Installation procedure
This section will provide the Ansible commands required to install VeridiumID.
Quick installation procedure
If the veridiumid user will be allowed to have elevated privileges (will be able to use sudo commands), then the following script can be used to configure VeridiumID:
cd $ANSIBLE_PATH
./install_script.sh -e=@mandatory_vars.yml
Manual installation procedure
If the veridiumid user will not be allowed to have elevated privileges (will not be able to use sudo commands), then the following commands can be used to configure VeridiumID:
cd $ANSIBLE_PATH
Check prerequisites.
- CODE
ansible-playbook -i environments_hosts/inventory site.yml --tag pre-setup-checks
Certificate Authority deployment.
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-ca --extra-vars "component='all' operation='generate'" --extra-vars=@mandatory_vars.yml nsible-playbook -i environments_hosts/inventory site.yml --tag install-ca --extra-vars "component='all' operation='create-truststores-pem-and-jk'" --extra-vars=@mandatory_vars.yml ansible-playbook -i environments_hosts/inventory site.yml --tag install-ca --extra-vars "component='all' operation='create-keystores-pem-and-jk'" --extra-vars=@mandatory_vars.yml
Zookeeper deployment.
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-zookeeper --extra-vars=@mandatory_vars.yml
Cassandra deployment.
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-cassandra -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
Kafka deployment.
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-kafka -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
HaProxy deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-haproxy -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
Websecadmin deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-websecadmin -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
Webapps deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-webapp -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
Kafka Stream deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-kafka-streams --extra-vars=@mandatory_vars.yml
Data Retention service deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-data-retention --extra-vars=@mandatory_vars.yml
OPA service deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-opa --extra-vars=@mandatory_vars.yml
Self Service Portal deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-selfservice --extra-vars=@mandatory_vars.yml
Fido deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-fido -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
FreeRadius deployment
CODEansible-playbook -i environments_hosts/inventory site.yml --tag install-freeradius -e "template_input='root_ca_vars'" --extra-vars=@mandatory_vars.yml
Recovery procedure for Ansible configuration
Depending on the type of error, one of the following steps can be executed.
If the install_script.sh fails due to network issues, it can be executed once again and it will recover from the last failure point. ( the script can be execute with screen if installed on the OS.
If there is another issue, try to fix the error and rerun one more time (the script will try to install from the last failed step).
./install_script.sh -e=@mandatory_vars.ymlIf the error is due to a previous configuration step, try to do the recovery using steps 1, 2 & 3.
If you want to configure from scratch, do all the steps, (1,2,3,4)
Remove file state.txt (the installation will be starting from the begging), logs folder, and some generated files from below:
CODErm -f $ANSIBLE_PATH/state.txt rm -rf $ANSIBLE_PATH/logs rm -f $ANSIBLE_PATH/group_files/dc1/* sudo systemctl stop ver_* ##(on all nodes; do not execute this step at this moment, if you want to execute step2)
In some cases, if necessary, log in to Cassandra (persistence node) and run the below commands:
CODE/opt/veridiumid/cassandra/bin/cqlsh --cqlshrc=/opt/veridiumid/cassandra/conf/veridiumid_cqlshrc --ssl -e 'drop keyspace veridium;'
(even it received timeout, it should be deleted; check with the following command; the veridium keyspace should not exists)
CODE/opt/veridiumid/cassandra/bin/cqlsh --cqlshrc=/opt/veridiumid/cassandra/conf/veridiumid_cqlshrc --ssl -e 'desc keyspaces;'
if necessary, if you want to regenerate CA, you should run (under node selected for CA in env hosts)
CODErm -rf /opt/veridiumid/CA