Installation¶
Once the prerequisites are in place (Ansible, Docker Swarm, and cluster initialization), you can customize the deployment of PROVISION using Ansible variables. These options allow you to configure SSL certificate management and Nginx behavior.
Tip
Installation parameters must be defined before running the final installation command.
Important
Nginx Configuration¶
Available configuration variables:
PROVISION_NGINX_PORT: listening port (default 8443)
PROVISION_NGINX_SSL_VERIFY_CLIENT: enable/disable SSL verification
PROVISION_NGINX_SSL_CLIENT_S_DN: expected DN in client certificates
SSL Certificates¶
Nginx¶
To secure exchanges, micro-services communicate with each other using mTLS, which requires certificate management.
Two modes are possible:
Automatic Usage¶
By default, the reemo-provision Ansible role automatically uses the PKI generated by the reemo-infra role. In this case, no additional configuration is needed in the inventory: the certificates are already created and available in the directory produced by reemo-infra.
Manual Configuration¶
It is also possible to generate your own SSL certificates for the URL: reemo_provision.
You then need to specify the local paths to the key and certificate in the Ansible inventory.
They will automatically be copied to the Docker Swarm cluster by the reemo-provision role.
Example:
provision:
vars:
CA_SSL_CRT_LOCALPATH: "/local/path/ca.crt"
PROVISION_SSL_CRT_LOCALPATH: "/local/path/reemo_provision.crt"
PROVISION_SSL_KEY_LOCALPATH: "/local/path/reemo_provision.key"
children:
provision_manager:
hosts:
provision_manager1:
ansible_host: "10.10.0.1"
provision_worker:
hosts:
provision_worker1:
ansible_host: "10.10.0.2"
Final Installation¶
Once your inventory is ready, you can perform the final installation of the PROVISION environment with the reemo-provision Ansible role.
ansible-playbook -i inventory.yml playbooks/reemo-provision.yml