Files
@ 96e9f230a669
Branch filter:
Location: majic-ansible-roles/docs/testsite.rst - annotation
96e9f230a669
3.5 KiB
text/prs.fallenstein.rst
MAR-10: Updated server roles to deploy private key and certificate. Updated documentation and test site configuration as well.
237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 778ff940ac19 778ff940ac19 778ff940ac19 778ff940ac19 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 96e9f230a669 237acd00f6a1 96e9f230a669 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 96e9f230a669 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 237acd00f6a1 de1d9aa13410 778ff940ac19 778ff940ac19 778ff940ac19 778ff940ac19 778ff940ac19 778ff940ac19 778ff940ac19 778ff940ac19 57667a2c528b de1d9aa13410 de1d9aa13410 | .. _testsite:
Test Site
=========
*Majic Ansible Roles* comes with a small sample test site configuration which
demonstrates use of every role. This test site also serves as starting point for
developing new roles etc, and can be used for testing regressions/breakages.
The test site covers everything, starting from generating the Debian preseed
files, through bootstrap process for new nodes, and onto deployment of all
remaining roles.
All example commands listed within this section should be ran from within the
``testsite`` directory in order to have proper environment available for
playbook runs.
A number of playbooks is provided out of the box:
bootstrap.yml (for bootstrapping a new node)
This playbook can be used for bootstrapping a new node. This playbook expects
that a server name is passed via extra variables in CLI. The server name has
to be included in the hosts file, of course. For example:
.. code-block:: shell
ansible-playbook -k -e server=ldap.example.com playbooks/bootstrap.yml
ldap.yml
This playbook sets-up the LDAP servers. It is included in ``site.yml``.
preseed.yml
This playbook sets-up the Debian preseed files. It is included in
``site.yml``.
site.yml
This playbook sets-up all servers, including preseed files on local host.
In order to deploy the test site, the following steps would normally be taken:
1. Create TLS private keys (relative to top level directory):
- ``testsite/tls/mail.example.com_imap.key``
- ``testsite/tls/mail.example.com_smtp.key``
- ``testsite/tls/xmpp.example.com_xmpp.key``
- ``testsite/tls/ldap.example.com_ldap.key``
2. Issue TLS certificates corresponding to the generated TLS private keys (make
sure to use correct FQDN for DNS subject alternative name):
- ``testsite/tls/mail.example.com_imap.pem`` (subject alternative name should
be ``mail.example.com``)
- ``testsite/tls/mail.example.com_smtp.pem`` (subject alternative name should
be ``mail.example.com``)
- ``testsite/tls/xmpp.example.com_xmpp.pem`` (subject alternative name should
be ``xmpp.example.com``)
- ``testsite/tls/ldap.example.com_ldap.pem`` (subject alternative name should
be ``ldap.example.com``)
3. Create ``PEM`` truststore file which contains all CA certificates that form
CA chain for the issued end entity certificates from previous step at
location ``testsite/tls/example_ca_chain.crt``. It is very important to
include the CA chain used for LDAP server.
4. Generate the preseed files:
.. code-block:: shell
ansible-playbook playbooks/preseed.yml
5. Install all servers using the generated preseed files.
6. Invoke the ``bootstrap.yml`` playbook for every server, one by one. For
example:
.. code-block:: shell
ansible-playbook -k -e server=ldap.example.com playbooks/bootstrap.yml
7. Finally, apply configuration on all servers:
.. code-block:: shell
ansible-playbook playbooks/site.yml
The playbooks and configurations for test site make a couple of assumptions:
* Each server will be set-up with an operating system user ``admin``, capable of
running the sudo commands.
* The password for operating system user ``admin`` is hard-coded to ``admin``.
* An SSH ``authorized_keys`` file is set-up for the operating system user
``admin``. The SSH key stored in it will be read from location
``~/.ssh/id_rsa`` (i.e. from home directory of user running the Ansible
commands).
For more details on how the playbooks and configuration have been implemented,
feel free to browse the test site files (in directory ``testsite``).
|