Changeset - 53d19f5bc8a1
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 3 years ago 2021-01-18 20:40:17
branko@majic.rs
MAR-151: Switch to Debian 10 Buster in usage instructions:

- Specify that Debian Buster should be used instead of Debian Stretch.
- Switch to using https links where possible.
- Minor fixes to wording/instructions.
- Updated link towards Debian Buster preseed documentation appendix.
- Use Python 3 when serving the preseed files.
- Fixed DNS subject alternative name for the XMPP server (it should be
the domain served by the XMPP server, not its canonical FQDN).
- Added small note for database_server role and how it sets-up root
account authentication, and update instructions for logging-in into
database server as root.
1 file changed with 20 insertions and 11 deletions:
docs/usage.rst
20
11
0 comments (0 inline, 0 general)
docs/usage.rst
Show inline comments
 
@@ -47,15 +47,15 @@ Pre-requisites
 

			




	
	
	
		
 
For the set-up outlined in this usage guide you'll need the following:

			




	
	
	
		
 

			




	
	
	
		
 
* One server where Ansible will be installed at. Debian Stretch will

			




	
	
	
		
 
* One server where Ansible will be installed at. Debian Buster will

			




	
	
	
		
 
  be installed on top of this server. The server will be set-up

			




	
	
	
		
 
  manually (this is currently out of scope for the *Majic Ansible

			




	
	
	
		
 
  Roles* automated set-up).

			




	
	
	
		
 
* Three servers where the services will be set-up. All servers must be able to

			




	
	
	
		
 
  communicate over network with each-other, the Ansible servers, and with

			




	
	
	
		
 
  Internet. Debian Stretch will be installed on top of this server as part of the

			




	
	
	
		
 
  Internet. Debian Buster will be installed on top of this server as part of the

			




	
	
	
		
 
  usage instructions.

			




	
	
	
		
 
* Debian Stretch network install CD.

			




	
	
	
		
 
* Debian Buster network install CD.

			




	
	
	
		
 
* All servers should be on the same network.

			




	
	
	
		
 
* IP addresses for all servers should be known.

			




	
	
	
		
 
* Netmask for all servers should be known.

			




	
	
		
 
@@ -185,7 +185,7 @@ First of all, let's set-up some basic directory structure and configuration:

			




	
	
	
		
 
      machine is *not* ``root``, but there are tasks that use ``become`` with

			




	
	
	
		
 
      non-root ``become_user`` (which is the case in Majic Ansible Roles). See

			




	
	
	
		
 
      `official documentation

			




	
	
	
		
 
      <http://docs.ansible.com/ansible/latest/become.html#becoming-an-unprivileged-user>`_

			




	
	
	
		
 
      <https://docs.ansible.com/ansible/latest/become.html#becoming-an-unprivileged-user>`_

			




	
	
	
		
 
      and other alternatives to this.

			




	
	
	
		
 

			




	
	
	
		
 
   :file:`~/mysite/ansible.cfg`

			




	
	
		
 
@@ -371,7 +371,7 @@ So, let's set this up for start:

			




	
	
	
		
 
   might not be to your liking. In particular, it could be using wrong timezone,

			




	
	
	
		
 
   defaulting to DHCP for network configuration etc. Let's concentrate on making

			




	
	
	
		
 
   the network configuration changes - this is the main thing that will probably

			




	
	
	
		
 
   differ in your environment. Create a new configuration file:

			




	
	
	
		
 
   differ in your environment. Update the preseed configuration file:

			




	
	
	
		
 

			




	
	
	
		
 
   :file:`~/mysite/group_vars/preseed.yml`

			




	
	
	
		
 

			




	
	
		
 
@@ -384,6 +384,7 @@ So, let's set this up for start:

			




	
	
	
		
 
      ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

			




	
	
	
		
 
      # Directory where the preseed files will be output to.

			




	
	
	
		
 
      preseed_directory: "~/mysite/preseed_files/"

			




	
	
	
		
 

			




	
	
	
		
 
      # Set your default (initial) root password.

			




	
	
	
		
 
      preseed_root_password: changeit

			




	
	
	
		
 
      # Use manual network configuration (no DHCP).

			




	
	
		
 
@@ -424,14 +425,14 @@ You have your preseed files now, so you can go ahead and install the

			




	
	
	
		
 
servers ``comms.example.com``, ``www.example.com``, and

			




	
	
	
		
 
``bak.example.com`` using them with network install CD. Have a look at

			




	
	
	
		
 
`Debian instructions

			




	
	
	
		
 
<https://www.debian.org/releases/stretch/amd64/apbs02.html.en>`_ for

			




	
	
	
		
 
<https://www.debian.org/releases/buster/amd64/apb.en.html>`_ for

			




	
	
	
		
 
more details.

			




	
	
	
		
 

			




	
	
	
		
 
If you need to, you can easily serve the preseed files from the Ansible server

			




	
	
	
		
 
with Python's built-in HTTP server::

			




	
	
	
		
 

			




	
	
	
		
 
  cd ~/mysite/preseed_files/

			




	
	
	
		
 
  python -m http.server 8000

			




	
	
	
		
 
  python3 -m http.server 8000

			




	
	
	
		
 

			




	
	
	
		
 
Then you can point installer to the preseed file selecting the

			




	
	
	
		
 
``Advanced options -> Automated install`` (don't press ``ENTER`` yet),

			




	
	
		
 
@@ -1166,7 +1167,7 @@ role.

			




	
	
	
		
 
         country = SE

			




	
	
	
		
 
         cn = "Exampe Inc. XMPP Server"

			




	
	
	
		
 
         expiration_days = 365

			




	
	
	
		
 
         dns_name = "comms.example.com"

			




	
	
	
		
 
         dns_name = "example.com"

			




	
	
	
		
 
         tls_www_server

			




	
	
	
		
 
         signing_key

			




	
	
	
		
 
         encryption_key

			




	
	
		
 
@@ -1331,6 +1332,13 @@ proceed to set-up the database server role on the web server itself. *Majic

			




	
	
	
		
 
Ansible Roles* in particular come with a role that will deploy MariaDB database

			




	
	
	
		
 
server.

			




	
	
	
		
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   The ``database_server`` role will set-up unix socket authentication

			




	
	
	
		
 
   for the database ``root`` user. I.e. the ``root`` database user

			




	
	
	
		
 
   will have no password set, but authentication will pass only when

			




	
	
	
		
 
   logging-in as the operating system ``root`` user while connecting

			




	
	
	
		
 
   over database server unix socket.

			




	
	
	
		
 

			




	
	
	
		
 
1. Update the playbook for web server to include the database server role.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
		
 
@@ -1358,10 +1366,11 @@ server.

			




	
	
	
		
 
     workon mysite && ansible-playbook playbooks/site.yml

			




	
	
	
		
 

			




	
	
	
		
 
4. If no errors have been reported, you should have a database server up and

			




	
	
	
		
 
   running on the web server. You should be able to log-in using password

			




	
	
	
		
 
   ``root`` by running the following command on the web server itself::

			




	
	
	
		
 
   running on the web server. You should be able to log-in as ``root``

			




	
	
	
		
 
   operating system user by running the following command on the web

			




	
	
	
		
 
   server itself::

			




	
	
	
		
 

			




	
	
	
		
 
     mysql -uroot -p

			




	
	
	
		
 
     mysql

			




	
	
	
		
 

			




	
	
	
		
 
   Of course, no database has been created for either of the web applications,

			




	
	
	
		
 
   but we will get to that one later (there is a dedicated ``database`` role

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.