From cae827600578959950358f65a2c3c9468fe36007 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 15 Nov 2017 19:46:57 +0100 Subject: Add: simplify, fix INSTALL --- INSTALL | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 097bfbb..a458940 100644 --- a/INSTALL +++ b/INSTALL @@ -3,38 +3,50 @@ INSTALL ick2 The easy way to install ick2 is to use the script below. To prepare: +* Install ansible, pass, git, and have or create a PGP key pair. * Clone git://git.liw.fi/ick2 * Clone git://git.liw.fi/ansibleness * Clone git://git.qvarnlabs.net/debian-ansible * Create a VM. Should contain Debian stretch. * edit `ansibleness/ansible/hosts` to change the `ick2` line to - append `ansible_ssh_host=127.0.0.1`, where 127.0.0.1 is the actual - address of the VM + append `ansible_ssh_host=192.168.42.42`, where 192.168.42.42 is + the actual address of the VM (not needed if the VM is accessible + using the name `ick2`) * also edit edit `ick2.yml` to set `remote_user` to a username that can do sudo without a password, and that you can access via ssh, - without a password -* On another host, install ansible, pass, and have or create a PGP key - pair. + without a password (not needed if the user is `ansible`) * Save the script below into setup.py and run it: Change the - FINGEPRINT line to refer to your PGP fingerprint. - + FINGEPRINT line to refer to your PGP fingerprint. You need to give + it paths to the three git checkouts. + ./setup.sh "PATH/TO/ick2" "PATH/TO/ansibleness/ansible" \ "PATH/TO/debian-ansible/roles/" * This should set up the VM to run the Ick2 controller and a worker. + It may take a while. +* Create `~/.config/icktool/icktool.yaml`: + + config: + controller: https://192.168.42.42 + token-private-key-cmd: pass show ick2/token_key + verify-tls: no + * Verify: in the ick2 checkout, run: - ./icktool --controller https://127.0.0.1 version - ./icktool --controller https://127.0.0.1 token + export PASSWORD_STORE_DIR=passwords + ./icktool --controller https://192.168.42.42 version + ./icktool --controller https://192.168.42.42 token - Where 127.0.0.1 is again the address of the VM. The version command + Where 192.168.42.42 is again the address of the VM. The version command should report the version number, the token command should write a line of what looks like garbage, but is actually a JWT token. Alternatively, you can add code.liw.fi/debian to your APT sources list, and install the ick2 package, and do the configuration manually. See the roles/ick-controller/tasks/main.yml file in the ansiblness -repository for details. +repository for details. The script sets up a self-signed TLS +certificate and a token signing key. These get stored in a new pass(1) +passowrd store, by the script. Setup.py -- cgit v1.2.1