Account | Applications |
|---|---|
datatools | Data Tools, Convert, Stats |
dashboards | Dashboards, Reports |
households | Household processing |
convert | Data conversion |
Start/Stop Pattern
Services are managed via process managers:
| Manager | Used By |
|---|---|
forever | Data Tools |
pm2 | Dashboards, Order App |
Related Documentation
- BERT Overview - Target platform for legacy migrations
- Dashboards Overview - Dashboards application details
- Data Tools Overview - Data Tools application details
- Project Inventory - Complete P2R codebase listing
- Tools and Systems - Infrastructure overview
Important Notes
- Vault Password - Required for encrypted files. Store at
~/.ansible/.vault_pass - SSH Agent - ForwardAgent enabled for git operations
- Error Handling -
any_errors_fatal=truestops playbook on first error - Logging - All playbook runs logged to
log/ansible.log - Branch Alignment - Deployment branch should match environment (production, staging, etc.)
- FIFO Queue - API deployments queue to prevent race conditions
- Timing -
profile_taskscallback provides execution timing for optimization
Source: dev-ops repository (README.md, ansible.cfg, playbooks/, roles/, inventory/, ansible-deployment-api/) Documentation created: 2026-01-24