diff --git a/docs/guides/deploy-guide/manager.md b/docs/guides/deploy-guide/manager.md index 6dfad40309..dba43e479c 100644 --- a/docs/guides/deploy-guide/manager.md +++ b/docs/guides/deploy-guide/manager.md @@ -22,8 +22,9 @@ on the manager node need to be run as this user. The name of the operator user i With `ANSIBLE_USER` the existing user account is set after the provsioning of the management node. When using the [osism/node-image](https://github.com/osism/node-image) the user is `osism` -and the password of this user is `password`. If you install Ubuntu manually the user usually is `ubuntu`. -The password according to what you have set yourself. +and the password of this user is `password`. If you install Ubuntu manually the user usually +is `ubuntu`. If you want to use any other user here, that's no problem. It is important that +this user has sudo rights. The password according to what you have set yourself. ``` ANSIBLE_BECOME_ASK_PASS=True \ @@ -33,6 +34,14 @@ ANSIBLE_USER=osism \ ./run.sh operator ``` +When the `./run.sh operator` is executed, the following prompts are displayed. + +| Prompt | Value | Comment | +|----------------------------------------------|----------------------------------------------------|--------------------------------------| +| `SSH password:` | Password so that the `ANSIBLE_USER` can login | Enabled by `ANSIBLE_ASK_PASS` | +| `BECOME password[defaults to SSH password]:` | Password so that the `ANSIBLE_USER` can use `sudo` | Enabled by `ANSIBLE_BECOME_ASK_PASS` | +| `Vault password:` | Value of `secrets/vaultpass` | Enabled by `ANSIBLE_ASK_VAULT_PASS` | + * If a password is required to login to the manager node, `ANSIBLE_ASK_PASS=True` must be set. * If an SSH key is required to login to the manager node, the key has to be added on the manager node to `~/.ssh/authorized_keys` in the home directory of the user specified as `ANSIBLE_USER` first. @@ -45,15 +54,6 @@ ANSIBLE_USER=osism \ ANSIBLE_USER=osism ./run.sh python3 ``` -* To verify the creation of the operator user, use the private key file `id_rsa.operator`. Make - sure you purge all keys from ssh-agent identity cache using `ssh-add -D`. You can print the list - using `ssh-add -l`. The list should be empty. - - ``` - ssh-add -D - ssh -o IdentitiesOnly=yes -i id_rsa.operator dragon@testbed-manager - ``` - * If you receive the following error message `ssh: Too many authentication failures` set `ANSIBLE_SSH_ARGS` environment variable to use only the operator ssh key for authentication. @@ -79,6 +79,14 @@ in the Ansible documentation. | `ANSIBLE_BECOME_ASK_PASS` | Boolean | Toggle to prompt for privilege escalation password. | | `ANSIBLE_SSH_ARGS` | String | If set, this will override the Ansible default ssh arguments. | | `ANSIBLE_USER` | String | The user Ansible ‘logs in’ as. | +To verify the creation of the operator user, use the private key file `id_rsa.operator`. Make +sure you purge all keys from ssh-agent identity cache using `ssh-add -D`. You can print the list +using `ssh-add -l`. The list should be empty. + +``` +ssh-add -D +ssh -o IdentitiesOnly=yes -i id_rsa.operator dragon@testbed-manager +``` ## Apply the network configuration @@ -86,6 +94,10 @@ Most of the parameters required for Ansible (`ANSIBLE_BECOME_ASK_PASS`, `ANSIBLE in the previous step are no longer necessary. If Ansible Vault is used, however, `ANSIBLE_ASK_VAULT_PASS` must still be set. +``` +export ANSIBLE_ASK_VAULT_PASS=True +``` + To prevent recurring installation of Ansible Collections, `export INSTALL_ANSIBLE_ROLES=False` can be set. The network configuration, already present on a node should be backuped before this step. @@ -103,10 +115,12 @@ nodes. ## Bootstrap Most of the parameters required for Ansible (`ANSIBLE_BECOME_ASK_PASS`, `ANSIBLE_ASK_PASS`, `ANSIBLE_USER`, ...) -in the previous step are no longer necessary. If Ansible Vault is used, however, `ANSIBLE_ASK_VAULT_PASS` -must still be set. +in the previous step are no longer necessary. + +If Ansible Vault is used, however, `export ANSIBLE_ASK_VAULT_PASS=True` must still be set. To prevent recurring installation of Ansible Collections, `export INSTALL_ANSIBLE_ROLES=False` can be set. +This is recommended. 1. Bootstrap the manager node.