Quickstart¶
The goal of this guide is to perform a step-by-step installation of a complete Reemo platform. At the end of this guide, you will have a fully functional platform ready for testing, auditing, or certification. The environments deployed in this guide are: INFRA, PROVISION, RELAYWS.
1. Prerequisites¶
1 “work” machine to run Ansible.
3 target servers/VMs: infra, provision, relayws.
SSH access from the work machine to each target.
Access to Ansible roles: reemo-infra, reemo-provision, reemo-relayws.
A valid Reemo instance license key.
A Reemo Docker registry account.
2. Minimum resources¶
INFRA: 4 vCPU, 8 GB RAM, 100 GB disk.
PROVISION: 8 vCPU, 16 GB RAM, 100 GB disk.
RELAYWS: 8 vCPU, 8 GB RAM, 50 GB disk.
Supported Linux OS (Ubuntu/Debian/RedHat).
3. Preparing the work machine (Ansible)¶
The work machine is responsible for running Ansible playbooks targeting the servers.
Install Python, Docker, Ansible, and dependencies.
Red Hat / RockyLinux¶
yum install ansible-core
yum install -y python3-pip
pip3 install docker
ansible-galaxy collection install community.docker
ansible-galaxy collection install community.crypto
Warning
On RockyLinux 9, you must use community.docker >= 3.10.2.
If necessary, force the upgrade:
ansible-galaxy collection install community.docker --upgrade
Ubuntu¶
apt install ansible
apt install python3-docker
ansible-galaxy collection install community.docker
ansible-galaxy collection install community.crypto
4. Preparing target servers¶
Prepare 3 servers/VMs and configure SSH access from your work machine.
Server |
CPU |
RAM |
Disk |
|---|---|---|---|
INFRA |
4 |
8 |
100G |
PROVISION |
8 |
16 |
100G |
RELAYWS |
8 |
8 |
50G |
5. Playbooks and Working Directory¶
This step is performed on the work machine.
Create a simple deployment folder.
mkdir -p /opt/reemo-deploy/{playbooks,ssl}
cd /opt/reemo-deploy
Create 3 playbooks: infra.yml, provision.yml, relayws.yml and one inventory file inventory.yml.
touch /opt/reemo-deploy/playbooks/{infra.yml,provision.yml,relayws.yml}
touch /opt/reemo-deploy/inventory.yml
infra.yml
- name: Installation Reemo Infra Server
hosts: infra_manager,portal_manager,api_manager
gather_facts: yes
roles:
- role: reemo-infra
become: yes
provision.yml
- name: Deploy Provision Reemo environment in swarm cluster
hosts: provision,provision_manager
gather_facts: yes
roles:
- role: reemo-provision
become: yes
relayws.yml
- name: Installation Reemo Relay WebSocket
hosts: relayws_manager
gather_facts: yes
roles:
- role: reemo-relayws
become: yes
7. Ansible Inventory¶
Edit the inventory.yml file.
Replace all IPs and domain names with your own values.
Generate certificates for the portal access and RELAYWS environments, and reference the TLS certificates below.
all:
vars:
INITCA_ENABLE: "true"
LOCAL_PATH: "/opt/ssl/reemo"
# License key for this instance
API_LICENSE: "{{ LICENSING_KEY }}"
# Registry Configuration
REGISTRY_URL: "registrypriv.reemo.io"
REGISTRY_ENV: "reemoinfra"
REGISTRY_USERNAME: "{{ REGISTRY_USERNAME }}"
REGISTRY_PASSWORD: "{{ REGISTRY_PASSWORD }}"
# Portal dedicated to users
PORTAL_URL: "portal.domain.tld"
# Disallow built-in login, users will only log using SSO
PORTAL_DISALLOW_BUILT_IN: "true"
# Portal dedicated to admins
PORTALADMIN_URL: "portal-admin.domain.tld"
# Restrict IP addresses that get access to the admin portal
PORTALADMIN_URL_RESTRICT_IP: "255.255.255.255,255.255.255.255"
# INFRA environment
infra_manager:
hosts:
# Name this host freely
MY_REEMO_INFRA_HOST:
# Configure this with your instance IP address
ansible_host: "255.255.255.255"
ansible_user: "root"
TRAEFIK_SSL_CERTS:
- cert_file: "/opt/reemo-deploy/ssl/portal-cert.pem"
key_file: "/opt/reemo-deploy/ssl/portal-key.pem"
# PROVISION environment
provision:
children:
provision_manager:
hosts:
provision_manager1:
# Configure this with your provision IP address
ansible_host: "255.255.255.255"
# RELAYWS environment
relayws_manager:
vars:
TRAEFIK_SSL_CERTS:
- cert_file: "/opt/reemo-deploy/ssl/relayws-cert.pem"
key_file: "/opt/reemo-deploy/ssl/relayws-key.pem"
hosts:
relayws_manager1:
# Configure this with your RELAYWS IP address
ansible_host: "255.255.255.255"
8. Deployment¶
From the reemo-deploy directory:
# 1) INFRA with init DB + install docker
ansible-playbook -i inventory.yml playbooks/infra.yml --extra-vars "INIT_DB=true INSTALL_DOCKER=true"
# 2) PROVISION with install docker
ansible-playbook -i inventory.yml playbooks/provision.yml --extra-vars "INSTALL_DOCKER=true"
# 3) RELAYWS with install docker
ansible-playbook -i inventory.yml playbooks/relayws.yml --extra-vars "INSTALL_DOCKER=true"
If any changes are made to the inventory, redeploy updates with:
# 1) Update INFRA
ansible-playbook -i inventory.yml playbooks/infra.yml
# 2) Update PROVISION
ansible-playbook -i inventory.yml playbooks/provision.yml
# 3) Update RELAYWS
ansible-playbook -i inventory.yml playbooks/relayws.yml
9. Verification¶
Active containers on each host:
docker ps
Portal access:
Users:
https://portal.domain.tldAdmin:
https://portal-admin.domain.tld
Admin IP restriction applied: verify
PORTALADMIN_URL_RESTRICT_IP.Traefik certificates correctly mounted and valid.
10. Accessing the admin portal¶
Navigate to https://portal-admin.domain.tld/register/admin to register the first instance administrator account.
With this account, you can now log in and manage the Reemo platform.