Page History

Inventory

1. Go to the indeed-pam-linux distribution folder and rename the inventory.template file to inventory.
2. Edit the inventory file:
   1. In the managment section, specify the FQDN address of the management server, in the access section, specify the FQDN address of the SSH Proxy access server.
   2. For all of the servers except the local one, add the following line: remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123
      1. remote_ssh_user=root — username for remote connection to the resource
      2. ansible_ssh_password=123 — user password for remote connection to the resource
      3. ansible_become_password=123 — user password for remote connection to the resource
   3. Comment out all fields that have not been changed and save.

# NOTE: To access docker host use local.docker name instead of localhost

[management]
pammng.test.local

[access]
pamgtw.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123

#[haproxy]
#HAPROXY_SERVER_FQDN_OR_IP

#[rds]
#RDS_SERVER_FQDN_OR_IP

# Use this section to override vars
#[all:vars]
#server_fqdn=OVERRIDE_SERVER_FQDN

Configuration Files

Unzip the downloaded configuration files and move the extracted folders to indeed-pam-linux\state.

Certificates

Certification Authority Certificate

Move the CA certificate along the path indeed-pam-linux\state\ca-certificates.

Server Certificates

1. Go to indeed-pam-linux\state\certs and create a separate folder for the management server. Name it with the FQDN name of the management server.
   
   
2. Move the management server certificate to the folder corresponding to the management server.
   
   
3. Go to indeed-pam-linux\state\keys\rdp-proxy and create a separate folder for the access server. Name it with the FQDN name of the access server.
   
   
4. Move the access server certificate to the folder corresponding to the access server.
   
   

vars

1. Go to indeed-pam-linux\scripts\ansible and open the file vars.yml.
2. In the # pfx_pass: "ENTER_HERE" line remove the # symbol.
3. Instead of ENTER_HERE, specify the password for the certificates.
4. Save.

Installation

1. Move the distribution to the target Linux resource.

2. Run the installation script with the command:
   

   Code Block
   language bash
   sudo bash run-deploy.sh

   
   

3. When prompted, enter your local sudo username (for example, root) and password.
4. Wait for the installation to finish.

Components Restarting

Management Server

1. Go to the /etc/indeed-identity/indeed-pam folder.
2. Restart Indeed Identity PAM management server components using the following commands:

   1. Restarting all of the components:
      

      Code Block
      language bash
      sudo docker compose -f docker-compose.management-server.yml down sudo docker compose -f docker-compose.management-server.yml up -d or sudo docker-compose -f docker-compose.management-server.yml down sudo docker-compose -f docker-compose.management-server.yml up -d

      
      

   2. Restarting a specific component:
      

      Code Block
      language bash
      sudo docker compose -f docker-compose.management-server.yml up -d <component name> --force-recreate or sudo docker-compose -f docker-compose.management-server.yml up -d <component name> --force-recreate

      
      

   3. Example of restarting the Indeed Identity PAM Core component:
      

      Code Block
      language bash
      sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate or sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate

      
      

Access Server

1. Go to the /etc/indeed-identity/indeed-pam folder.

2. Restart Indeed Identity PAM access server components using the following commands:
   

   Code Block
   language bash
   sudo docker compose -f docker-compose.access-server.yml down sudo docker compose -f docker-compose.access-server.yml up -d or sudo docker-compose -f docker-compose.access-server.yml down sudo docker-compose -f docker-compose.access-server.yml up -d