[TBD]Twitter project setup manual steps

Server side Steps

Create separate users for appadmin and database admin

Need for best security practice

Also, add them to sudoer list

Refer https://sites.google.com/site/jbsakabffoi12449ujkn/home/linux-tools/how-to-create-a-linux-user-with-root-privilege#TOC-Steps-to-create-non-root-user

Setup passwordless SSH

Needed for Ansible script

Refer: https://www.linuxbabe.com/linux-server/setup-passwordless-ssh-login

Passwordless SSH setup

deepakkumar$ ssh-keygen -t rsa -b 4096

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/deepakkumar/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /Users/deepakkumar/.ssh/id_rsa.

Your public key has been saved in /Users/deepakkumar/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:dE1rn2us/qwc8zyW3S0UzX2HijhSqx1nJlhkBLf1e1Y

The key's randomart image is:

+---[RSA 4096]----+

| .oo . . |

| .oo + . |

| oo . = +E|

| .o. . ooo*|

| +So ...=.o|

| o * = .+.. |

| + B o.+oo|

| . . . O= +|

| .=+=o |

+----[SHA256]-----+

deepakkumar$ ssh-copy-id neo4jadmin@172.93.50.85

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/deepakkumar/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

neo4jadmin@172.93.50.85's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'neo4jadmin@172.93.50.85'"

and check to make sure that only the key(s) you wanted were added.

Install docker

apt install docker.io

Install docker-compose

sudo apt install docker-compose

It is needed for managing docker container

Configure docker for non-root access

Refer https://askubuntu.com/questions/477551/how-can-i-use-docker-without-sudo

Configure for passwordless sudo access via Ansible

Refer: https://code-maven.com/enable-ansible-passwordless-sudo

Edit sudoers file (sudo visudo)

%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

#Added by dpkumar

appadmin ALL=(ALL) NOPASSWD:ALL

neo4jadmin ALL=(ALL) NOPASSWD:ALL

(Optional) for Ubuntu 20.04 server

Install acl

It is needed for changing permission

Refer: https://github.com/georchestra/ansible/issues/55

Install permission

neo4jadmin@sarvatservices:~$ sudo apt install acl

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following packages were automatically installed and are no longer required:

eatmydata libeatmydata1 python3-importlib-metadata python3-jinja2 python3-json-pointer python3-jsonpatch python3-jsonschema python3-markupsafe python3-more-itertools python3-pyrsistent python3-zipp

Use 'sudo apt autoremove' to remove them.

The following NEW packages will be installed:

acl

0 upgraded, 1 newly installed, 0 to remove and 116 not upgraded.

Need to get 37.8 kB of archives.

After this operation, 197 kB of additional disk space will be used.

Get:1 http://us.archive.ubuntu.com/ubuntu focal/main amd64 acl amd64 2.2.53-6 [37.8 kB]

Fetched 37.8 kB in 0s (244 kB/s)

Selecting previously unselected package acl.

(Reading database ... 143828 files and directories currently installed.)

Preparing to unpack .../acl_2.2.53-6_amd64.deb ...

Unpacking acl (2.2.53-6) ...

Setting up acl (2.2.53-6) ...

Processing triggers for man-db (2.9.1-1) ...

neo4jadmin@sarvatservices:~$ setfacl

Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...

Try `setfacl --help' for more information.

neo4jadmin@sarvatservices:~$ getfacl

Usage: getfacl [-aceEsRLPtpndvh] file ...

Try `getfacl --help' for more information.

neo4jadmin@sarvatservices:~$ cat /etc/os-release

NAME="Ubuntu"

VERSION="20.04.1 LTS (Focal Fossa)"

ID=ubuntu

ID_LIKE=debian

PRETTY_NAME="Ubuntu 20.04.1 LTS"

VERSION_ID="20.04"

HOME_URL="https://www.ubuntu.com/"

SUPPORT_URL="https://help.ubuntu.com/"

BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"

PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"

VERSION_CODENAME=focal

UBUNTU_CODENAME=focal

neo4jadmin@sarvatservices:~$

Error info

deepakkumar$ ansible-playbook -C deploy/deploy_neo4jdb.yml

PLAY [Neo4J DB installation] *******************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************

ok: [sarvat.com]

TASK [Pull code from source] *******************************************************************************************************************************************************************************

fatal: [sarvat.com]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1618689586.949128-92626-44678991355172/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1618689586.949128-92626-44678991355172/AnsiballZ_git.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}

PLAY RECAP *************************************************************************************************************************************************************************************************

sarvat.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

Workstation side setup (Laptop)

Install Ansible playbook

Install Ansible playbook inside virtual environment

Refer: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#from-pip

Ansible playbook in python virtual env

(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$ pip install ansible

Collecting ansible

Using cached ansible-3.2.0-py3-none-any.whl

Collecting ansible-base<2.11,>=2.10.7

Using cached ansible_base-2.10.7-py3-none-any.whl

Collecting cryptography

Downloading cryptography-3.4.7-cp36-abi3-macosx_10_10_x86_64.whl (2.0 MB)

|████████████████████████████████| 2.0 MB 2.5 MB/s

Collecting cffi>=1.12

Downloading cffi-1.14.5-cp38-cp38-macosx_10_9_x86_64.whl (176 kB)

|████████████████████████████████| 176 kB 6.8 MB/s

Collecting jinja2

Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)

|████████████████████████████████| 125 kB 5.6 MB/s

Collecting MarkupSafe>=0.23

Downloading MarkupSafe-1.1.1-cp38-cp38-macosx_10_9_x86_64.whl (16 kB)

Collecting packaging

Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)

|████████████████████████████████| 40 kB 7.6 MB/s

Collecting pyparsing>=2.0.2

Using cached pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)

Collecting pycparser

Using cached pycparser-2.20-py2.py3-none-any.whl (112 kB)

Collecting PyYAML

Downloading PyYAML-5.4.1-cp38-cp38-macosx_10_9_x86_64.whl (253 kB)

|████████████████████████████████| 253 kB 6.6 MB/s

Installing collected packages: pycparser, pyparsing, MarkupSafe, cffi, PyYAML, packaging, jinja2, cryptography, ansible-base, ansible

Successfully installed MarkupSafe-1.1.1 PyYAML-5.4.1 ansible-3.2.0 ansible-base-2.10.7 cffi-1.14.5 cryptography-3.4.7 jinja2-2.11.3 packaging-20.9 pycparser-2.20 pyparsing-2.4.7

WARNING: You are using pip version 20.3.3; however, version 21.0.1 is available.

You should consider upgrading via the '/Users/deepakkumar/Documents/GitHub/ansible-twitter/twittersetupenv/bin/python -m pip install --upgrade pip' command.

(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$

(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$ ansible

ansible ansible-connection ansible-doc ansible-inventory ansible-pull ansible-vault

ansible-config ansible-console ansible-galaxy ansible-playbook ansible-test

(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$ ansible

Post deployment steps

Check all passwords are strong and change them if needed

- neo4jadmin
- appadmin
- neo4j DB

Page updated

Google Sites

Report abuse