...
| Warning |
|---|
Before you begin the installation, prepare the configuration files. |
Inventory
- Go to the indeed-pam-linux distribution folder and rename the inventory.template file to inventory.
- Edit the inventory file:
- In the managment section, specify the FQDN address of the management server, in the access section, specify the FQDN address of the SSH Proxy access server.
- For all of the servers except the local one, add the following line: remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123
- remote_ssh_user=root - username for remote connection to the resource
- ansible_ssh_password=123 - user password for remote connection to the resource
- ansible_become_password=123 - user password for remote connection to the resource
- Comment out all fields that have not been changed and save.
| Code Block | ||||
|---|---|---|---|---|
| ||||
# NOTE: To access docker host use local.docker name instead of localhost [management] pammng.test.local [access] pamgtw.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123 #[haproxy] #HAPROXY_SERVER_FQDN_OR_IP #[rds] #RDS_SERVER_FQDN_OR_IP # Use this section to override vars #[all:vars] #server_fqdn=OVERRIDE_SERVER_FQDN |
Configuration files
Unzip the downloaded configuration files and move the extracted folders to indeed-pam-linux\state.
...
- Go to indeed-pam-linux\state\certs and create a separate folder for the management server. Name it with the FQDN name of the management server.
- Move the management server certificates certificate to the folders folder corresponding to the serversmanagement server.
- Go to indeed-pam-linux\state\keys\rdp-proxy and create a separate folder for each of the access server. Name the folders folder with the FQDN name of the access server.
- Move the access server certificates certificate to the folders corresponding to the serversaccess server.
vars
- Go to indeed-pam-linux\scripts\ansible and open the file vars.yml.
- In the # pfx_pass: "ENTER_HERE" line remove the # symbol.
- Instead of ENTER_HERE, specify the password for the certificates.
- Save.
Installation
- Move the distribution to the target Linux resource.
Run the installation script with the command:
Code Block language bash sudo bash run-deploy.sh
- When prompted, enter your local sudo user name (for example, root) and password.
- Wait for the installation to finish.
Components Restarting
Management Server
- Go to the /etc/indeed/indeed-pam folder.
- Restart Indeed Identity PAM management server components using the following commands:
Restarting all of the components:
Code Block language bash sudo docker compose -f docker-compose.management-server.yml down sudo docker compose -f docker-compose.management-server.yml up -d или sudo docker-compose -f docker-compose.management-server.yml down sudo docker-compose -f docker-compose.management-server.yml up -dRestarting a specific component:
Code Block language bash sudo docker compose -f docker-compose.management-server.yml up -d <Имя компонента> --force-recreate или sudo docker-compose -f docker-compose.management-server.yml up -d <Имя компонента> --force-recreateExample of restarting the Indeed Identity PAM Core component:
Code Block language bash sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate или sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate
Access Server
- Go to the /etc/indeed/indeed-pam folder.
Restart Indeed Identity PAM access server components using the following commands:
Code Block language bash sudo docker compose -f docker-compose.access-server.yml down sudo docker compose -f docker-compose.access-server.yml up -d или sudo docker-compose -f docker-compose.access-server.yml down sudo docker-compose -f docker-compose.access-server.yml up -d