1 | ============================================= |
---|
2 | Playbooks for administrating WAeUP servers. |
---|
3 | ============================================= |
---|
4 | |
---|
5 | This is the fine manual to survive basic setup of vagrant workers. |
---|
6 | |
---|
7 | |
---|
8 | Setup a box and start it |
---|
9 | ======================== |
---|
10 | |
---|
11 | Become `vhosts` user on ``h8``. Then, create a home for the new VM and create a |
---|
12 | first Vagrantfile. For the latter use existing instances as template.:: |
---|
13 | |
---|
14 | vhosts@h8 $ mkdir vhost23 |
---|
15 | vhosts@h8 $ cp vhost22/Vagrantfile vhost23/ |
---|
16 | vhosts@h8 $ cd vhost23 |
---|
17 | |
---|
18 | Edit the new Vagrantfile and set virtual ip and SSH port to some yet unused |
---|
19 | value. Also set the hostname to ``v23`` / ``v23.waeup.org`` respectively. |
---|
20 | Ensure, that for now all public IPs and port forwardings are commented out (as |
---|
21 | SSH on the new box is yet unsecured):: |
---|
22 | |
---|
23 | vhosts@h8/vhost23 $ vim Vagrantfle |
---|
24 | |
---|
25 | Then, start the new VM:: |
---|
26 | |
---|
27 | vhosts@h8/vhost23 $ vagrant up |
---|
28 | |
---|
29 | and look out for the portnumber on which the new box is reachable from the |
---|
30 | remote host. This will normally be 2222. |
---|
31 | |
---|
32 | |
---|
33 | Enable SSH-key login from remote |
---|
34 | ================================ |
---|
35 | |
---|
36 | First create a new key for you:: |
---|
37 | |
---|
38 | uli@home $ ssh-keygen -t ed25519 -C "uli@home to v23.waeup.org" -f ~/.ssh/idv23 |
---|
39 | |
---|
40 | and register the new key in SSH config (`~/.ssh/config`:: |
---|
41 | |
---|
42 | Host v23 v23.waeup.org |
---|
43 | Hostname h8.waeup.org |
---|
44 | User ubuntu |
---|
45 | Port 2323 |
---|
46 | IdentityFile /home/uli/.ssh/id_v23 |
---|
47 | IdentitiesOnly yes |
---|
48 | |
---|
49 | Again, please use the really used values. |
---|
50 | |
---|
51 | The generated *public* key from `/home/uli/.ssh/id_v23.pub` can now be appended |
---|
52 | to the new vagrant box in three steps:: |
---|
53 | |
---|
54 | # 1 - copy to host server |
---|
55 | uli@home $ scp ~/.ssh/id_v23.pub h8:/home/uli |
---|
56 | # 2 - copy to vagrant box |
---|
57 | vhosts@h8 $ cp /home/uli/id_v23.pub ~/vhost23/ |
---|
58 | vhosts@h8 $ cd ~/vhost23/ |
---|
59 | # 3 - in vagrant box append to authorized_keys |
---|
60 | vhosts@h8 $ vagrant ssh |
---|
61 | ubuntu@v23 $ cat /vagrant/id_v23.pub >> ~/.ssh/authorized_keys |
---|
62 | |
---|
63 | Now you should be able to login from home into the remote vagrant box. |
---|
64 | |
---|
65 | To test this, we try to connect from home to the remove vhost, but, as we yet |
---|
66 | have not secured SSH access, only through a tunnel that connects the remote |
---|
67 | localhost:2222 to our home localhost:3333.:: |
---|
68 | |
---|
69 | uli@home $ ssh -L 3333:localhost:2222 uli@h8.waeup.org |
---|
70 | |
---|
71 | leave that shell open until we are done and make sure (in another terminal) |
---|
72 | that we have something listening on the given port (here: 3333). In the next |
---|
73 | step we will have to use that tunnel for first configuration steps. |
---|
74 | |
---|
75 | |
---|
76 | Run ``vhost-bootstrap.yml`` |
---|
77 | =========================== |
---|
78 | |
---|
79 | In ``hosts`` add the new box in the ``[yet-untouched]`` section:: |
---|
80 | |
---|
81 | [yet-untouched] |
---|
82 | localhost:3333 ansible_user=ubuntu |
---|
83 | |
---|
84 | and run the playbook:: |
---|
85 | |
---|
86 | uli@home $ ansible-playbook -b -i hosts --private-key ~/.ssh/id_v23 vhost-bootstrap.yml |
---|
87 | |
---|
88 | This should secure the new box. From now on, we can connect via the regular |
---|
89 | ways. You can quit the open shell now and remove the ``[yet-untouched]`` entry |
---|
90 | in ``hosts``. |
---|
91 | |
---|
92 | Instead make a new entry in ``[bootstrapped]``:: |
---|
93 | |
---|
94 | # hosts |
---|
95 | [yet-untouched] |
---|
96 | |
---|
97 | [bootstrapped] |
---|
98 | # ... |
---|
99 | v23.waeup.org:2342 ansible_user=ubuntu |
---|
100 | |
---|
101 | # .... |
---|
102 | |
---|
103 | using the port number and hostname you plan to assign to the new box. |
---|
104 | |
---|
105 | |
---|
106 | Make New Box Publicly Visible |
---|
107 | ============================= |
---|
108 | |
---|
109 | As user `vhosts` edit the remote `Vagrantfile` and enable the settings of |
---|
110 | ``private_network`` and ``forwarded_port``. Then, reload:: |
---|
111 | |
---|
112 | vhosts@h8 $ vagrant reload |
---|
113 | |
---|
114 | Ensure, you can connect to the new box via the official hostname used:: |
---|
115 | |
---|
116 | uli@home $ ssh v23.waeup.org |
---|
117 | |
---|
118 | There will be warnings about changed host keys the first time you try to |
---|
119 | reconnect. Edit `known_hosts` accordingly and retry until you can SSH-connect |
---|
120 | to the new box without any problems. |
---|
121 | |
---|
122 | |
---|
123 | Run ``vhost-setup.yml`` on the New Box |
---|
124 | ====================================== |
---|
125 | |
---|
126 | This is easy now: |
---|
127 | |
---|
128 | uli@home $ ansible-playbook -b -i hosts -l v23.waeup.org setup.yml |
---|
129 | |
---|
130 | |
---|
131 | Finishing |
---|
132 | ========= |
---|
133 | |
---|
134 | Finally, please move the hosts entry of the new box from the ``[bootstrapped]`` |
---|
135 | section over to the ``[[vhosts]`` section. |
---|