source: main/waeup-ansible/README-vhosts.rst @ 15251

Last change on this file since 15251 was 14909, checked in by uli, 7 years ago

Add docs for provisioning vhosts.

File size: 3.9 KB
Line 
1=============================================
2 Playbooks for administrating WAeUP servers.
3=============================================
4
5This is the fine manual to survive basic setup of vagrant workers.
6
7
8Setup a box and start it
9========================
10
11Become `vhosts` user on ``h8``. Then, create a home for the new VM and create a
12first Vagrantfile. For the latter use existing instances as template.::
13
14  vhosts@h8 $ mkdir vhost23
15  vhosts@h8 $ cp vhost22/Vagrantfile vhost23/
16  vhosts@h8 $ cd vhost23
17
18Edit the new Vagrantfile and set virtual ip and SSH port to some yet unused
19value. Also set the hostname to ``v23`` / ``v23.waeup.org`` respectively.
20Ensure, that for now all public IPs and port forwardings are commented out (as
21SSH on the new box is yet unsecured)::
22
23  vhosts@h8/vhost23 $ vim Vagrantfle
24
25Then, start the new VM::
26
27  vhosts@h8/vhost23 $ vagrant up
28
29and look out for the portnumber on which the new box is reachable from the
30remote host. This will normally be 2222.
31
32
33Enable SSH-key login from remote
34================================
35
36First create a new key for you::
37
38    uli@home $ ssh-keygen -t ed25519 -C "uli@home to v23.waeup.org" -f ~/.ssh/idv23
39
40and register the new key in SSH config (`~/.ssh/config`::
41
42    Host v23 v23.waeup.org
43        Hostname h8.waeup.org
44        User ubuntu
45        Port 2323
46        IdentityFile /home/uli/.ssh/id_v23
47        IdentitiesOnly yes
48
49Again, please use the really used values.
50
51The generated *public* key from `/home/uli/.ssh/id_v23.pub` can now be appended
52to the new vagrant box in three steps::
53
54  # 1 - copy to host server
55  uli@home $ scp ~/.ssh/id_v23.pub h8:/home/uli
56  # 2 - copy to vagrant box
57  vhosts@h8 $ cp /home/uli/id_v23.pub ~/vhost23/
58  vhosts@h8 $ cd ~/vhost23/
59  # 3 - in vagrant box append to authorized_keys
60  vhosts@h8 $ vagrant ssh
61  ubuntu@v23 $ cat /vagrant/id_v23.pub >> ~/.ssh/authorized_keys
62
63Now you should be able to login from home into the remote vagrant box.
64
65To test this, we try to connect from home to the remove vhost, but, as we yet
66have not secured SSH access, only through a tunnel that connects the remote
67localhost:2222 to our home localhost:3333.::
68
69  uli@home $ ssh -L 3333:localhost:2222 uli@h8.waeup.org
70
71leave that shell open until we are done and make sure (in another terminal)
72that we have something listening on the given port (here: 3333). In the next
73step we will have to use that tunnel for first configuration steps.
74
75
76Run ``vhost-bootstrap.yml``
77===========================
78
79In ``hosts`` add the new box in  the ``[yet-untouched]`` section::
80
81  [yet-untouched]
82  localhost:3333 ansible_user=ubuntu
83
84and run the playbook::
85
86  uli@home $ ansible-playbook -b -i hosts --private-key ~/.ssh/id_v23 vhost-bootstrap.yml
87
88This should secure the new box. From now on, we can connect via the regular
89ways. You can quit the open shell now and remove the ``[yet-untouched]`` entry
90in ``hosts``.
91
92Instead make a new entry in ``[bootstrapped]``::
93
94  # hosts
95  [yet-untouched]
96
97  [bootstrapped]
98  # ...
99  v23.waeup.org:2342 ansible_user=ubuntu
100
101  # ....
102
103using the port number and hostname you plan to assign to the new box.
104
105
106Make New Box Publicly Visible
107=============================
108
109As user `vhosts` edit the remote `Vagrantfile` and enable the settings of
110``private_network`` and ``forwarded_port``. Then, reload::
111
112  vhosts@h8 $ vagrant reload
113
114Ensure, you can connect to the new box via the official hostname used::
115
116  uli@home $ ssh v23.waeup.org
117
118There will be warnings about changed host keys the first time you try to
119reconnect. Edit `known_hosts` accordingly and retry until you can SSH-connect
120to the new box without any problems.
121
122
123Run ``vhost-setup.yml`` on the New Box
124======================================
125
126This is easy now:
127
128  uli@home $ ansible-playbook -b -i hosts -l v23.waeup.org setup.yml
129
130
131Finishing
132=========
133
134Finally, please move the hosts entry of the new box from the ``[bootstrapped]``
135section over to the ``[[vhosts]`` section.
Note: See TracBrowser for help on using the repository browser.