From 778ff940ac19596b74d2be2068391f5ac717d67b 2015-03-08 11:22:07 From: Branko Majic Date: 2015-03-08 11:22:07 Subject: [PATCH] MAR-7: Added some clarifications on where the commands should be run from. Added some general information about operating system user admin, and about manual steps that might need to be taken. --- diff --git a/docs/testsite.rst b/docs/testsite.rst index 1c42f994e7492697c056887814e4f75aa9a63301..c32c5b861ae3b072e435bb5b80ce1c533e5ef4b3 100644 --- a/docs/testsite.rst +++ b/docs/testsite.rst @@ -11,6 +11,10 @@ The test site covers everything, starting from generating the Debian preseed files, through bootstrap process for new nodes, and onto deployment of all remaining roles. +All example commands listed within this section should be ran from within the +``testsite`` directory in order to have proper environment available for +playbook runs. + A number of playbooks is provided out of the box: bootstrap.yml (for bootstrapping a new node) @@ -57,3 +61,24 @@ In order to deploy the test site, the following steps would normally be taken: For details on how the playbooks and configuration have been implemented, feel free to browse the test site files (in directory ``testsite``). + +The playbooks and configurations for test site make a couple of assumptions +(mainly affecting the access to operating system, for other details see the +playbook and config files): + +* Each server will be set-up with an operating system user ``admin``, capable of + running the sudo commands. +* The password for operating system user ``admin`` is hard-coded to ``admin``. +* An SSH ``authorized_keys`` file is set-up for the operating system user + ``admin``. The SSH key stored in it will be read from location + ``~/.ssh/id_rsa`` (i.e. from home directory of user running the Ansible + commands). + +Additionally, some manual steps may be required to have a fully functioning +system: + +* On ``ldap.example.com``, you should manually install the TLS private key and + certificate ing locations ``/etc/ssl/private/ldap.example.com.pem`` + (*root:ldap, 640*) and ``/etc/ssl/certs/ldap.example.com.pem`` (*root:root, + 644*), respectively. After that, re-run the ``site.yml`` playbook in order to + re-configure OpenLDAP server to use it.