Skip to content

Commit

Permalink
Update ansible readme with important missing details
Browse files Browse the repository at this point in the history
  • Loading branch information
@rcrichton
rcrichton committed Jul 26, 2024
1 parent 18042fe commit 4d63774
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions infrastructure/ansible/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,19 @@

## Infrastructure and Servers

Please see the `/inventories/{ENVIRONMENT}/hosts` file for IP details of the designated services. Set these to the server that you created via terraform.
Please see the `/inventories/{ENVIRONMENT}/hosts` file for IP details of the designated services. Set these to the server's domain name/s that you created via terraform.
## Ansible
### SSH Access
To authenticate yourself on the remote servers your ssh key will need to be added to the `sudoers` var in the _/inventories/{ENVIRONMENT}/group_vars/all.yml_.
To authenticate users and to allow them to have sudo access on the remote servers your ssh key will need to be added to the `sudoers` var in the _/inventories/{ENVIRONMENT}/group_vars/all.yml_.
To have docker access you need to add your ssh key to the `docker_users` var in the _/inventories/{ENVIRONMENT}/group_vars/all.yml_.
To authenticate users and to allow them to have docker access you need to add your ssh key to the `docker_users` var in the _/inventories/{ENVIRONMENT}/group_vars/all.yml_.
An authorised user will need to run the `provision_servers.yml` playbook to add your ssh key to the servers.
Ensure that you remove all users that you don't want to have access. The default development files have a bunch of Jembi staff's user credentials.
An pre-authorised user will need to run the `provision_servers.yml` playbook the first time to add your ssh key to the servers.
### Configuration
Expand All @@ -32,6 +34,8 @@ Before running the ansible script add the server to your known hosts file else a
ssh-keyscan -H <host> >> ~/.ssh/known_hosts
```
Next, ensure that you configure the `firewall_subnet_restriction` property of the _/inventories/{ENVIRONMENT}/group_vars/all.yml_ file if you are setting up multiple nodes in a Docker swarm. Docker swarm nodes need to communicate with each other, this property adds a restriction on the software firewall on each node (UFW) which only allow that communication to happen on the particular subset specified by this property.
To run a playbook you should do:
```bash
Expand Down

0 comments on commit 4d63774

Please sign in to comment.