Skip to content

basic-installation.md

Latest commit

 

History

History
84 lines (58 loc) · 2.79 KB

basic-installation.md

File metadata and controls

84 lines (58 loc) · 2.79 KB

Installation instructions server

  • use latest debian or ubuntu minimal server with ssh service running (need to install and configure sudo for debian)
  • recommended platforms are Ubuntu Server 22.04 LTS and Debian 12. See system requirements for supported platforms
  • we will install various software components to your system. It is recommended to do so on a dedicated (test) system.
  1. prepare your target system (make sure your user has full sudo permissions)
su -
apt-get install git sudo ansible

if not already configured, add your current user to sudo group (make sure to activate this change by rebooting):

usermod -a -G sudo <user>

To check if the user is in the sudoers file, you can check with following command:

grep sudo /etc/group

Exit to normal user with:

exit

Also make sure your packages are up to date before FWORCH installation using e.g.

sudo apt update && sudo apt upgrade

possibly followed by a reboot.

  1. Getting Firewall Orchestrator

with the following command:

git clone https://github.com/CactuseSecurity/firewall-orchestrator.git
  1. Ansible installation

Make sure you have ansible version 2.13 or above installed on your system (check with "ansible --version"). If this is not the case, install a newer ansible. One possible way is to run the following script:

    cd firewall-orchestrator
    source scripts/install-ansible-from-venv.sh

Note that if your server is behind a proxy, you will have to set the proxy for pip as follows (to allow for ansible venv download):

     pip config set global.proxy http://YOUR-PROXY-NAME:YOUR-PROXY-PORT
  1. Firewall Orchestrator installation
cd firewall-orchestrator; ansible-playbook site.yml -K

Enter sudo password when prompted "BECOME or SUDO password:"

That's it. Firewall-orchestrator is ready for usage. You will find the randomly generated login credentials printed out at the very end of the installation:

...
TASK [display secrets for this installation] ***********************************
ok: [install-srv] => {
    "msg": [
        "Your initial UI admin password is 'xxx'",
        "Your api hasura admin secret is 'yyy'"
    ]
}

PLAY RECAP *********************************************************************
install-srv                 : ok=302  changed=171  unreachable=0    failed=0    skipped=127  rescued=0    ignored=0

Simply navigate to https://localhost/ and login with user 'admin' and the UI admin password displayed by the install script (see above).

The api hasura admin secret can be used to access the API at https://localhost:9443/api/console.

If using the python venv method, you may now exit venv with:

    deactivate