• To start a new environment it is necessary to fulfill these prerequisites

• Make sure that Athena client is installed

Access credentials

• <Owner><ENV>.aws.id - AWS IAM user access key id
• <Owner><ENV>.aws.key- AWS IAM user access key
• <Owner><ENV>.aws.route53.id - AWS IAM user access key id
• <Owner><ENV>.aws.route53.key - AWS IAM user access key id
• <Owner><ENV>.p12 - Athena DEV environment client certificate
• <Owner><ENV>.pem - AWS EC2 Machine key
• <domain_name>.key - Domain SSL certificate key
• <domain_name>.crt - Domain SSL certificate
• <domain_name>.chain.crt - Domain SSL chain certificate

Make sure $HOME/keys folder exists

mkdir -p "$HOME/keys"

and put files in there.

Running

• Start Athena by running athena <owner> <environment> . For example:

athena test dev

Environment configuration

Environment specific playbooks

For new environment Athena will provision skeleton ansible palybook files in $HOME/git/<owner>/athena-ansible directory. For example: $HOME/git/test/athena-ansible .

Environment secrets

For new environment Athena will create $HOME/keys/<Owner><ENV>.transcrypt file and will save platform secrets in $HOME/git/<owner>/ansible-data-<env> directory. For example: $HOME/keys/TestDEV.transcrypt and $HOME/git/test/ansible-data-dev respectively.

Infrastructure

In Athena console:

• Specify first user email in group_vars/tag_Environment_<ENV>

For example in group_vars/tag_Environment_PROD:

ec2_instance_type_bastion: t2.micro
internal_instance_type: c4.large
exchange_instance_type: t2.micro
backoffice_instance_type: t2.micro
public_instance_type: t2.micro
rds_postgresql_instance_type: db.t2.micro
rds_mysql_instance_type: db.t2.micro

rds_data_volume_size: 5
ec2_data_volume_size: 30
ec2_data_volume_iops: ""
ec2_data_volume_type: gp2

route53_domain: yourproductiondomain.com
route53_domain_internal: yourproductiondomain.internal
mailx_root: support@yourproductiondomain.com
noreply_email: noreply@yourproductiondomain.com
openvpn_user: noreply@yourproductiondomain.com

gateway_cert: yourproductiondomain.com.crt
gateway_chain: yourproductiondomain.com.chain.crt
gateway_key: yourproductiondomain.com.key
elb_cert: yourproductiondomain.com.crt
elb_chain: yourproductiondomain.com.chain.crt
elb_key: yourproductiondomain.com.key

first_user: firstname.lastname
first_user_email: firstname.lastname@yourproductiondomain.com

• Edit infrastructure-<ENV>.roles file to define which platform roles you would like to apply
• Run

athena-infrastructure

• Check your mailbox for VPN configuration, extract <Owner><ENV>.ovpn file in platform keys folder
• Open VPN connection by running

athena-vpn

Services

In Athena console:

• Edit services-<ENV>.roles file to define which platform roles you would like to apply
• Run

athena-services

Users

Grant access for yourself to platform git repository.

• Put your user public key in $HOME/git/<owner>/ansible-data-<env>/ssh/<username>-<owner>-<env>.pub file. For example $HOME/git/test/ansible-data-dev/ssh/utenos.alus-test-dev.pub

In Athena console:

• Run

athena-users utenos.alus git

Registry access

• Make sure to enroll your DEV environment certificates