tpurschke
commented
4 years ago - [ ] top priority: start with easy case: only UI is running on separate machine (customer driven). @alf-cactus - can you have a look at this?
- [ ] enhance documentation advanced config, distributed installation
- [x] remote/distributed installation with sudo (ansible.cfg:Pipelining=False) requires root login to remote systems?! This needs to be avoided. Maybe we need to circumvent this on latest linux distros and revert back to no-sudo install. First suggested approach: get the installation running from one ubuntu 22.04 system onto a remote ubuntu 22.04 (or debian11) system.
- [ ] also deal with auto-discovery in distributed installations: provide for the case when the middleware server cannot directly reach one of the managers (both interactive and scheduled auto-discovery)
- [ ] make sure that we are able to check all certificates when communicating between the components
- [ ] further improvements:
- see documentation under documentation/installer/changes-necessary-for-distributed-setup.md
- add hostnames for services
- make sure the inventory/group_vars files are ordered correctly and the files (e.g. secrets) are put on the necessary servers
- add domain variable (default: .cactus)
- all hostnames to be written to /etc/hosts file
- use these hostnames in config
- sample entry for one-machine installation 127.0.0.1 db.fworch api.fworch ldap-internal.fworch ui.fworch importer.fworch auth.fworch
- sample entries for distributed installation 10.1.1.81 db.fworch 10.1.1.81 api.fworch 10.1.1.81 auth.fworch 10.1.1.81 ldap-internal.fworch 10.1.1.82 ui.fworch 10.1.1.83 importer.fworch
- [x] encountered a minor (warning) issue during installation without sudo:
- [x] if possible move tests to the back to make sure everything was set up even though some tests are failing
- [ ] Distribute/centralize logging https://www.digitalocean.com/community/tutorials/how-to-centralize-logs-with-journald-on-debian-10
- [ ] plan to remove localhost/127.0.0.1 from ansible
- [ ] decide where to run install script (backend or remote client?)
- [x] decide which service is only reachable on localhost and which needs to be reachable via network
- [x] document current usage of localhost/127.0.0.1:
- inventory/hosts.yml (ansible_host)
- inventory/groups_vars/all.yml (fworch_db_host, syslog_host, middleware_hostname, middleware_server_name, api_ip_address)
- inventory/groups_vars/frontends.yml (ui_hostname)
- inventory/groups_vars/middlewareserver.yml (openldap_server)
- inventory/groups_vars/sample_server:yml (import_sample_server, importer_hostname)
- roles/sample-data/tasks/main.yml (add localhost hostkey, scan localhost ssh keys)
- roles/openldap-server/defaults/main.yml (openldap_server)
- roles/openldap-server/templates/override.conf.j2 (slapd uri?)
- scripts/install-latest-ansible.yml (hosts)
- scripts/uninstall-fworch.yml (remove known host key)
- roles/test/files/FWO.Test/ConfigFileTest.cs - correctConfigFile, ...)
- scripts/install_toplevel.sh
- [x] document unresolved removal of localhost/127.0.0.1:
- documentation > leave as is, enhance advanced config, distributed installation
- middleware/.../launchSettings.json > leave as is
- sample-data/.../main.yml > which hostkeys need to be added to known_host of sampleserver?
- sample-data/.../ssh-keyscan.yml > see above
- test/.../testapi.sh, ssh-keyscan.sh > leave as is, scripts might be eol
- test/.../ConfigFileTest.cs > localhost = api_hostname?
- ui/.../HelpApi... > leave as is, only documentation
- ui/.../launchSettings.json > leave as is
- scripts/uninstall-fworch.yml > where is localhost key added? Only in sample-data?
- etc/forch.json > localhost = api_hostname? How to use yaml vars?
- common/.../iso.conf > localhost = fworch_db_host? How to use yaml vars?
- database/.../main.yml > replace 127.0.0.1 with variables
- scripts/install_toplevel.sh
NilsPur