From f3d1884f56d639b7d1a11929e5508b2170729e8f Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 16 Jun 2018 10:50:07 +0300 Subject: Change: drop obsolete installation instructions with link to website --- INSTALL | 85 +---------------------------------------------------------------- 1 file changed, 1 insertion(+), 84 deletions(-) diff --git a/INSTALL b/INSTALL index 1edc221..7e2b5fd 100644 --- a/INSTALL +++ b/INSTALL @@ -1,87 +1,4 @@ INSTALL ick2 ============================================================================= -The easy way to install ick2 is to use the script below. To prepare: - -* Install ansible, pass, git, and have or create a PGP key pair. -* Clone git://git.liw.fi/ick2 -* Clone git://git.liw.fi/ick2-ansible -* Clone git://git.qvarnlabs.net/debian-ansible -* Create a VM. Should contain Debian stretch. - * edit `ick-ansible/hosts` to change the `ick2` line to - append `ansible_ssh_host=192.168.42.42`, where 192.168.42.42 is - the actual address of the VM (not needed if the VM is accessible - using the name `ick2`) - * also edit edit `ick2.yml` to set `remote_user` to a username that - can do sudo without a password, and that you can access via ssh, - without a password (not needed if the user is `ansible`) -* Save the script below into setup.sh and run it: Change the - FINGEPRINT line to refer to your PGP fingerprint. You need to give - it paths to the three git checkouts. - - ./setup.sh "PATH/TO/ick2" "PATH/TO/ick2-ansible" \ - "PATH/TO/debian-ansible/roles/" - -* This should set up the VM to run the Ick2 controller and a worker. - It may take a while. -* Create `~/.config/icktool/icktool.yaml`: - - config: - controller: https://192.168.42.42 - token-private-key-cmd: pass show ick2/token_key - verify-tls: no - -* Verify: in the ick2 checkout, run: - - export PASSWORD_STORE_DIR=passwords - ./icktool --controller https://192.168.42.42 version - ./icktool --controller https://192.168.42.42 token - - Where 192.168.42.42 is again the address of the VM. The version command - should report the version number, the token command should write a - line of what looks like garbage, but is actually a JWT token. - -Alternatively, you can add code.liw.fi/debian to your APT sources -list, and install the ick2 package, and do the configuration manually. -See the roles/ick-controller/tasks/main.yml file in the ick2-ansible -repository for details. The script sets up a self-signed TLS -certificate and a token signing key. These get stored in a new pass(1) -password store, by the script. - - -Setup.py ------------------------------------------------------------------------------ - - #!/bin/sh - - set -eu - - SRC="$1" - PLAYBOOKS="$2" - export ANSIBLE_ROLES_PATH="$3" - - export FINGERPRINT='DBE5439D97D8262664A1B01844E17740B8611E9C' - export PASSWORD_STORE_DIR="$(pwd)/passwords" - - ssh-keygen -N '' -f worker_manager_key - "$SRC/generate-rsa-key" token_key - - openssl req -subj '/CN=domain.com/O=My Company Name LTD./C=US' -new \ - -newkey rsa:2048 -days 365 -nodes -x509 \ - -keyout ick2.key -out ick2.crt - cat ick2.key ick2.crt > ick.pem - - if [ ! -e "$PASSWORD_STORE_DIR" ] - then - pass init "$FINGERPRINT" - - pass insert -m ick2/wm_ssh_key < worker_manager_key - pass insert -m ick2/wm_ssh_key_pub < worker_manager_key.pub - - pass insert -m ick2/token_key < token_key - pass insert -m ick2/token_key.pub < token_key.pub - - pass insert -m ick2/ick.pem < ick.pem - fi - - (cd "$PLAYBOOKS" && ansible-playbook -i hosts ick2.yml) +See instead. -- cgit v1.2.1