...
Prerequisite: Servers must have been deployed in AWS already. See this page for How-To Deploy New Servers.
Parameter | Description | Default | Mandatory |
---|---|---|---|
-i Inventory File | The inventory file containing server configuration | N/A | Yes |
-r Repo folder | A repository folder containing the following:
| N/A | Yes |
-w service_sshldap account password | This is the password for the default service account defined by this DN: uid=service_sshldap,${SSHLDAP_SVCS_OPS_DN}. Is this is not passed in, then the default behavior of the Directory Server must be to allow anonymous binds. In addition, you should set SSHLDAP_ACI_DN_TYPE=userdn and SSHLDAP_ACI_DN=anyone | N/A | No |
-y service_sshldap account password file | A file containing the password for the default service account. The same rules apply as the '-w' parameter. | N/A | No |
-Y opendj password file | A file containing two (2) passwords. The first line of the file should be the Directory Administrator's password. The second line contains the Admin User password. If a password file is not passed, then the user will be promoted for the required passwords. | N/A | No |
...
Directive | Description | Example | Mandatory | |||
---|---|---|---|---|---|---|
Repository Variables | ||||||
repo.[0..9]* | A Git repository that will be fetched on the target host being installed. Note: Repos are processed in order according to the numeric value. | [repo.1] [repo.2] | Yes. At least one repo is required. | |||
REPO_URI | The URI of the repository that will be exported. e.g. git archive --remote=${REPO_URI} ${theBranch} | tar -x -C /tmp/ | git@bitbucket.org:zibernetics/zinet.git | Yes | |||
REPO_BRANCH | The branch that will be fetched | master | No. If not provided the HEAD branch of the Git repo will be exported | |||
REPO_ROOT | The root of the git repo that will be fetched. e.g. git archive --remote=${REPO_URI} ${theBranch}:${REPO_ROOT} | tar -x -C /tmp/ | prod | No. If not provided the root of the Git branch will be exported. | |||
Global Variables | ||||||
global | A single entry containing global variables that are applied to each server entry. | [global] | Yes | |||
ziD | The ziNet identifier for the site. | zId=zibernetics | Yes | |||
ziTenantId | The tenant ID used by the OpenDJ module and SSHLDAP module. | ziTenantId=acme | Yes | |||
CA_HOST_NAME | The host name for the server running the CA | CA_HOST_NAME=ca.ops.zibernetics.io | No. If not defined, then server certificate requests can't be signed. i.e. no certs for SSL config. | |||
REPO_KEY_SCAN | The host name for the Git server. This will be used to perform a ssh-keyscan so that unattended Git exports can be performed. | REPO_KEY_SCAN=bitbucket.org | No | |||
DIR_MGR_DN | The OpenDJ module Directory Manager DN | DIR_MGR_DN="cn=Directory Manager" | Yes | |||
SEARCH_DOMAINS | A list of DNS search domains to configure servers with quoted and separated by spaces if more than one search domain. | SEARCH_DOMAINS="ops.zibernetics.io "zibernetics.io" | No | |||
Server Variables | ||||||
server.[0..9]* | A server that will be setup with one or more ziNet module. See below for individual module directives. | [server.10] | Yes | |||
Core ziNet Module Directives | ||||||
INSTALL_ZINET | Install the core ziNet module | INSTALL_ZINET=[ true | false ] | No | |||
ZINET_TARGET_HOSTNAME | The host name to configure the server. Note: DNS should be able to resolve the server. This merely set the Linux host name. | ZINET_TARGET_HOSTNAME=prod-itops1.ops.zibernetics.io | Yes | |||
ZINET_STORAGE_DEV | This is a file system device attached to the server will be formatted using ext4. | ZINET_STORAGE_DEV=/dev/xvdb | No | |||
ZINET_DATA_DIR= | This is the mount point that will be used to symlink ziNet configuration directory in /etc/${ziD}. When used in conjunction with ZINET_STORAGE_DEV, this has the effect of using a separate partition to hold all ziNet data. | ZINET_DATA_DIR=/data | No | |||
ziNet PKI Module Directives | ||||||
INSTALL_PKI | Install the ziNet PKI Module | INSTALL_PKI=[ true | false ] | No | |||
PKI_CERT_SUBJECT_ALIASES | A comma separated list of DNS aliases to use when creating the SSL certificate request. | PKI_CERT_SUBJECT_ALIASES=prod-itops1,prod-ca1.ops.zibernetics.io,prod-ca1 | No | |||
PKI_CERT_SUBJECTNAME | The SSL certificate subject name to use when creating the SSL certificate request. | PKI_CERT_SUBJECTNAME=prod-itops1.ops.zibernetics.io | No. If not provided then the value returned from $(hostname) will be used. | |||
INSTALL_CA | Install a CA on the target server. | INSTALL_CA==[ true | false ] | No. However, at least one CA server should have been setup previously and identified with the global variable: CA_HOST_NAME | |||
zinet SSHLDAP Module Directives | ||||||
INSTALL_SSHLDAP | Install the ziNet SSHLDAP Module | INSTALL_SSHLDAP=[ true | false ] | No | |||
SSHLDAP_FABRIC_HOST_ID | This is the SSHLDAP Fabric hostID for the target server. | SSHLDAP_FABRIC_HOST_ID=ops-prv-101002-server | Yes | |||
DEPLOY_SSHLDAP | Flag to deploy the SSHLDAP schema. | DEPLOY_SSHLDAP=[ true | false ] | Yes for the initial setup of the SSHLDAP environment | |||
ziNet Docker Module Directives | ||||||
INSTALL_DOCKER | Install the ziNet Docker Module | INSTALL_DOCKER=[ true | false ] | No | |||
DEPLOY_DOCKER | Flag to deploy the Docker schema. | DEPLOY_DOCKER=[ true | false ] | Yes for the initial setup of the Docker environment | |||
ziNet Java Module Directives | ||||||
INSTALL_JAVA | Install the ziNet Java Module | INSTALL_JAVA=[ true | false ] | No | |||
JAVA_REPO_FILENAME | The Oracle JDK archive file that will be installed. If not specified, the the OpenDJK will be installed and configured. | JAVA_REPO_FILENAME=jdk-7u79-linux-x64.tar.gz | No | |||
ziNet OpenDJ Module Directives | ||||||
INSTALL_OPENDJ | Install the ziNet OpenDJ Module | INSTALL_OPENDJ=[ true | false ] | No | |||
OPENDJ_ZIP_ARCHIVE | The OpenDJ archive file that will be installed. | OPENDJ_ZIP_ARCHIVE=OpenDJ-2.6.2.zip | Yes | |||
CONFIGURE_OPENDJ | Flag to run the initial configuration on a node. | CONFIGURE_OPENDJ=[ true | false ] | Yes for the initial setup of the main OpenDJ node (cluster or stand-alone) | |||
DEPLOY_OPENDJ | Flag to deploy the OpenDJ schema. | DEPLOY_OPENDJ=[ true | false ] | Yes for the initial setup of the main OpenDJ node (cluster or stand-alone) | |||
DEPLOY_TENANT | Flag to deploy a tenant space | DEPLOY_TENANT=[ true | false ] | Yes for the initial setup of the main OpenDJ node (cluster or stand-alone) |
Script: deploy-sshldap.sh
...
Parameter | Description | Default | Mandatory |
---|---|---|---|
-z ziD | The ziD of the ziNet instance. | N/A | Yes |
-C docker config file | A sshldap config file. See this page for reference. This file will be sources prior to configuring the sshldap schema in the Directory Server | N/A | Yes |
-D admin user DN | An admin user bind DN. This user must be able to perform modifies to any parts of the Directory Server specified in the sshldap config file. | N/A | Yes |
-w admin user password | Admin user password. | N/A | No |
-W | Prompt for a password. The default behavior will be to prompt for a password. | true | No |
-y admin user password file | A file containing the admin user's password | N/A | No |
...