Merge pull request #105 from tochi-y/fix-2.0.8

Fix 2.0.8

3-server_unit/Ansible_Settings_Instruction.md

@@ -20,104 +20,107 @@ Below are the files where modification is required.
 
     # should be changed to
 
-    ansible_ssh_user=root
+    ansible_ssh_user=ec2-user
 ```
 
 * Modify the hosts file as per instruction below
 
 #### Common Server Setting
 
 ```yaml
+{Bastion_Private_IP}
+# -> Specify the private IP of Bastion server
+# EX: {Bastion_Private_IP}->172.31.10.248
+
+{Web_Private_IP}
+# -> Specify the private IP of Web server
+# EX: {Web_Private_IP}->172.31.10.248
+
+{AP_Private_IP}
+# -> Specify the private IP of  AP server
+# EX: {AP_Private_IP}->172.31.13.38
+
+{ES_Private_IP}
+# -> Set the private IP for ES server
+# EX: {ES_Private_IP}->172.31.3.80
+
+{NFS_Private_IP}
+# -> Set the private IP for NFS server
+# EX: {NFS_Private_IP}->172.31.13.38
+
 {Ansible_Execution_User}
 # -> Specify a user ansible execution
 # EX: {Ansible_Execution_User}->root
 
 {SSH_PrivateKey}
 # -> Set the secret key in the absolute path for  ansible user ssh public key authentication
 # EX: {SSH_PrivateKey}->/root/.ssh/id_rsa
-```
-
-#### Bastion server
 
-```yaml
-{Bastion_Private_IP}
-# -> Specify the private IP of Bastion server
-# EX: {Bastion_Private_IP}->172.31.10.248
+{Web_Global_IP}
+# -> Specify the global IP for Web server
+# EX: {Web_Global_IP}->54.65.33.203
 
-{Bastion_Tag_Name}
-# -> Specify the host name for Bastion server
-# EX: {Bastion_Tag_Name}->bastion-web
+{Web_FQDN}
+# -> Specify the FQDN for Web server(same as unit FQDN)
+# EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com
 
 {Bastion_Network_Separation}
 # -> Specify the network catagory for Bastion server
 # EX: {Bastion_Network_Separation}->172.31.10.0/24
 
+{WEB_Network_Separation}
+# -> Specify the network catagory for WEB server
+# EX: {WEB_Network_Separation}->172.31.10.0/24
+
+{AP_Network_Separation}
+# -> Specify the network catagory for AP server
+# EX: {AP_Network_Separation}->172.31.13.0/24
+
+{Master_Token}
+# -> To authorize all kind of operation, set the master token (Strictly managed)
+# EX: enable_mastertoken=true
+#     {Master_Token}->abc123
+
 {Path_Based_Cell_Url_Enabled}
 # -> URL format to access cell*1
 # -> true:path based cell url
 # -> false:per cell fqdn url
 # EX: {Path_Based_Cell_Url_Enabled}->false
 ```
+
 *1.For explanation about URL format to access cell, please confirm [here](https://personium.io/docs/ja/server-operator/setup_percell.html).
 
-#### Web server
+#### Bastion server
 
 ```yaml
-{Web_Private_IP}
-# -> Specify the private IP of Web server
-# EX: {Web_Private_IP}->172.31.10.248
+{Bastion_Tag_Name}
+# -> Specify the host name for Bastion server
+# EX: {Bastion_Tag_Name}->bastion-web
+```
+
+#### Web server
 
+```yaml
 {Web_Tag_Name}
 # -> Specify the host name for Web server
 # EX: {Web_Tag_Name}->bastion-web
-
-{Web_Global_IP}
-# -> Specify the global IP for Web server
-# EX: {Web_Global_IP}->54.65.33.203
-
-{Web_FQDN}
-# -> Specify the FQDN for Web server(same as unit FQDN)
-# EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com
 ```
 
 #### AP server
 
 ```yaml
-{AP_Private_IP}
-# -> Specify the private IP of  AP server
-# EX: {AP_Private_IP}->172.31.13.38
-
-{AP_Network_Separation}
-# -> Specify the network catagory for AP server
-# EX: {AP_Network_Separation}->172.31.13.0/24
-
 {AP_Tag_Name}
 # -> Specify the host name for AP server
 # EX: {AP_Tag_Name}->test-ap
 
 {PIO_LOGVOL}
 # -> Specify the disk name for Personium log
 # EX: {PIO_LOGVOL}->vdb
-
-{Master_Token}
-# -> To authorize all kind of operation, set the master token (Strictly managed)
-# EX: {Master_Token}->abc123
-
-{Path_Based_Cell_Url_Enabled}
-# -> URL format to access cell*1
-# -> true:path based cell url
-# -> false:per cell fqdn url
-# EX: {Path_Based_Cell_Url_Enabled}->false
 ```
-*1.For explanation about URL format to access cell, please confirm [here](https://personium.io/docs/ja/server-operator/setup_percell.html).
 
 #### ES server
 
 ```yaml
-{ES_Private_IP}
-# -> Set the private IP for ES server
-# EX: {ES_Private_IP}->172.31.3.80
-
 {ES_Tag_Name}
 # -> Specify the host name for ES server
 # EX: {ES_Tag_Name}->test-ES
@@ -130,10 +133,6 @@ Below are the files where modification is required.
 #### NFS server
 
 ```yaml
-{NFS_Private_IP}
-# -> Set the private IP for NFS server
-# EX: {NFS_Private_IP}->172.31.13.38
-
 {nfs_Tag_Name}
 # -> Specify the host name for nfs server
 # EX: {nfs_Tag_Name}->test-NFS

3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2

@@ -49,7 +49,7 @@ function check_response() {
   OPERATION=${2}
   RESPONSE_CODE=`echo "${CURL_RESULT}" | /bin/grep 'status:'`
   if [ "${RESPONSE_CODE}" != "status:${STATUS}" ]; then
-    echo "${OPERATION} faild."
+    echo "${OPERATION} failed."
     exit 2
   fi
 }

3-server_unit/static_inventory/hosts

@@ -56,6 +56,9 @@ personium_nfs={NFS_Private_IP}
 ## network address of the bastion server that allows ssh connection
 bastion_network_sep={Bastion_Network_Separation}
 
+## Network address of WEB server
+web_network_sep={WEB_Network_Separation}
+
 ## Network address of AP server
 ap_network_sep={AP_Network_Separation}
 #### for firewalld setting ####

Create_Server_Certificate_for_Letsencript.md

@@ -33,7 +33,7 @@ Create a server certificate using certbot.
 1. Execute the following command to start certificate creation processing by certbot.
 
     ```console
-    # certbot certonly --domain {FQDN} --manual --prefered-challenges dns
+    # certbot certonly --domain {FQDN} --domain "*.{FQDN}" --manual --preferred-challenges dns
     ```
 
 1. Register your email address in Let's Encrypt.
@@ -102,6 +102,23 @@ Create a server certificate using certbot.
     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     ```
 
+1. Follow the instructions and register the TXT record in the DNS server that manages the domain, again.
+
+    ```console
+    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    Please deploy a DNS TXT record under the name
+    _acme-challenge.{FQDN} with the following value:
+
+    8pDJZ1pCXmhh-OHSaV2IM_dLztGk31AnQytk1MJhx9E
+
+    Before continuing, verify the record is deployed.
+    (This must be set up in addition to the previous challenges; do not remove,
+    replace, or undo the previous challenge tasks yet. Note that you might be
+    asked to create multiple distinct TXT records with the same name. This is
+    permitted by DNS standards.)
+    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+    ```
+
 1. When registration of TXT record is completed and you can refer to it from the Internet, press "Enter" key.
     \* It may take time depending on DNS service specification until TXT record can be registered correctly and it can be referred from the Internet.
 

README.md

@@ -31,7 +31,7 @@ There are different patterns of setup tools to construct the Personium unit. Ple
 
 #### Pattern-1 : 1 server
 
-* Machine environment : **Linux**
+* Machine environment : **CentOS 7**
 * The number of Personium unit servers : **1 Server**
   * Server-1 elements : Bastion, Web, AP, ES
 * Setup time : 1 hour
@@ -44,7 +44,7 @@ For the setting procedure, please refer to [setup-vagrant](https://github.com/pe
 
 #### Pattern-2 : 3 server
 
-* Machine environment : **Linux**
+* Machine environment : **CentOS 7**
 * The number of Personium unit servers : **3 Servers**
   * Server-1 elements : Bastion,Web
   * Server-2 elements : AP,NFS