Need help understanding the Bahmni - Ansible installation process

I would like to install Bahmni on CentOS using an “advanced installation” process. For this task, I think I need to modify the inventory-list (aka “Local”) file per step-4 of the advanced installation instructions. I’m currently stuck on that step for over a week. I can’t find any documentation about the Bahmni-specific implementation of Ansible and I’ve looked!

Does anyone “own” the installation code or familiar enough with it and Ansible to give me a run-down on roughly how to change up the inventory file or the YAML code to perform installations on non-Localhost machines? I don’t really know anything about Ansible yet, and I’m attempting to not have to learn everything about it just to get Bahmni installed securely, so any help would be appreciated.

From what I’ve read,a best-practice for Ansible is using it on a box that’s dedicated solely to installations and not use “localhost” for any of the IP addresses. This allows the dedicated installation machine (that has root access to any box on which it’s installing software) to be removed from the network as soon as the installation is complete. This reduces the opportunity for hackers to gain root access to servers via Ansible indirectly or directly via the root access retained by Ansible.

I’d prefer to not have to reverse-engineer this installation process, so if anyone knows it, you’ll save me a ton of time trying to figure this out in order to get Bahmni installed.

  1. Inventory file
  • “local” is just a name. It can be anything as long as you mention that for the “-i” parameter

bahmni install -i my_file

The documentation clearly mentions that.

bahmni -i <inventory_file_name> install

  1. Inventory file format
  • we follow the INI file format. Where things are mentioned for groups and hosts. Groups are mentioned within the square bracket and you can have multiple hosts mentioned there.
[bahmni-emr]
172.16.1.1
172.16.1.2 passive=yes

While defining an active-passive setup, you will need to define which one is “passive”. Check example here

  • the group of groups mention what all the components are to be installed (of course, you may not define a host under a group)

[local:children]

  1. Bahmni can be installed from a control machine. Its quite common to set this across 2 machines in a active-passive setup. Check example inventory file here

  2. Ansible requires SSH and you need to define a user appropriately so that that user has ssh to a machine and also have sudo access for installation. Once done, you can remove the user! You may also define a key file to use (parameter - ansible_ssh_private_key_file). Check the above inventory file example. common parameters are “ansible_ssh_user”, “ansible_ssh_pass”, “ansible_host

  3. “localhost” is only applicable for local machine installation. the Advanced installation specifically mentions avoiding “localhost” for “Remote Setup/multi machine setup” section. You can use something like this as well, as part of the host definition.

127.0.0.1 ansible_connection=local

[bahmni-emr]
127.0.0.1
  1. There are many examples of inventory files here

Hope these help!

1 Like

I think that sounds like a step in the right direction. Thank you.

We are installing Bahmni in master slave (active-passive) setup with 2 desktops. As mentioned here we have set up local files on both machines as follows - and also made changes in openemr as master ip

192.168.1.12 anisble_ssh_user=root anisble_ssh_pass=password
192.168.1.8 anisble_ssh_user=root anisble_ssh_pass=password

[nagios-server]

[bahmni-emr]
192.168.1.12
192.168.1.8 passive=yes

[bahmni-emr-db]
192.168.1.12

[bahmni-emr-db-slave]
192.168.1.8

[bahmni-erp]
192.168.1.12
192.168.1.8 passive=yes

[bahmni-erp-db]
192.168.1.12

[bahmni-erp-db-slave]
192.168.1.8

but the command from master

bahmni -i local install 

shows the following error

My questions / rather which approach is correct -

  1. Do we need to install bahmni on both machines separately and then make the above setup and then again run the installation?
  2. Do we just install the installer on master then set up the local inventory file as above and then run the bahmni -i local install command from master which will install bahmni on both master and slave?
  3. The command in a local file for ssh root and password is correct or I am making mistake.

Is there any wiki page specifically for master slave installation?

  1. No. Just run from the control machine. Control machine maybe the master, or a different one.
  2. No, only from the control machine. meaning where you are running the installer from.
  3. Ansible ssh user must be able to ssh to the other machine and be part of sudoers. From the log, that clearly seems to be the case, either the machine is not reachable from the control machine, or the ssh is not successful.

Check Passive Server Setup section in Advanced installation page.

  1. In our case control machine is the master.
  2. So we installed the installer on the master, changed the local file as above and run bahmni -i local install command
  3. We could do ssh using the ansible user name and password given in local file from either machine. Also ping works well from either machine.
  4. Is this a sufficient test to check that machines are reachable from either or any other specific command? We have checked the referred page.

best way to figure out - write a simple play that tries to install a package or copy a file. But the error reporting is clear - ansible is not able to identify or login or install anything on the machines.

The log shows that it found play [bahmni-emr] in all.yml and then it shows TASK [setup]. Can you please point to the exact file (.yml) where you think it is failing? So that we can try to check it further?

Even this throws the same unreachable error:

ansible -i local -m ping <ip>

How come ssh connection goes through? Any ideas?

Typo? anisble* change to ansible* and try.

I am not sure about ping, because ping (ICMP) might be disabled.

  • Can you ping and get response from that machine?

Also, I think it might help to understand how ansible connects to a remote host. You can read more here

I will try to describe in brief here

  • think of ssh - unless instructed ansible will do exactly how you would normally connect a machine using ssh. which means, it will use the key of the user you specified (if not specified, then its the current user). Using an inventory file, you can customize what user you want ansible to connect as, what certificate to use etc etc.
  • Example: I have created a simple /etc/ansible/hosts file, where I have mentioned (you can use an inventory file as well)

192.168.33.10 ansible_user=vagrant ansible_ssh_private_key_file=/[directory]/.vagrant/machines/default/virtualbox/private_key

Now I can just run something like

ansible all -a “/bin/echo hello”

which outputs something like

192.168.33.10 | SUCCESS | rc=0 >> hello

if I want to use an inventory file I can just add the same config in a file (lets say example) containing

192.168.33.10 ansible_user=vagrant ansible_ssh_private_key_file=/[directory]/.vagrant/machines/default/virtualbox/private_key

and then use command like

ansible -i example all -a “/bin/echo hello”

Goes without saying that the public key of the user should be located in authorized_keys on the remote systems. Also, if you want to do something that requires sudo access, then the user that you used must be part of sudoers.