Changeset - 778ff940ac19
[Not reviewed]
0 1 0
Branko Majic (branko) - 10 years ago 2015-03-08 11:22:07
branko@majic.rs
MAR-7: Added some clarifications on where the commands should be run from. Added some general information about operating system user admin, and about manual steps that might need to be taken.
1 file changed with 25 insertions and 0 deletions:
0 comments (0 inline, 0 general)
docs/testsite.rst
Show inline comments
 
@@ -11,6 +11,10 @@ The test site covers everything, starting from generating the Debian preseed
 
files, through bootstrap process for new nodes, and onto deployment of all
 
remaining roles.
 

	
 
All example commands listed within this section should be ran from within the
 
``testsite`` directory in order to have proper environment available for
 
playbook runs.
 

	
 
A number of playbooks is provided out of the box:
 

	
 
bootstrap.yml (for bootstrapping a new node)
 
@@ -57,3 +61,24 @@ In order to deploy the test site, the following steps would normally be taken:
 

	
 
For details on how the playbooks and configuration have been implemented, feel
 
free to browse the test site files (in directory ``testsite``).
 

	
 
The playbooks and configurations for test site make a couple of assumptions
 
(mainly affecting the access to operating system, for other details see the
 
playbook and config files):
 

	
 
* Each server will be set-up with an operating system user ``admin``, capable of
 
  running the sudo commands.
 
* The password for operating system user ``admin`` is hard-coded to ``admin``.
 
* An SSH ``authorized_keys`` file is set-up for the operating system user
 
  ``admin``. The SSH key stored in it will be read from location
 
  ``~/.ssh/id_rsa`` (i.e. from home directory of user running the Ansible
 
  commands).
 

	
 
Additionally, some manual steps may be required to have a fully functioning
 
system:
 

	
 
* On ``ldap.example.com``, you should manually install the TLS private key and
 
  certificate ing locations ``/etc/ssl/private/ldap.example.com.pem``
 
  (*root:ldap, 640*) and ``/etc/ssl/certs/ldap.example.com.pem`` (*root:root,
 
  644*), respectively. After that, re-run the ``site.yml`` playbook in order to
 
  re-configure OpenLDAP server to use it.
0 comments (0 inline, 0 general)