Skip to main content
Version: Axidian Privilege 2.10

Installation without Balancing

caution

The installation without balancing includes installation of the management server and access servers (SSH-Proxy or RDP-Proxy) on different servers.

caution

Before you begin the installation, prepare the configuration files.

Inventory

  1. Go to the distribution folder.
  2. Change the name of the inventory.template file to inventory.

Edit the inventory file:

  1. In the managment section, specify the FQDN address of the management server.
  2. In the access section, specify the FQDN address of the SSH Proxy access server.
  3. For all of the servers except the local one, add the following line: remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123.
    1. remote_ssh_user=root — username for remote connection to the resource.
    2. ansible_ssh_password=123 — user password for remote connection to the resource.
    3. ansible_become_password=123 — user password for remote connection to the resource.
  4. Comment out all fields that have not been changed.
  5. Save.
/client-dist/inventory file contents
# NOTE: To access docker host use local.docker name instead of localhost

[management]
pammng.test.local

[access]
pamgtw.test.local remote_ssh_user=root ansible_ssh_password=123 ansible_become_password=123

#[haproxy]
#HAPROXY_SERVER_FQDN_OR_IP

#[rds]
#RDS_SERVER_FQDN_OR_IP

# Use this section to override vars
#[all:vars]
#server_fqdn=OVERRIDE_SERVER_FQDN

Configuration Files

Unzip the downloaded configuration files and move the extracted folders to axidian-pam-linux\state.

Certificates

Certification Authority Certificate

Move the CA certificate along the path axidian-pam-linux\state\ca-certificates.

Server Certificates

  1. Go to axidian-pam-linux\state\certs and create a separate folder for the management server. Name it with the FQDN of the management server.
  2. Move the management server certificate to the folder corresponding to the management server.
  3. Go to axidian-pam-linux\state\keys\rdp-proxy and create a separate folder for the access server. Name it with the FQDN of the access server.
  4. Move the access server certificate to the folder corresponding to the access server.

vars

  1. Go to axidian-pam-linux\scripts\ansible and open the file vars.yml.
  2. In the # pfx_pass: "ENTER_HERE" line remove the # symbol.
  3. Instead of ENTER_HERE, specify the password for the certificates.
  4. Save.

Installation

  1. Move the distribution to the target Linux resource.

  2. If CIS Benchmark Docker security settings are applied, then run the installation script with the command:

    sudo bash run-deploy.sh

    If CIS Benchmark Docker security settings are not applied, then run the installation script with the command: 

    sudo bash run-deploy.sh --bench-skip

  3. When prompted, enter your local sudo username (for example, root) and password.

  4. Wait for the installation to finish.

    info

    If the script aborted with an error, send the log file to technical support.

Components Restarting

Management Server

  1. Go to the /etc/axidian/axidian-privilege folder.

  2. Restart Axidian Privilege management server components using the following commands:

    1. Restarting all of the components: 

      sudo docker compose -f docker-compose.management-server.yml down
      sudo docker compose -f docker-compose.management-server.yml up -d

      or

      sudo docker-compose -f docker-compose.management-server.yml down
      sudo docker-compose -f docker-compose.management-server.yml up -d

    2. Restarting a specific component: 

      sudo docker compose -f docker-compose.management-server.yml up -d <component name> --force-recreate

      or

      sudo docker-compose -f docker-compose.management-server.yml up -d <component name> --force-recreate

    3. Example of restarting the Axidian Privilege Core component: 

      sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate

      or

      sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate

Access Server

  1. Go to the /etc/axidian/axidian-privilege folder.

  2. Restart Axidian Privilege access server components using the following commands: 

    sudo docker compose -f docker-compose.access-server.yml down
    sudo docker compose -f docker-compose.access-server.yml up -d

    or

    sudo docker-compose -f docker-compose.access-server.yml down
    sudo docker-compose -f docker-compose.access-server.yml up -d