--- /dev/null
+Starting up a new AWSible environment
+-------------------------------------
+
+* create ssh keypair as keys/management{,.pub}
+
+* configure group_vars/all with:
+ - ACCT_ID aws acct id
+ - DEFAULT_AMI ami of amazon linux in chosen region
+ - vpc variables
+
+* install managed policies by hand
+ for f in roles/aws-infrastructure/files/*-policy.json
+ do
+ n=$(basename "$f" .json)
+ aws --region "{{ vpc_region }}" iam create-policy --policy-name "$n" --description "{{ get this from somewhere }}" --policy-document file://"$f"
+ done
+
+* ansible-playbook init_vpc.yml
+
+* add IGW to VPC Main route table
+
+* change pub-subnets to auto-assign external IPs
+
+* configure group_vars/all with chosen MANAGEMENT_SUBNET
+
+* ansible-playbook init_management.yml
+
+* add base and management policies to management IAM role
+
+* create persistant management data volume
+ * attach and format
+ mkfs -t ext4 -j -m 0 -L /media/data /dev/xvdf
+ * add to /etc/fstab
+ mkdir /media/data && chown ec2-user:ec2-user /media/data
+ LABEL=/media/data /media/data ext4 defaults 0 2
+ mount -a
+ * install AWSible repo in /data/management/
+
+* bootstrap management server from external system
+ * INVENTORY_PUBLIC=1 ansible-playbook management.yml
+
projects / awsible / commitdiff