Versions Compared

Old Version 18

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

The installation without balancing includes installation of the management server and access servers (SSH-Proxy or RDP-Proxy) on different servers.


Warning

Before you begin the installation, prepare the configuration files.

Inventory

  1. Go to the distribution folder.
  2. Change the name of the inventory.template file to inventory.

Edit the inventory file:

  1. In the managment section, specify the FQDN address of the management server.
  2. In the access section, specify the FQDN address of the SSH Proxy access server.
  3. For all of the servers except the local one, add the following line: remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123.
    1. remote_ssh_user=root — username for remote connection to the resource.
    2. ansible_ssh_password=123 — user password for remote connection to the resource.
    3. ansible_become_password=123 — user password for remote connection to the resource.
  4. Comment out all fields that have not been changed.
  5. Save.


Code Block
languagebash
title*/client-dist/inventory file contents
# NOTE: To access docker host use local.docker name instead of localhost

[management]
pammng.test.local

[access]
pamgtw.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123

#[haproxy]
#HAPROXY_SERVER_FQDN_OR_IP

#[rds]
#RDS_SERVER_FQDN_OR_IP

# Use this section to override vars
#[all:vars]
#server_fqdn=OVERRIDE_SERVER_FQDN

Configuration Files

Unzip the downloaded configuration files and move the extracted folders to axidian-pam-linux\state.

Certificates

Certification Authority Certificate

Move the CA certificate along the path indeed axidian-pam-linux\state\ca-certificates.

Page properties
hiddentrue



Server Certificates

  1. Go to axidian-pam-linux\state\certs and create a separate folder for the management server. Name it with the FQDN of the management server.

    Page properties
    hiddentrue


  2. Move the management server certificate to the folder corresponding to the management server.

    Page properties
    hiddentrue


  3. Go to axidian-pam-linux\state\keys\rdp-proxy and create a separate folder for the access server. Name it with the FQDN of the access server.

    Page properties
    hiddentrue


  4. Move the access server certificate to the folder corresponding to the access server.

    Page properties
    hiddentrue


vars

  1. Go to axidian-pam-linux\scripts\ansible and open the file vars.yml.
  2. In the # pfx_pass: "ENTER_HERE" line remove the # symbol.
  3. Instead of ENTER_HERE, specify the password for the certificates.
  4. Save.

Installation

  1. Move the distribution to the target Linux resource.

  2. If CIS Benchmark Docker security settings are applied, then run the installation script with the command:

    Code Block
    languagebash
    sudo bash run-deploy.sh

    If CIS Benchmark Docker security settings are not applied, then run the installation script with the command:

    Code Block
    languagebash
    sudo bash run-deploy.sh --bench-skip


  3. When prompted, enter your local sudo username (for example, root) and password.
  4. Wait for the installation to finish.
Info

If the script aborted with an error, send the log file to technical support.

Components Restarting

Management Server

  1. Go to the /etc/indeedaxidian/indeedaxidian-pamprivilege folder.
  2. Restart Axidian Privilege management server components using the following commands:

    1. Restarting all of the components:

      Code Block
      languagebash
      sudo docker compose -f docker-compose.management-server.yml down
sudo docker compose -f docker-compose.management-server.yml up -d

      or

      Code Block
      languagebash
      sudo docker-compose -f docker-compose.management-server.yml down
sudo docker-compose -f docker-compose.management-server.yml up -d


    2. Restarting a specific component:

      Code Block
      languagebash
      sudo docker compose -f docker-compose.management-server.yml up -d <component name> --force-recreate

      or

      Code Block
      languagebash
      sudo docker-compose -f docker-compose.management-server.yml up -d <component name> --force-recreate


    3. Example of restarting the Axidian Privilege Core component:

      Code Block
      languagebash
      sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate

      or

      Code Block
      languagebash
      sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate


Access Server

  1. Go to the /etc/indeedaxidian/indeedaxidian-pamprivilege folder.

  2. Restart Axidian Privilege access server components using the following commands:

    Code Block
    languagebash
    sudo docker compose -f docker-compose.access-server.yml down
sudo docker compose -f docker-compose.access-server.yml up -d

    or

    Code Block
    languagebash
    sudo docker-compose -f docker-compose.access-server.yml down
sudo docker-compose -f docker-compose.access-server.yml up -d



Divbox
classrightFloat

Table of Contents
printablefalse