• Created by Unknown User (anastasia.antonenko), last modified on Nov 13, 2023

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

The installation with balancing includes installation of multiple management servers and access servers (SSH-Proxy or RDP-Proxy) on different servers.

Before you begin the installation, prepare the configuration files.

Inventory

  1. Go to the indeed-pam-linux distribution folder and rename the inventory.template file to inventory.
  2. Edit the inventory file:
    1. In the managment section, specify the FQDN address of the management server, in the access section, specify the FQDN address of the SSH Proxy access server.
    2. or all of the servers except the local one, add the following line: remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123
      1. remote_ssh_user=root - username for remote connection to the resource
      2. ansible_ssh_password=123 - user password for remote connection to the resource
      3. ansible_become_password=123 - user password for remote connection to the resource
    3. Uncomment the last two lines of the file.
    4. In the all:vars section, set server_fqdn= to the PAM name.
    5. Comment out all fields that have not been changed and save.
*/client-dist/inventory file contents
# NOTE: To access docker host use local.docker name instead of localhost

[management]
pammng1.test.local
pammng2.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123

[access]
pamgtw1.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123
pamgtw2.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123

#[haproxy]
#HAPROXY_SERVER_FQDN_OR_IP

#[rds]
#RDS_SERVER_FQDN_OR_IP

# Use this section to override vars
[all:vars]
server_fqdn=pammng.test.local

Configuration files

Unzip the downloaded configuration files and move the extracted folders to indeed-pam-linux\state.

Certificates

Certification Authority Certificate

Move the CA certificate along the path indeed-pam-linux\state\ca-certificates.


Server Certificates

  1. Go to indeed-pam-linux\state\certs and create a separate folder for each of the management server. Name each of the folders with the FQDN name of the management server.

  2. Move the management server certificates to the folders corresponding to the management servers.

  3. Go to indeed-pam-linux\state\keys\rdp-proxy and create a separate folder for the access server. Name each of the folders with the FQDN name of the access server.

  4. Move the access server certificate to the folder corresponding to the access server.

vars

  1. Go to indeed-pam-linux\scripts\ansible and open the file vars.yml.
  2. In the # pfx_pass: "ENTER_HERE" line remove the # symbol.
  3. Instead of ENTER_HERE, specify the password for the certificates.
  4. Save.

Installation

  1. Move the distribution to the target Linux resource.

  2. Run the installation script with the command:

    sudo bash run-deploy.sh
  3. When prompted, enter your local sudo username (for example, root) and password.
  4. Wait for the installation to finish.


If the script aborted with an error, send the log file to technical support.

Components Restarting

Management Server

  1. Go to the /etc/indeed/indeed-pam folder.
  2. Restart Indeed Identity PAM management server components using the following commands:

    1. Restarting all of the components:

      sudo docker compose -f docker-compose.management-server.yml down
sudo docker compose -f docker-compose.management-server.yml up -d
или
sudo docker-compose -f docker-compose.management-server.yml down
sudo docker-compose -f docker-compose.management-server.yml up -d

    2. Restarting a specific component:

      sudo docker compose -f docker-compose.management-server.yml up -d <Имя компонента> --force-recreate
или
sudo docker-compose -f docker-compose.management-server.yml up -d <Имя компонента> --force-recreate

    3. Example of restarting the Indeed Identity PAM Core component:

      sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate
или
sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate

Access Server

  1. Go to the /etc/indeed/indeed-pam folder.

  2. Restart Indeed Identity PAM access server components using the following commands:

    sudo docker compose -f docker-compose.access-server.yml down
sudo docker compose -f docker-compose.access-server.yml up -d
или
sudo docker-compose -f docker-compose.access-server.yml down
sudo docker-compose -f docker-compose.access-server.yml up -d

  • No labels