diff --git a/docs/testsite.rst b/docs/testsite.rst index 8506974b8c9bd5af6e3b053ff73e064e698666d8..d12dbc7d343dd8874d14b6b10e10f3bdda27cf5b 100644 --- a/docs/testsite.rst +++ b/docs/testsite.rst @@ -114,6 +114,7 @@ In order to deploy the test site, the following steps would normally be taken: .. code-block:: shell + mkdir ssh ssh-keygen -f ssh/backup_server_dsa_key -N '' -t dsa ssh-keygen -f ssh/backup_server_rsa_key -N '' -t rsa ssh-keygen -f ssh/backup_server_ed25519_key -N '' -t ed25519 @@ -124,35 +125,74 @@ In order to deploy the test site, the following steps would normally be taken: ssh-keygen -f ssh/web.example.com -N '' ssh-keygen -f ssh/backup.example.com -N '' -7. Generate the preseed files: +7. Set-up a local GnuPG keyring that will contain the necessary encryption and + signing keys for the backup clients:: + + mkdir ./backup_keyring + chmod 700 ./backup_keyring + cat << EOF | gpg2 --homedir ./backup_keyring --batch --gen-key + # Signing keys first. + Key-Type:RSA + Key-Length:1024 + Name-Real:ldap.example.com + Expire-Date:0 + %commit + + Key-Type:RSA + Key-Length:1024 + Name-Real:mail.example.com + Expire-Date:0 + %commit + + Key-Type:RSA + Key-Length:1024 + Name-Real:web.example.com + Expire-Date:0 + %commit + + Key-Type:RSA + Key-Length:1024 + Name-Real:xmpp.example.com + Expire-Date:0 + %commit + + # This is the actual encryption key that will be used. + Key-Type:RSA + Key-Length:1024 + Name-Real:backup.example.com + Expire-Date:0 + %commit + EOF + +8. Generate the preseed files: .. code-block:: shell - ansible-playbook playbooks/preseed.yml + ansible-playbook playbooks/preseed.yml -8. Install all servers using the generated preseed files. +9. Install all servers using the generated preseed files. -9. Add the SSH host fingerprints to your ``known_hosts`` file (don't forget to - remove old entries if you are redoing the process). You can easily obtain all - the necessary fingerprints with command (don't forget to modify domain if you - need to): +10. Add the SSH host fingerprints to your ``known_hosts`` file (don't forget to + remove old entries if you are redoing the process). You can easily obtain all + the necessary fingerprints with command (don't forget to modify domain if you + need to): - .. code-block:: shell + .. code-block:: shell ssh-keyscan -t ed25519 mail.example.com ldap.example.com xmpp.example.com web.example.com $(resolveip -s mail.example.com) $(resolveip -s ldap.example.com) $(resolveip -s xmpp.example.com) $(resolveip -s web.example.com) -10. Invoke the ``bootstrap.yml`` playbook in order to set-up some basic +11. Invoke the ``bootstrap.yml`` playbook in order to set-up some basic environment for Ansible runs on all servers: - .. code-block:: shell + .. code-block:: shell - ansible-playbook playbooks/bootstrap.yml + ansible-playbook playbooks/bootstrap.yml -11. Finally, apply configuration on all servers: +12. Finally, apply configuration on all servers: - .. code-block:: shell + .. code-block:: shell - ansible-playbook playbooks/site.yml + ansible-playbook playbooks/site.yml The playbooks and configurations for test site make a couple of assumptions: