Inventory

1. Go to the distribution folder.
2. Change the inventory.template file extension from template to inventory.
3. Make sure the file name is inventory.

Edit the inventory file:

1. In the managment section, specify the FQDN address of the management server.
2. In the access section, specify the FQDN address of the SSH Proxy access server.
3. For all of the servers except the local one, add the following line: remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123.
   1. remote_ssh_user=root — username for remote connection to the resource.
   2. ansible_ssh_password=123 — user password for remote connection to the resource.
   3. ansible_become_password=123 — user password for remote connection to the resource.
4. Comment out all fields that have not been changed.
5. Save.

# NOTE: To access docker host use local.docker name instead of localhost

[management]
pammng.test.local

[access]
pamgtw.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123

#[haproxy]
#HAPROXY_SERVER_FQDN_OR_IP

#[rds]
#RDS_SERVER_FQDN_OR_IP

# Use this section to override vars
#[all:vars]
#server_fqdn=OVERRIDE_SERVER_FQDN

Configuration Files

Unzip the downloaded configuration files and move the extracted folders to indeed-pam-linux\state.

Certificates

Certification Authority Certificate

Move the CA certificate along the path indeed-pam-linux\state\ca-certificates.

Server Certificates

1. Go to indeed-pam-linux\state\certs and create a separate folder for the management server. Name it with the FQDN name of the management server.

   
   

2. Move the management server certificate to the folder corresponding to the management server.

   
   

3. Go to indeed-pam-linux\state\keys\rdp-proxy and create a separate folder for the access server. Name it with the FQDN name of the access server.

   
   

4. Move the access server certificate to the folder corresponding to the access server.

   
   

vars

1. Go to indeed-pam-linux\scripts\ansible and open the file vars.yml.
2. In the # pfx_pass: "ENTER_HERE" line remove the # symbol.
3. Instead of ENTER_HERE, specify the password for the certificates.
4. Save.

Installation

1. Move the distribution to the target Linux resource.

2. If CIS Benchmark Docker security settings are applied, then run the installation script with the command:

   sudo bash run-deploy.sh

   If CIS Benchmark Docker security settings are not applied, then run the installation script with the command:
   

   sudo bash run-deploy.sh -bench-skip

   
   

3. When prompted, enter your local sudo username (for example, root) and password.
4. Wait for the installation to finish.

Components Restarting

Management Server

1. Go to the /etc/indeed/indeed-pam folder.
2. Restart Axidian Privilege management server components using the following commands:

   1. Restarting all of the components:
      

      sudo docker compose -f docker-compose.management-server.yml down sudo docker compose -f docker-compose.management-server.yml up -d or sudo docker-compose -f docker-compose.management-server.yml down sudo docker-compose -f docker-compose.management-server.yml up -d

      
      

   2. Restarting a specific component:
      

      sudo docker compose -f docker-compose.management-server.yml up -d <component name> --force-recreate or sudo docker-compose -f docker-compose.management-server.yml up -d <component name> --force-recreate

      
      

   3. Example of restarting the Axidian Privilege Core component:
      

      sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate or sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate

      
      

Access Server

1. Go to the /etc/indeed/indeed-pam folder.

2. Restart Axidian Privilege access server components using the following commands:
   

   sudo docker compose -f docker-compose.access-server.yml down sudo docker compose -f docker-compose.access-server.yml up -d or sudo docker-compose -f docker-compose.access-server.yml down sudo docker-compose -f docker-compose.access-server.yml up -d