As a part of optimizing fresh installation of Jiffy 4.2, Ansible (Configuration Management Tool) is rolled out, which uses SSH to connect to machines and run the tasks on each host as described in the plays.

Prerequisites

• SSH connectivity between core machine and other machines (preferred method using private key).
• Connected user must have sudo privilege (For root installation).
• Repo/Internet access should be provided on the DB and Core machines.
• Extract the ansible playbook tar file provided (tar -xf jiffy-playbook.tar.gz). The extracted files include the inventory and variable.yml.
• Inventory file filled as per the customer’s environment(contains all the details of the machines, authentication method). Click here to view a sample Inventory file.
• Variables file filled as per the customer’s environment(contains all the parameters like username, configurable values, mountpoint, etc.). Click here to view a sample Variables file.
• Valid SSL certificates according to the DNS of the Core, DB, and Cognitive servers.
• Execute the following command to download Artifacts to a new folder under /tmp/<jiffy-install> in core machine.

wget --user <username> --ask-password downloads.jiffy.ai/4.2Main/jiffy-cognitive.tar.gz

wget --user <username> --ask-password downloads.jiffy.ai/4.2Main/jiffy-installation.tar.gz

wget --user <username> --ask-password downloads.jiffy.ai/4.2Main/jiffy-playbook.tar.gz

Installation

1. Execute the following command to extract the ansible playbook tar.

   tar -xf jiffy-playbook.tar.gz

   The extracted files include the inventory and variable.yml files in the /tmp/<jiffy-install> folder.
2. Execute the following command to install ansible and dependent packages in the core server:

   chmod u+x preAnsibleSetup.sh
   ./preAnsibleSetup.sh

3. To update the inventory files, follow the installation prompts.
   1. Provide an IP or a hostname as the connection string.
   2. Since the playbook is executed from the Core server, the core IP can be localhost.
   3. Update the details for DB and Cognitive machines.
   4. Since SSH is used to connect to other machines, update SSH credentials in the inventory file.
   5. If authenticating with SSH-User and Password:
      1. Uncomment ansible_ssh_pass and update the password.
      2. Uncomment ansible_user and update ssh username.
      3. Comment ansible_ssh_private_key_file.
   6. If authenticating with SSH-User and Private-Key:
      1. Uncomment ansible_user and update ssh username.
      2. Uncomment ansible_ssh_private_key_file and update the path to private key file.
      3. Comment ansible_ssh_pass.

4. Configure the variable.yml file in the /tmp/<jiffyinstall> folder as per the corresponding environment.

5. Execute the play book to begin the installation and follow instructions on the screen.

   ansible-playbook main.yml -i inventory -e @variable.yml

   • For debug mode, execute the following command.

     ansible-playbook main.yml -i inventory -e @variable.yml -v

   • For detailed debug mode, execute the following command.

     ansible-playbook main.yml -i inventory -e @variable.yml -vvvv

6. Update privileges for the vault bootstrap script.

   chown <jiffyuser>:<jiffyuser> vaultBootstrap.sh

7. Switch to Jiffy user to initialize the vault.

   sudo su jiffyapp-usr
   chmod u+x vaultBootstrap.sh
   ./vaultBootstrap.sh

8. Follow screen prompts to complete vault initialization.

9. Update variable vault_token: <replaceme> in variables.yml with vault root token.

10. Execute these ansible commands to bootstrap application:

    • With masterkey prompt, execute the following command.

      ansible-playbook jiffybootstrap.yml -e @variable.yml

    • Without masterkey prompt, execute the following command.

      ansible-playbook jiffybootstrap.yml -e masterKey=’<replaceme>’ -e @variable.yml

Generate Self Signed Certificates

(Use only in non-prod environments as a temporary measure if valid SSLs are not available.)

1. To Generate SSL Certificate for DB Instance and Cognitive Instance:

   1. Navigate to /tmp/<jiffyinstall> folder.
   2. Execute the following commands:

      chmod +x generate-cog-db-cert.sh
      ./generate-cog-db-cert.sh -d <DBInstanceDomainname> -c <CognitiveInstanceDomainname>

   3. The following files are generated:
      • cognitivedb_ca_key.pem
      • cognitivedb_ca_cert.pem
      • <DBInstanceDomainname>_cert.pem
      • <DBInstanceDomainname>_key.pem
      • <CognitiveInstanceDomainname>_cert.pem
      • <CognitiveInstanceDomainname>_ key.pem

2. Localhost certificates for the core server are generated by ansible and are available under /tmp/<jiffyinstall>

   • ca_key.pem
   • ca_cert.pem
   • localhost_key.pem
   • localhost_cert.pem