After having run the playbook successfully for the first time, it is time to setup and configure the Resource Registry
-
Make sure that the ansible variable "setup_enabled" is set to 'TRUE'. If this has not been the case, you need to enable setup and re-run the playbook.
-
Open https://{fqdn}/setup in your browser and create your admin account
-
Disable setup again:
setup_enabled: FALSE
There is no need to enable setup as is being done with initial setups.
Make sure to go to https://{fqdn}/update/upgrade after any upgrades in order to make sure that any pending database upgrades are being run.
For any productive webserver, we recommend using a certificate issued by a trusted CA. Let's Encrypt (https://letsencrypt.org/) is a very useful offering, as is the free Comodo certificates available through UbuntuNet Alliance. For testing and development, a self-signed certificate will do the job.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout roles/registry/files/{{ fqdn }}.key -out roles/registry/files/{{ fqdn }}.crt
For signing the metadata you don't need a trusted certificate, so just create one yourself.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout roles/registry/files/metadata-signer.key -out roles/registry/files/metadata-signer.crt
Create a random vault password - If you haven't done so already
openssl rand -base64 32 > ~/.ansible_vault_pass
Copy, populate and encrypt the secrets file
cp group_vars/secrets.example group_vars/secrets
vi group_vars/secrets
ansible-vault encrypt group_vars/secrets --vault-password-file ~/.ansible_vault_pass
Run the Playbook
ansible-playbook -i [development|production] resource_registry.yml --vault-password-file ~/.ansible_vault_pass
Show the secret vars
ansible-vault view group_vars/secrets --vault-password-file ~/.ansible_vault_pass
``