From 53d19f5bc8a16ca679587d4a16de49c5e9c6eab1 2021-01-18 20:40:17
From: Branko Majic <branko@majic.rs>
Date: 2021-01-18 20:40:17
Subject: [PATCH] MAR-151: Switch to Debian 10 Buster in usage instructions:

- Specify that Debian Buster should be used instead of Debian Stretch.
- Switch to using https links where possible.
- Minor fixes to wording/instructions.
- Updated link towards Debian Buster preseed documentation appendix.
- Use Python 3 when serving the preseed files.
- Fixed DNS subject alternative name for the XMPP server (it should be
  the domain served by the XMPP server, not its canonical FQDN).
- Added small note for database_server role and how it sets-up root
  account authentication, and update instructions for logging-in into
  database server as root.

---

diff --git a/docs/usage.rst b/docs/usage.rst
index bcff5b9ee1b06542777db082e9d0143961a401f7..08b3d2ec2d25e5d7b08cae864f5c26eee0a6acb5 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -47,15 +47,15 @@ Pre-requisites
 
 For the set-up outlined in this usage guide you'll need the following:
 
-* One server where Ansible will be installed at. Debian Stretch will
+* One server where Ansible will be installed at. Debian Buster will
   be installed on top of this server. The server will be set-up
   manually (this is currently out of scope for the *Majic Ansible
   Roles* automated set-up).
 * Three servers where the services will be set-up. All servers must be able to
   communicate over network with each-other, the Ansible servers, and with
-  Internet. Debian Stretch will be installed on top of this server as part of the
+  Internet. Debian Buster will be installed on top of this server as part of the
   usage instructions.
-* Debian Stretch network install CD.
+* Debian Buster network install CD.
 * All servers should be on the same network.
 * IP addresses for all servers should be known.
 * Netmask for all servers should be known.
@@ -185,7 +185,7 @@ First of all, let's set-up some basic directory structure and configuration:
       machine is *not* ``root``, but there are tasks that use ``become`` with
       non-root ``become_user`` (which is the case in Majic Ansible Roles). See
       `official documentation
-      <http://docs.ansible.com/ansible/latest/become.html#becoming-an-unprivileged-user>`_
+      <https://docs.ansible.com/ansible/latest/become.html#becoming-an-unprivileged-user>`_
       and other alternatives to this.
 
    :file:`~/mysite/ansible.cfg`
@@ -371,7 +371,7 @@ So, let's set this up for start:
    might not be to your liking. In particular, it could be using wrong timezone,
    defaulting to DHCP for network configuration etc. Let's concentrate on making
    the network configuration changes - this is the main thing that will probably
-   differ in your environment. Create a new configuration file:
+   differ in your environment. Update the preseed configuration file:
 
    :file:`~/mysite/group_vars/preseed.yml`
 
@@ -384,6 +384,7 @@ So, let's set this up for start:
       ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
       # Directory where the preseed files will be output to.
       preseed_directory: "~/mysite/preseed_files/"
+
       # Set your default (initial) root password.
       preseed_root_password: changeit
       # Use manual network configuration (no DHCP).
@@ -424,14 +425,14 @@ You have your preseed files now, so you can go ahead and install the
 servers ``comms.example.com``, ``www.example.com``, and
 ``bak.example.com`` using them with network install CD. Have a look at
 `Debian instructions
-<https://www.debian.org/releases/stretch/amd64/apbs02.html.en>`_ for
+<https://www.debian.org/releases/buster/amd64/apb.en.html>`_ for
 more details.
 
 If you need to, you can easily serve the preseed files from the Ansible server
 with Python's built-in HTTP server::
 
   cd ~/mysite/preseed_files/
-  python -m http.server 8000
+  python3 -m http.server 8000
 
 Then you can point installer to the preseed file selecting the
 ``Advanced options -> Automated install`` (don't press ``ENTER`` yet),
@@ -1166,7 +1167,7 @@ role.
          country = SE
          cn = "Exampe Inc. XMPP Server"
          expiration_days = 365
-         dns_name = "comms.example.com"
+         dns_name = "example.com"
          tls_www_server
          signing_key
          encryption_key
@@ -1331,6 +1332,13 @@ proceed to set-up the database server role on the web server itself. *Majic
 Ansible Roles* in particular come with a role that will deploy MariaDB database
 server.
 
+.. note::
+   The ``database_server`` role will set-up unix socket authentication
+   for the database ``root`` user. I.e. the ``root`` database user
+   will have no password set, but authentication will pass only when
+   logging-in as the operating system ``root`` user while connecting
+   over database server unix socket.
+
 1. Update the playbook for web server to include the database server role.
 
 
@@ -1358,10 +1366,11 @@ server.
      workon mysite && ansible-playbook playbooks/site.yml
 
 4. If no errors have been reported, you should have a database server up and
-   running on the web server. You should be able to log-in using password
-   ``root`` by running the following command on the web server itself::
+   running on the web server. You should be able to log-in as ``root``
+   operating system user by running the following command on the web
+   server itself::
 
-     mysql -uroot -p
+     mysql
 
    Of course, no database has been created for either of the web applications,
    but we will get to that one later (there is a dedicated ``database`` role