Commit 7c48bc6b authored by yuancun.nie's avatar yuancun.nie

Update README.md

parent 8fe13dd1
......@@ -90,6 +90,8 @@ Be aware that the development branches here are not save and the owner might for
# Run as admin
## Bootstraping
In this example the client to bootstrap may be `lasXXX` and the installation takes place from the server `obelix`.
The prompts `#` show that you are working at root.
* Enable SSH on the new host (`lasXXX$ sudo systemctl start sshd && sudo systemctl enable sshd`)
* Connect to the ansible server (`lasXXX$ ssh nie@obelix.las.kit.edu`)
* Become root (`obelix$ sudo -s`)
......@@ -104,28 +106,24 @@ Be aware that the development branches here are not save and the owner might for
* Synchronise our ansible git repository to obelix, by `git pull`
* Run `ansible-playbook --vault-id @prompt sites.yml --limit lasXXX.las.kit.edu`
## Edit encrypted files
* You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
The first one is of cause the preferred one, because there is no risk to add a unencrypted file to the repo.
## Bootstrap IPA hosts
In this example the client to bootstrap may be `pepe` and the installation takes place from the server `obelix`.
The prompts `#` show that you are working at root.
* Add your (root's) SSH-key to the host `obelix# ssh-copy-id pepe.las.kit.edu`
* Install ansible dependencies on the client: `pepe# dnf install python3-dnf libselinux-python`
### Bootstrap IPA hosts
**Warning** Please run the following commands just once! In case anything went wrong, follow the instructions of [## Decommission/Uninstall a host](#decommissionuninstall-a-host)
* Get a Kerberos ticket (``obelix# kinit -f admin@LAS.KIT.EDU``)
* For the host with the hostname `pepe.las.kit.edu` do the following
* edit a file ``host_vars/pepe.las.kit.edu``
```
obelix# ansible-playbook -l pepe.las.kit.edu add_ipa_host.yml --vault-id @prompt
```
* Go to ansible, by `cd /root/ansible`
* Run `ansible-playbook -l lasXXX.las.kit.edu add_ipa_host.yml --vault-id @prompt`
and provide the root password for the new host.
## Decommission/Uninstall a host
* edit the ``add_ipa_host.yml`` and uncomment the uninstall step in it.
## Edit encrypted files
* You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
The first one is of cause the preferred one, because there is no risk to add a unencrypted file to the repo.
# Nice to know / Random tips
Sometimes it's annoying to wait for all the updates that are installed when running the common role. To skip this step you can add the option `--skip-tags="update"`.
Sometimes it's annoying to wait for all the updates that are installed when running the common role. To skip this step you can add the option `--skip-tags="update"`.
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment