Skip to content
Snippets Groups Projects
Commit 9734ce8a authored by McConahy, Renee Margaret's avatar McConahy, Renee Margaret
Browse files

Add documentation.

parent 9398f92b
No related branches found
No related tags found
No related merge requests found
# Ansible roles to configure LOCKSS v2
This project provides Ansible roles and an example playbook for configuring
[LOCKSS](<https://www.lockss.org/>) v2 on a Ubuntu or CentOS host.
## Role variables
### Required variables
* `lockss_hostname`: The hostname of the LOCKSS host.
* `lockss_ipaddr`: Probably the same as `lockss_external_ipaddr`.
* `lockss_external_ipaddr`: The external IP address of the LOCKSS host.
* `lockss_db_password`: The password for connecting to the internal PostgreSQL
database. This should be machine-generated.
* `lockss_ui_password`
* `lockss_trusted_ips`: A list of IP addresses and subnets that will be allowed
to connect to LOCKSS's configuration pages.
* `lockss_admin_email`
### Optional variables
* `lockss_uid`: This and `lockss_gid` are intended for using a data directory
mounted from another host.
* `lockss_gid`
* `lockss_git_version` (default in `roles/lockss/defaults/main.yml`)
* `lockss_mailhub_host` (default: `localhost`)
* `lockss_mailhub_user`
* `lockss_mailhub_password`
* `lockss_ui_user` (default: `admin`)
* `lockss_data_dir` (default in `roles/lockss/defaults/main.yml`)
## Ports
All of these are TCP:
* metadata-extraction-service: 24640, 24641
* postgres: 24602
* metadata-service: 24650, 24651
* repository-service: 24610
* configuration-service: 24600, 24606, 24620, 24621
* poller: 9729, 24630, 24631, 24670, 24672, 24674, 24680
* pywb: 24681
* solr: 24603
## Running with Vagrant
The included Vagrantfile will configure and run the example playbook against the
machines defined in `vagrant-machines.yml`, currently Ubuntu 18.04 and CentOS 7.
If the `vagrant-hostsupdater` plugin is installed, Vagrant will add appropriate
entries to `/etc/hosts`, making the LOCKSS configuration page accessible at
`http://lockss-ubuntu.test:24600` and `http://lockss-centos.test:24600`.
## Overcoming network hurdles
Accessing the configuration ports on a firewalled LOCKSS server is inconvenient.
I recommend [sshuttle](https://github.com/sshuttle/sshuttle), available in
Ubuntu's "universe" repository. sshuttle proxies traffic over ssh, but, unlike
ssh's built-in SOCKS proxy, sshuttle uses iptables rules to redirect selected
outbound traffic, so local applications don't need to be reconfigured. It has
better performance and is far easier to set up than ssh's "tun" device
forwarding, and it doesn't require elevated privileges on the target server.
The following would proxy through an ssh connection to `box` all outbound TCP
connections, other than those to port 22, made to `box` by the executing user:
```sh
sshuttle --user $USER -r box box -x box:22
```
lockss.png

9.06 KiB

0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment