Server Initialization
At the end of this section, you should have the server initialized with a user
user
, disabled login with the root
(or other sudo
) user (for security reasons) and generally have your server secured.Seriously make sure you've gone through the prerequisites.
The
ansible-private-sample
repo that you cloned as ansible-private
has a pre-filled out hosts.ini
file with some boilerplate groups and variables. Most of this you can leave as is, but there are a few things to update that are marked with TODOs
. You should make sure to update the following:- 1.Set the
portal_domain
variable - 2.Define your server in
webportals_prod
# From the ansible-playbook repo
./scripts/portals-ping.sh -u root --limit eu-ger-1
or
./scripts/portals-ping.sh -u <root-like-user> --limit eu-ger-1
Now that you know Ansible is working to target your server, it is time to initialize your server to be ready for running a portal. To do this we will need to run the portals-setup-initial.sh Ansible script. Before we run that script, let's make sure we have everything we need.
First, you should have been able to run the portal ping playbook from the previous step successfully.
Second, we want to make sure our ssh keys get added to the server properly when creating the
user
account on the server. In the ansible-private/custom-vars/common.yml
file, set your ssh key in the webportal_user_authorized_keys
variable, or follow the instructions in the comments for setting multiple keys.webportal_user_authorized_keys: "ssh-ed25519 AAaksiduejenZDI1NTE5AAAAIG67M3zC4eDJ0d9ek3mn48GclteKbB86ONQtBaWY93M6 [email protected]"
Also in the
ansible-private/custom-vars/common.yml
config file there is one email variable that you will want to define.ssl_support_email: "[email protected]"
Now you are ready to run the portals-setup-initial.sh script. Since we have all our configs defined in our
ansible-private
repo, we don't need any config file in the ansible-playbooks
repo just yet. Initialize your server by running:
# Replace <host> with the host name you defined
# for your server in hosts.ini
./scripts/portals-setup-initial.sh --limit <host>
If you are using LastPass as your secrets manager, you will need to run the lastpass-login.sh script first.
Last modified 1yr ago