Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page describes how to install Identity Hub service on a Virtual Machine by using Ansible and its GIT repository.

It is aimed to technical people who want to deploy a clean installation of Identity Hub in a new environment or to update an existing one.

In case of questions, please contact technical@eduteams.org

Preparation

Prerequisites for running the deployment:

  •     Ansible

(Work in progress..)

Ansible Info:

...

  • >= 2.2.1.

...

Installed with: PIP

sudo pip install ansible

Ansible Command:

ansible-playbook -v -i inventory/(PLATFORM-TO-DEPLOY)/teip.yml playbook/site.yml --ask-vault-pass

  •     Pip 
  •     GIT 


Retrieving Identity Hub source

Source code of the deployment playbook is available at: https://dev.niif.hu/vopaas/TEIP-deploy. The production branch is "master". Actually, this repository is not public.

Code Block
titleClone recursively
$ git clone git@dev.niif.hu:vopaas/TEIP-deploy.git


Configuration

...

:

To prepare a new platform, there are some directory and files to prepare:

  • group_vars/

...

inventory/new

To prepare eduTEAMS platform, you must copy the following directories. Replace "new" with the name that was chosen for the platform. 

group_vars/EXAMPLE

inventory/EXAMPLE

After new platform is ready, you have to modify some files:

FILE: group_vars/EXAMPLE/secrets.yml

Secrets contains all important data. After changing the fields, you must encrypt it through ansible-vault

COMMAND: ansible-vault encrypt group_vars/EXAMPLE/secrets.yml

You must provide a new password (PASSWORD)

DIRECTORY: group/vars/EXAMPLE/logos

Those directory contains all static images

DIRECTORY: group/vars/EXAMPLE/certs

Add all certificates files inside this directory (It is recommended to encrypt all those files with ansible-vault)

inventory/EXAMPLE/teip.yml

Add idhub URL or IP address, then add the platform name.

playbook/teipservers.yml

  • <group_name>/secrets.yml: this file should be encrypted by ansible-vault. 
  • inventory/<group_name>/teip.yml: this file contains identity hub IP address.
  • playbook/teipservers.yml: 
  • group_vars/<group_name>/certs/: This directory must keep all certificates and keys
  • group_vars/<group_name>/logos/: This directory must keep all idp logos

...