KLH3 Website

Appearance

Server Installation

Pre-install

The exabyte VPS server is - when freshly created - configured with a root user and a password login for ssh. The following steps need to be performed before the ansible scripts can be run:

  • Create a user ubuntu: sudo adduser ubuntu
  • Add the user to the sudo group: sudo usermod -aG sudo ubuntu
  • Allow sudo without password: echo "%sudo ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/010_sudo_nopasswd
  • Copy the authorized_key, ssh_config and the private key (klhhh) to ~/.ssh.
  • Make sure that ~/.ssh folder and all files therein are owned by user (ubuntu)
  • Set the following permissions:
    chmod 700 ~/.ssh             # Secure the .ssh directory
    chmod 600 ~/.ssh/authorized_keys  # Private access to authorized keys
    chmod 644 ~/.ssh/known_hosts # Readable but not writable by others
    chmod 600 ~/.ssh/id_rsa      # Private SSH key (if applicable)
    chmod 644 ~/.ssh/id_rsa.pub  # Public SSH key
  • Make changes to ~/etc/ssh/sshd_config prohibiting root access and password authentication
  • Restart SSH-Daemon: sudo systemctl restart ssh

All steps above are included in the preinstall.yml playbook. Run with:

    ansible-playbook -i inventory.ini preinstall.yml --user=root --ask-pass

after creating an inventory file including the exabyte server.

DANGER

The preinstall.yml script has not been tested yet (lacking the occasion a bit 😉) and hence should be treated with respective care

Ansible install

For the installation process we need to clone the server-setup repository to an arbitrary directory on the controller.

sh
mkdir ansible-repository
git clone git@github.com:klharrier/server-setup.git

TIP

Ansible requires a controller server to run the playbook which installs the respective items on a target server. For ease of setup we use the development server as a controller, but any other machine can also be used.

For the installer playbook to run, we need to restore the local variables first, which have been excluded from GitHub synchronization (see here for more information). If a backup archive.tar with all local variables is available it just needs to be unpacked using

tar -xzf archive.tar

this will put the appname_local_vars file into their respective directories.

Should no backup file exist, all local variables need to be initially setup. For this we need to go through all roles, and identify if a appname_local_vars.example file (contains all variables without values) exists in the defaults directory. If so, the appname_local_vars.example file must be copied/renamed to appname_local_vars.yml and the respective variable values must be set.

With all ansible variables correctly set, install the Webserver by changing into the server-setup repository directory and running the playbook:

cd ansible-repository
ansible-playbook klhhh-install.yml -e "variable_host=prod"

and subsequently install the Piwigo Server with

ansible-playbook klhhh-install.yml -e "variable_host=piwigo_prod"

TIP

Replace the server name in the external variable variable_host with the target (staging, prod, dev, piwigo_test, piwigo_prod) you wish to install.

Ansible provides a wide range of options for its CLI commands, e.g., to include/exclude certain roles (installer components) when running the ansible-playbook using CLI tags.

Moreover, tags can be used within the ansible playbooks to group/structure the content. These tags have been introduced into the roles and are grouping, e.g., infrastructure versus services allowing a granular, also partial, installation process for both servers.

TIP

When installing any production server you will be prompted to confirm that you want to continue, so that you cannot accidentally wipe out the production machines.

The full installer process runs for about 20min and will result in fully operational servers, however without any data.

Released under the MIT License.

Copyright © 2025 KLH3 Thomas Roch