source: main/waeup-ansible/README-vhosts.rst @ 17569

Last change on this file since 17569 was 15915, checked in by uli, 5 years ago

Rename group [yet-untouched] -> [yet_untouched]

as ansible does not like dashes in groupnames.

File size: 4.0 KB
RevLine 
[14909]1=============================================
2 Playbooks for administrating WAeUP servers.
3=============================================
4
5This is the fine manual to survive basic setup of vagrant workers.
6
7
8Setup a box and start it
9========================
10
11Become `vhosts` user on ``h8``. Then, create a home for the new VM and create a
12first Vagrantfile. For the latter use existing instances as template.::
13
14  vhosts@h8 $ mkdir vhost23
15  vhosts@h8 $ cp vhost22/Vagrantfile vhost23/
16  vhosts@h8 $ cd vhost23
17
18Edit the new Vagrantfile and set virtual ip and SSH port to some yet unused
19value. Also set the hostname to ``v23`` / ``v23.waeup.org`` respectively.
20Ensure, that for now all public IPs and port forwardings are commented out (as
21SSH on the new box is yet unsecured)::
22
23  vhosts@h8/vhost23 $ vim Vagrantfle
24
25Then, start the new VM::
26
27  vhosts@h8/vhost23 $ vagrant up
28
29and look out for the portnumber on which the new box is reachable from the
30remote host. This will normally be 2222.
31
32
33Enable SSH-key login from remote
34================================
35
36First create a new key for you::
37
38    uli@home $ ssh-keygen -t ed25519 -C "uli@home to v23.waeup.org" -f ~/.ssh/idv23
39
40and register the new key in SSH config (`~/.ssh/config`::
41
42    Host v23 v23.waeup.org
43        Hostname h8.waeup.org
44        User ubuntu
45        Port 2323
46        IdentityFile /home/uli/.ssh/id_v23
47        IdentitiesOnly yes
48
[15262]49Again, please use the really used values, especially for the port number (must
50be unique for each vhost) and User ("ubuntu" for vhosts running Ubuntu 16.04,
51"vagrant" else).
[14909]52
53The generated *public* key from `/home/uli/.ssh/id_v23.pub` can now be appended
54to the new vagrant box in three steps::
55
56  # 1 - copy to host server
57  uli@home $ scp ~/.ssh/id_v23.pub h8:/home/uli
58  # 2 - copy to vagrant box
59  vhosts@h8 $ cp /home/uli/id_v23.pub ~/vhost23/
60  vhosts@h8 $ cd ~/vhost23/
61  # 3 - in vagrant box append to authorized_keys
62  vhosts@h8 $ vagrant ssh
63  ubuntu@v23 $ cat /vagrant/id_v23.pub >> ~/.ssh/authorized_keys
64
65Now you should be able to login from home into the remote vagrant box.
66
67To test this, we try to connect from home to the remove vhost, but, as we yet
68have not secured SSH access, only through a tunnel that connects the remote
69localhost:2222 to our home localhost:3333.::
70
71  uli@home $ ssh -L 3333:localhost:2222 uli@h8.waeup.org
72
73leave that shell open until we are done and make sure (in another terminal)
74that we have something listening on the given port (here: 3333). In the next
75step we will have to use that tunnel for first configuration steps.
76
77
78Run ``vhost-bootstrap.yml``
79===========================
80
[15915]81In ``hosts`` add the new box in  the ``[yet_untouched]`` section::
[14909]82
[15915]83  [yet_untouched]
[14909]84  localhost:3333 ansible_user=ubuntu
85
86and run the playbook::
87
88  uli@home $ ansible-playbook -b -i hosts --private-key ~/.ssh/id_v23 vhost-bootstrap.yml
89
90This should secure the new box. From now on, we can connect via the regular
[15915]91ways. You can quit the open shell now and remove the ``[yet_untouched]`` entry
[14909]92in ``hosts``.
93
94Instead make a new entry in ``[bootstrapped]``::
95
96  # hosts
[15915]97  [yet_untouched]
[14909]98
99  [bootstrapped]
100  # ...
101  v23.waeup.org:2342 ansible_user=ubuntu
102
103  # ....
104
105using the port number and hostname you plan to assign to the new box.
106
107
108Make New Box Publicly Visible
109=============================
110
111As user `vhosts` edit the remote `Vagrantfile` and enable the settings of
112``private_network`` and ``forwarded_port``. Then, reload::
113
114  vhosts@h8 $ vagrant reload
115
116Ensure, you can connect to the new box via the official hostname used::
117
118  uli@home $ ssh v23.waeup.org
119
120There will be warnings about changed host keys the first time you try to
121reconnect. Edit `known_hosts` accordingly and retry until you can SSH-connect
122to the new box without any problems.
123
124
125Run ``vhost-setup.yml`` on the New Box
126======================================
127
128This is easy now:
129
130  uli@home $ ansible-playbook -b -i hosts -l v23.waeup.org setup.yml
131
132
133Finishing
134=========
135
136Finally, please move the hosts entry of the new box from the ``[bootstrapped]``
137section over to the ``[[vhosts]`` section.
Note: See TracBrowser for help on using the repository browser.