This project is designed to facilitate the deployment of a modular, flexible, scalable RedMine configuration within AWS. The provided project-elements leverages a mix of tools to achieve this end:
-
CFn-based automation to deploy and manage the AWS components underpinning the overall service. Supported elements include
- SES
- ELB
- EC2 - launched in a standalone or AutoScale group context
- RDS - MySQL flavor via MySQL, MariaDB or Aurora
- EFS
-
Deployment automation scripts to prepare an instance launced from a generic EL7 AMI to host the RedMine application
- Appliction of STIG-hardening (with following notes/exceptions) via watchmaker.
- FIPS-mode disabled due to underlying RedMine incompatibilities
- STIG-compliant partitioning dependent on use of suitably-partitioned AMI (see spel project for an example, suitable AMI)
- SEL-mode currently defaults to Permissive due to use of non-SEL'able filesystems (see EFS note, above)
- Configuration of firewalld exceptions for HTTP service
- Enablement of Software Collections (see SCL) repositories.
- Installation and configuration of RedMine RPM dependencies (e.g. Ruby 2.4 from SCL)
- Appliction of STIG-hardening (with following notes/exceptions) via watchmaker.
-
Deployment automation scripts to handle the ininitial install and configuration of the RedMine application.
- Launch-time compilation of RedMine and dependent gems
- Configuration of RedMine to use RDS-hosted MySQL-compatible database. See the new stack document for discussion of issues around configuration of the RDS-hosted database.
- Configuration of Apache HTTPD for Passenger
- Installation of optional plugins — via "site" scripts (automation does not include, simply invokes such scripts)
Note: because RedMine stores much of its runtime/continuing configuration information within a database, site-specific customizations are a (mostly) manual task that takes place after the deployment-automation tasks complete.
The expected deployment-model is as follows:
- RDS to host persistent configuration and content elements
- EFS to host persistent, file-based content elements. This content will be things like Git repository (bare) clones, images and other, file-type content. While this content can be stored in databases as BLOBs but is generally contraindicated. If migrating file-based content from an existing RedMine site, see the file migration document.
- EC2 to host the operating environment - in this case Enterprise Linux 7 (e.g. RHEL, CentOS, etc.) - that hosts the RedMine runtime.
- ELB to provide stable, internet-facing access to the application while allowing the lower-level components to all be run from not publicly-routed address-space.
- SES to provide outbound mail-based notification capabilities to the OS (monitoring-alerts, etc.) and/or the RedMine service (account creation, password-change and other notification).
Scaling and availability is furnished primarily through native AWS services' capabilities: RDS an EFS both have built-in enhancedlreliability/availability and scalability functionality. Clustering of RedMine nodes (EC2 nodes) is not supported with this tool-set: use of AutoScaling Groups are the expected method for improving the baseline EC2-layer's availability.
Data protection is currently only provided within the RDS context. EFS is generally durable but is not further enhanced via backup tools in the current deployment automation tool-set.
Please see the guidlines in the docs directory.
