
A set of Ansible playbooks for:

  o installing a base Greenstone3 system where the tomcat server
    is accessed directly over http

  o hardening the installation to run over https through an Apache2
    web server using a certificate issued by Let's Encrypt.


If the necessary repo for Ansible is already present, then
installation is as straightforward as:

    sudo apt-get install ansible
Or
    sudo yum install ansible

To add the repo on Debian systems:

    sudo apt update
    sudo apt install software-properties-common
    sudo add-apt-repository --yes --update ppa:ansible/ansible
    sudo apt install ansible

To add on Redhat:

    sudo subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms
    sudo yum install ansible
Or
    sudo subscription-manager repos --enable rhel-7-server-ansible-2.9-rpms
    sudo yum install ansible

depending on whether RHEL7 or RHEL8.

As ansible is written in Python, it is also possible to install using pip:

    pip install ansible
    
********
**NEXT**
********

With ansible installed, next review and edit as needed the variables in:

    vars/default-core.xml

For production use, Greenstone3 would typically have its own
user account.  For example 'greenstone'


    adduser greenstone
    # Respond accordingly to prompts

On Debian systems it was found that Access-Control-Lists
needed to also be installed.  When running the Ansible
playbooks below (directly or through the ALL-CAPS convenience scripts),
this is needed to let the user account you are logged
in as, also allow the 'greenstone' account to access some setting
files that 'ansible' itself uses.  If you choose to provision
a Greenstone3 install into the same account you are logged in
as, then you do not need to install ACL.

    sudo apt install acl


Then run the Ansible playbooks in the following order:

    ./01-RUN-ANSIBLE-BASE-INSTALL.sh greenstone
    
    ./02-RUN-ANSIBLE-REVPROXY.sh greenstone

====

Misc extra notes:

This Ansible playbook installs an Apache2 web server and Let's
Encrypt's certbot command-line tool (if not already present), and then
proceeds to configure Apache2 so it acts as a reverse-proxy web server
for a Greenston3 Tomcat installation.


In developing these playbooks, the following resources were consulted:

  https://github.com/do-community/ansible-playbooks/tree/master
  https://github.com/mvarian/certbot-apache/tree/master
