Links

Server Initialization

Overview

At the end of this section, you should have the server initialized with a user user, disabled login with the root (or other sudo) user (for security reasons) and generally have your server secured.

Prerequisites

Make sure you have All Prerequisities completed
Seriously make sure you've gone through the prerequisites.

hosts.ini

The ansible-private-sample repo that you cloned as ansible-private has a pre-filled out hosts.ini file with some boilerplate groups and variables. Most of this you can leave as is, but there are a few things to update that are marked with TODOs. You should make sure to update the following:
  1. 1.
    Set the portal_domain variable
  2. 2.
    Define your server in webportals_prod
Once you have the above defined, you can test ansible with the portal ping playbook.
# From the ansible-playbook repo
./scripts/portals-ping.sh -u root --limit eu-ger-1
or
./scripts/portals-ping.sh -u <root-like-user> --limit eu-ger-1

Portal Setup Initial

Now that you know Ansible is working to target your server, it is time to initialize your server to be ready for running a portal. To do this we will need to run the portals-setup-initial.sh Ansible script. Before we run that script, let's make sure we have everything we need.
First, you should have been able to run the portal ping playbook from the previous step successfully.
Second, we want to make sure our ssh keys get added to the server properly when creating the user account on the server. In the ansible-private/custom-vars/common.yml file, set your ssh key in the webportal_user_authorized_keys variable, or follow the instructions in the comments for setting multiple keys.
webportal_user_authorized_keys: "ssh-ed25519 AAaksiduejenZDI1NTE5AAAAIG67M3zC4eDJ0d9ek3mn48GclteKbB86ONQtBaWY93M6 [email protected]"
Also in the ansible-private/custom-vars/common.yml config file there is one email variable that you will want to define.
ssl_support_email: "[email protected]"
Now you are ready to run the portals-setup-initial.sh script. Since we have all our configs defined in our ansible-private repo, we don't need any config file in the ansible-playbooks repo just yet.
Initialize your server by running:
# Replace <host> with the host name you defined
# for your server in hosts.ini
./scripts/portals-setup-initial.sh --limit <host>
If you are using LastPass as your secrets manager, you will need to run the lastpass-login.sh script first.