(Work in progress..)
This page describes how to install Identity Hub service on a Virtual Machine by using Ansible and its GIT repository.
It is aimed to technical people who want to deploy a fresh install clean installation of Identity Hub in a new environment or to update an existing one.
In case of questions, please contact technical@eduteams.org
This page describes how to install X on Y using Z (e.g. deployment host, GIT repository). It is aimed at (technical) people who want to achieve A in the context of B. This guide does not cover C. In case of questions, please contact technical@eduteams.org. (if this page describes only how to install ID Hub, this should be reflected in title.)
What do you need:
Preparation
Prerequisites for running the deploymentall you need is an ansible master VM (from where?), with installed:
- Ansible >= 2.2.1.0
- Pip
- GIT (which repository? from where to get credentials to checkout code?)
To install Ansible, you can you pip:
sudo pip install ansible
How to prepare a new platform:
...
- GIT
Retrieving Identity Hub source
Source code of the deployment playbook is available at: https://dev.niif.hu/vopaas/TEIP-deploy. The production branch is "master". Actually, this repository is not public.
Code Block | ||
---|---|---|
| ||
$ git clone git@dev.niif.hu:vopaas/TEIP-deploy.git |
Configuration:
To prepare a new platform, there are some directory and files to prepare:
- group_vars/
...
inventory/new
To prepare eduTEAMS platform, you must copy the following directories. Replace "new" with the name that was chosen for the platform.
group_vars/EXAMPLE
inventory/EXAMPLE
After new platform is ready, you have to modify some files:
FILE: group_vars/EXAMPLE/secrets.yml
Secrets contains all important data. After changing the fields, you must encrypt it through ansible-vault
COMMAND: ansible-vault encrypt group_vars/EXAMPLE/secrets.yml
You must provide a new password (PASSWORD)
DIRECTORY: group/vars/EXAMPLE/logos
Those directory contains all static images
DIRECTORY: group/vars/EXAMPLE/certs
Add all certificates files inside this directory (It is recommended to encrypt all those files with ansible-vault)
inventory/EXAMPLE/teip.yml
...
- <group_name>/secrets.yml: this file should be encrypted by ansible-vault.
- inventory/<group_name>/teip.yml: this file contains identity hub IP address.
- playbook/teipservers.yml
...
Edit variables with all set desired for the new platform
After all files are ready, you can start ansible:
...
- :
- group_vars/<group_name>/certs/: This directory must keep all certificates and keys
- group_vars/<group_name>/logos/: This directory must keep all idp logos