diff options
| author | Lars Wirzenius <liw@liw.fi> | 2017-11-15 19:46:57 +0100 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2017-11-15 19:46:57 +0100 |
| commit | cae827600578959950358f65a2c3c9468fe36007 (patch) | |
| tree | 46d5ce7e27cb1fe20002f4661d162b15436d5895 /INSTALL | |
| parent | 61d0b4ac7ae8a02fa9699db3b5711aa35bde1358 (diff) | |
| download | ick2-cae827600578959950358f65a2c3c9468fe36007.tar.gz | |
Add: simplify, fix INSTALL
Diffstat (limited to 'INSTALL')
| -rw-r--r-- | INSTALL | 34 |
1 files changed, 23 insertions, 11 deletions
@@ -3,38 +3,50 @@ INSTALL ick2 The easy way to install ick2 is to use the script below. To prepare: +* Install ansible, pass, git, and have or create a PGP key pair. * Clone git://git.liw.fi/ick2 * Clone git://git.liw.fi/ansibleness * Clone git://git.qvarnlabs.net/debian-ansible * Create a VM. Should contain Debian stretch. * edit `ansibleness/ansible/hosts` to change the `ick2` line to - append `ansible_ssh_host=127.0.0.1`, where 127.0.0.1 is the actual - address of the VM + append `ansible_ssh_host=192.168.42.42`, where 192.168.42.42 is + the actual address of the VM (not needed if the VM is accessible + using the name `ick2`) * also edit edit `ick2.yml` to set `remote_user` to a username that can do sudo without a password, and that you can access via ssh, - without a password -* On another host, install ansible, pass, and have or create a PGP key - pair. + without a password (not needed if the user is `ansible`) * Save the script below into setup.py and run it: Change the - FINGEPRINT line to refer to your PGP fingerprint. - + FINGEPRINT line to refer to your PGP fingerprint. You need to give + it paths to the three git checkouts. + ./setup.sh "PATH/TO/ick2" "PATH/TO/ansibleness/ansible" \ "PATH/TO/debian-ansible/roles/" * This should set up the VM to run the Ick2 controller and a worker. + It may take a while. +* Create `~/.config/icktool/icktool.yaml`: + + config: + controller: https://192.168.42.42 + token-private-key-cmd: pass show ick2/token_key + verify-tls: no + * Verify: in the ick2 checkout, run: - ./icktool --controller https://127.0.0.1 version - ./icktool --controller https://127.0.0.1 token + export PASSWORD_STORE_DIR=passwords + ./icktool --controller https://192.168.42.42 version + ./icktool --controller https://192.168.42.42 token - Where 127.0.0.1 is again the address of the VM. The version command + Where 192.168.42.42 is again the address of the VM. The version command should report the version number, the token command should write a line of what looks like garbage, but is actually a JWT token. Alternatively, you can add code.liw.fi/debian to your APT sources list, and install the ick2 package, and do the configuration manually. See the roles/ick-controller/tasks/main.yml file in the ansiblness -repository for details. +repository for details. The script sets up a self-signed TLS +certificate and a token signing key. These get stored in a new pass(1) +passowrd store, by the script. Setup.py |