From 127836f7ce91ca675605aa315872347d305997b4 Mon Sep 17 00:00:00 2001 From: forbes-0023 Date: Wed, 11 Feb 2026 11:20:45 -0600 Subject: [PATCH] docs: replace kindred.internal with example.internal in all docs and config Replace all references to internal hostnames (silo.kindred.internal, psql.kindred.internal, minio.kindred.internal, ipa.kindred.internal, keycloak.kindred.internal) with example.internal equivalents. Replace gitea.kindred.internal and git.kindred.internal with the public git.kindred-systems.com instance. Also fix stale silo-0062 repo name in setup-host.sh and DEPLOYMENT.md. --- ROADMAP.md | 2 +- cmd/silo/main.go | 2 +- config.example.yaml | 12 +++--- deployments/config.prod.yaml | 12 +++--- deployments/docker-compose.prod.yaml | 12 +++--- deployments/systemd/silod.env.example | 6 +-- docs/AUTH_USER_GUIDE.md | 12 +++--- docs/DEPLOYMENT.md | 56 +++++++++++++-------------- docs/SPECIFICATION.md | 4 +- docs/STATUS.md | 2 +- scripts/deploy.sh | 14 +++---- scripts/setup-host.sh | 14 +++---- scripts/setup-ipa-nginx.sh | 20 +++++----- 13 files changed, 84 insertions(+), 84 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 4f28134..f3a3609 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -129,7 +129,7 @@ This document compares Silo's current capabilities against SOLIDWORKS PDM—the | Component | Status | |-----------|--------| -| PostgreSQL | Running (psql.kindred.internal) | +| PostgreSQL | Running (psql.example.internal) | | MinIO | Configured in Docker Compose | | Silo API Server | Builds successfully | | Docker Compose | Complete (dev and production) | diff --git a/cmd/silo/main.go b/cmd/silo/main.go index 546ceb3..36c6c7d 100644 --- a/cmd/silo/main.go +++ b/cmd/silo/main.go @@ -66,7 +66,7 @@ Token subcommands: silo token revoke Revoke a token Environment variables for API access: - SILO_API_URL Base URL of the Silo server (e.g., https://silo.kindred.internal) + SILO_API_URL Base URL of the Silo server (e.g., https://silo.example.internal) SILO_API_TOKEN API token for authentication Examples: diff --git a/config.example.yaml b/config.example.yaml index c9089c6..ec8677a 100644 --- a/config.example.yaml +++ b/config.example.yaml @@ -8,7 +8,7 @@ server: # read_only: false # Reject all write operations; toggle at runtime with SIGUSR1 database: - host: "psql.kindred.internal" + host: "psql.example.internal" port: 5432 name: "silo" user: "silo" @@ -17,7 +17,7 @@ database: max_connections: 10 storage: - endpoint: "minio.kindred.internal:9000" + endpoint: "minio.example.internal:9000" access_key: "" # Use SILO_MINIO_ACCESS_KEY env var secret_key: "" # Use SILO_MINIO_SECRET_KEY env var bucket: "silo-files" @@ -53,7 +53,7 @@ auth: # LDAP / FreeIPA ldap: enabled: false - url: "ldaps://ipa.kindred.internal" + url: "ldaps://ipa.example.internal" base_dn: "dc=kindred,dc=internal" user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal" # Optional service account for user search (omit for direct user bind) @@ -77,10 +77,10 @@ auth: # OIDC / Keycloak oidc: enabled: false - issuer_url: "https://keycloak.kindred.internal/realms/silo" + issuer_url: "https://keycloak.example.internal/realms/silo" client_id: "silo" client_secret: "" # Use SILO_OIDC_CLIENT_SECRET env var - redirect_url: "https://silo.kindred.internal/auth/callback" + redirect_url: "https://silo.example.internal/auth/callback" scopes: ["openid", "profile", "email"] # Map Keycloak realm roles to Silo roles admin_role: "silo-admin" @@ -90,4 +90,4 @@ auth: # CORS origins (locked down when auth is enabled) cors: allowed_origins: - - "https://silo.kindred.internal" + - "https://silo.example.internal" diff --git a/deployments/config.prod.yaml b/deployments/config.prod.yaml index cd0508c..fefaf38 100644 --- a/deployments/config.prod.yaml +++ b/deployments/config.prod.yaml @@ -1,7 +1,7 @@ # Silo Production Configuration # Single-binary deployment: silod serves API + React SPA # -# Layout on silo.kindred.internal: +# Layout on silo.example.internal: # /opt/silo/bin/silod - server binary # /opt/silo/web/dist/ - built React frontend (served automatically) # /opt/silo/schemas/ - part number schemas @@ -18,10 +18,10 @@ server: host: "0.0.0.0" port: 8080 - base_url: "https://silo.kindred.internal" + base_url: "https://silo.example.internal" database: - host: "psql.kindred.internal" + host: "psql.example.internal" port: 5432 name: "silo" user: "silo" @@ -30,7 +30,7 @@ database: max_connections: 20 storage: - endpoint: "minio.kindred.internal:9000" + endpoint: "minio.example.internal:9000" access_key: "" # Set via SILO_MINIO_ACCESS_KEY secret_key: "" # Set via SILO_MINIO_SECRET_KEY bucket: "silo-files" @@ -53,7 +53,7 @@ auth: default_admin_password: "" # Set via SILO_ADMIN_PASSWORD ldap: enabled: true - url: "ldaps://ipa.kindred.internal" + url: "ldaps://ipa.example.internal" base_dn: "dc=kindred,dc=internal" user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal" user_attr: "uid" @@ -73,4 +73,4 @@ auth: enabled: false cors: allowed_origins: - - "https://silo.kindred.internal" + - "https://silo.example.internal" diff --git a/deployments/docker-compose.prod.yaml b/deployments/docker-compose.prod.yaml index 104c54b..b540e85 100644 --- a/deployments/docker-compose.prod.yaml +++ b/deployments/docker-compose.prod.yaml @@ -1,5 +1,5 @@ # Production Docker Compose for Silo -# Uses external PostgreSQL (psql.kindred.internal) and MinIO (minio.kindred.internal) +# Uses external PostgreSQL (psql.example.internal) and MinIO (minio.example.internal) # # Usage: # export SILO_DB_PASSWORD= @@ -15,23 +15,23 @@ services: container_name: silod restart: unless-stopped environment: - # Database connection (psql.kindred.internal) - SILO_DB_HOST: psql.kindred.internal + # Database connection (psql.example.internal) + SILO_DB_HOST: psql.example.internal SILO_DB_PORT: 5432 SILO_DB_NAME: silo SILO_DB_USER: silo SILO_DB_PASSWORD: ${SILO_DB_PASSWORD:?Database password required} SILO_DB_SSLMODE: require - # MinIO storage (minio.kindred.internal) - SILO_MINIO_ENDPOINT: minio.kindred.internal:9000 + # MinIO storage (minio.example.internal) + SILO_MINIO_ENDPOINT: minio.example.internal:9000 SILO_MINIO_ACCESS_KEY: ${SILO_MINIO_ACCESS_KEY:?MinIO access key required} SILO_MINIO_SECRET_KEY: ${SILO_MINIO_SECRET_KEY:?MinIO secret key required} SILO_MINIO_BUCKET: silo-files SILO_MINIO_USE_SSL: "true" # Server settings - SILO_SERVER_BASE_URL: ${SILO_BASE_URL:-http://silo.kindred.internal:8080} + SILO_SERVER_BASE_URL: ${SILO_BASE_URL:-http://silo.example.internal:8080} ports: - "8080:8080" volumes: diff --git a/deployments/systemd/silod.env.example b/deployments/systemd/silod.env.example index ff50644..c6e4c4f 100644 --- a/deployments/systemd/silod.env.example +++ b/deployments/systemd/silod.env.example @@ -2,11 +2,11 @@ # Copy to /etc/silo/silod.env and fill in values # Permissions: chmod 600 /etc/silo/silod.env -# Database credentials (psql.kindred.internal) +# Database credentials (psql.example.internal) # Database: silo, User: silo SILO_DB_PASSWORD= -# MinIO credentials (minio.kindred.internal) +# MinIO credentials (minio.example.internal) # User: silouser SILO_MINIO_ACCESS_KEY=silouser SILO_MINIO_SECRET_KEY= @@ -23,4 +23,4 @@ SILO_ADMIN_PASSWORD= # SILO_LDAP_BIND_PASSWORD= # Optional: Override server base URL -# SILO_SERVER_BASE_URL=http://silo.kindred.internal:8080 +# SILO_SERVER_BASE_URL=http://silo.example.internal:8080 diff --git a/docs/AUTH_USER_GUIDE.md b/docs/AUTH_USER_GUIDE.md index 6968700..a34dc98 100644 --- a/docs/AUTH_USER_GUIDE.md +++ b/docs/AUTH_USER_GUIDE.md @@ -38,7 +38,7 @@ API tokens allow the FreeCAD plugin, scripts, and CI pipelines to authenticate w ### Creating a Token (CLI) ```sh -export SILO_API_URL=https://silo.kindred.internal +export SILO_API_URL=https://silo.example.internal export SILO_API_TOKEN=silo_ silo token create --name "CI pipeline" @@ -140,7 +140,7 @@ auth: ldap: enabled: true - url: "ldaps://ipa.kindred.internal" + url: "ldaps://ipa.example.internal" base_dn: "dc=kindred,dc=internal" user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal" user_attr: "uid" @@ -170,10 +170,10 @@ auth: oidc: enabled: true - issuer_url: "https://keycloak.kindred.internal/realms/silo" + issuer_url: "https://keycloak.example.internal/realms/silo" client_id: "silo" client_secret: "" # Set via SILO_OIDC_CLIENT_SECRET - redirect_url: "https://silo.kindred.internal/auth/callback" + redirect_url: "https://silo.example.internal/auth/callback" scopes: ["openid", "profile", "email"] admin_role: "silo-admin" editor_role: "silo-editor" @@ -186,7 +186,7 @@ auth: auth: cors: allowed_origins: - - "https://silo.kindred.internal" + - "https://silo.example.internal" ``` ## Environment Variables @@ -254,4 +254,4 @@ UPDATE users SET password_hash = '', is_active = true WHERE usernam - Verify the token is set in FreeCAD preferences or `SILO_API_TOKEN` - Check the API URL points to the correct server -- Test with curl: `curl -H "Authorization: Bearer silo_..." https://silo.kindred.internal/api/items` +- Test with curl: `curl -H "Authorization: Bearer silo_..." https://silo.example.internal/api/items` diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md index 04f449e..ee78902 100644 --- a/docs/DEPLOYMENT.md +++ b/docs/DEPLOYMENT.md @@ -17,7 +17,7 @@ This guide covers deploying Silo to a dedicated VM using external PostgreSQL and ``` ┌─────────────────────────────────────────────────────────────────┐ -│ silo.kindred.internal │ +│ silo.example.internal │ │ ┌───────────────────────────────────────────────────────────┐ │ │ │ silod │ │ │ │ (Silo API Server) │ │ @@ -27,7 +27,7 @@ This guide covers deploying Silo to a dedicated VM using external PostgreSQL and │ │ ▼ ▼ ┌─────────────────────────┐ ┌─────────────────────────────────┐ -│ psql.kindred.internal │ │ minio.kindred.internal │ +│ psql.example.internal │ │ minio.example.internal │ │ PostgreSQL 16 │ │ MinIO S3 │ │ :5432 │ │ :9000 (API) │ │ │ │ :9001 (Console) │ @@ -40,8 +40,8 @@ The following external services are already configured: | Service | Host | Database/Bucket | User | |---------|------|-----------------|------| -| PostgreSQL | psql.kindred.internal:5432 | silo | silo | -| MinIO | minio.kindred.internal:9000 | silo-files | silouser | +| PostgreSQL | psql.example.internal:5432 | silo | silo | +| MinIO | minio.example.internal:9000 | silo-files | silouser | Migrations have been applied to the database. @@ -53,10 +53,10 @@ For a fresh VM, run these commands: ```bash # 1. SSH to the target host -ssh root@silo.kindred.internal +ssh root@silo.example.internal # 2. Download and run setup script -curl -fsSL https://gitea.kindred.internal/kindred/silo-0062/raw/branch/main/scripts/setup-host.sh | bash +curl -fsSL https://git.kindred-systems.com/kindred/silo/raw/branch/main/scripts/setup-host.sh | bash # 3. Configure credentials nano /etc/silo/silod.env @@ -69,16 +69,16 @@ nano /etc/silo/silod.env ## Initial Setup -Run the setup script once on `silo.kindred.internal` to prepare the host: +Run the setup script once on `silo.example.internal` to prepare the host: ```bash # Option 1: If you have the repo locally -scp scripts/setup-host.sh root@silo.kindred.internal:/tmp/ -ssh root@silo.kindred.internal 'bash /tmp/setup-host.sh' +scp scripts/setup-host.sh root@silo.example.internal:/tmp/ +ssh root@silo.example.internal 'bash /tmp/setup-host.sh' # Option 2: Direct on the host -ssh root@silo.kindred.internal -curl -fsSL https://git.kindred.internal/kindred/silo/raw/branch/main/scripts/setup-host.sh -o /tmp/setup-host.sh +ssh root@silo.example.internal +curl -fsSL https://git.kindred-systems.com/kindred/silo/raw/branch/main/scripts/setup-host.sh -o /tmp/setup-host.sh bash /tmp/setup-host.sh ``` @@ -100,10 +100,10 @@ sudo nano /etc/silo/silod.env Fill in the values: ```bash -# Database credentials (psql.kindred.internal) +# Database credentials (psql.example.internal) SILO_DB_PASSWORD=your-database-password -# MinIO credentials (minio.kindred.internal) +# MinIO credentials (minio.example.internal) SILO_MINIO_ACCESS_KEY=silouser SILO_MINIO_SECRET_KEY=your-minio-secret-key ``` @@ -114,10 +114,10 @@ Before deploying, verify connectivity to external services: ```bash # Test PostgreSQL -psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1' +psql -h psql.example.internal -U silo -d silo -c 'SELECT 1' # Test MinIO -curl -I http://minio.kindred.internal:9000/minio/health/live +curl -I http://minio.example.internal:9000/minio/health/live ``` --- @@ -129,7 +129,7 @@ curl -I http://minio.kindred.internal:9000/minio/health/live To deploy or update Silo, run the deploy script on the target host: ```bash -ssh root@silo.kindred.internal +ssh root@silo.example.internal /opt/silo/src/scripts/deploy.sh ``` @@ -165,7 +165,7 @@ sudo /opt/silo/src/scripts/deploy.sh --status You can override the git repository URL and branch: ```bash -export SILO_REPO_URL=https://git.kindred.internal/kindred/silo.git +export SILO_REPO_URL=https://git.kindred-systems.com/kindred/silo.git export SILO_BRANCH=main sudo -E /opt/silo/src/scripts/deploy.sh ``` @@ -247,7 +247,7 @@ curl http://localhost:8080/ready To update to the latest version: ```bash -ssh root@silo.kindred.internal +ssh root@silo.example.internal /opt/silo/src/scripts/deploy.sh ``` @@ -269,7 +269,7 @@ When new migrations are added, run them manually: ls -la /opt/silo/src/migrations/ # Run a specific migration -psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/src/migrations/008_new_feature.sql +psql -h psql.example.internal -U silo -d silo -f /opt/silo/src/migrations/008_new_feature.sql ``` --- @@ -303,13 +303,13 @@ psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/src/migrations/008_ne 1. Test network connectivity: ```bash - nc -zv psql.kindred.internal 5432 + nc -zv psql.example.internal 5432 ``` 2. Test credentials: ```bash source /etc/silo/silod.env - PGPASSWORD=$SILO_DB_PASSWORD psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1' + PGPASSWORD=$SILO_DB_PASSWORD psql -h psql.example.internal -U silo -d silo -c 'SELECT 1' ``` 3. Check `pg_hba.conf` on PostgreSQL server allows connections from this host. @@ -318,12 +318,12 @@ psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/src/migrations/008_ne 1. Test network connectivity: ```bash - nc -zv minio.kindred.internal 9000 + nc -zv minio.example.internal 9000 ``` 2. Test with curl: ```bash - curl -I http://minio.kindred.internal:9000/minio/health/live + curl -I http://minio.example.internal:9000/minio/health/live ``` 3. Check SSL settings in config match MinIO setup: @@ -340,8 +340,8 @@ curl -v http://localhost:8080/health curl -v http://localhost:8080/ready # If ready fails but health passes, check external services -psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1' -curl http://minio.kindred.internal:9000/minio/health/live +psql -h psql.example.internal -U silo -d silo -c 'SELECT 1' +curl http://minio.example.internal:9000/minio/health/live ``` ### Build Fails @@ -391,14 +391,14 @@ This script: getcert list ``` -2. The silo config is already updated to use `https://silo.kindred.internal` as base URL. Restart silo: +2. The silo config is already updated to use `https://silo.example.internal` as base URL. Restart silo: ```bash sudo systemctl restart silod ``` 3. Test the setup: ```bash - curl https://silo.kindred.internal/health + curl https://silo.example.internal/health ``` ### Certificate Management @@ -422,7 +422,7 @@ For clients to trust the Silo HTTPS certificate, they need the IPA CA: ```bash # Download CA cert -curl -o /tmp/ipa-ca.crt https://ipa.kindred.internal/ipa/config/ca.crt +curl -o /tmp/ipa-ca.crt https://ipa.example.internal/ipa/config/ca.crt # Ubuntu/Debian sudo cp /tmp/ipa-ca.crt /usr/local/share/ca-certificates/ipa-ca.crt diff --git a/docs/SPECIFICATION.md b/docs/SPECIFICATION.md index 772b927..739efd1 100644 --- a/docs/SPECIFICATION.md +++ b/docs/SPECIFICATION.md @@ -50,7 +50,7 @@ Silo treats **part numbering schemas as configuration, not code**. Multiple numb ▼ ▼ ┌─────────────────────────┐ ┌─────────────────────────────┐ │ PostgreSQL │ │ MinIO │ -│ (psql.kindred.internal)│ │ - File storage │ +│ (psql.example.internal)│ │ - File storage │ │ - Item metadata │ │ - Versioned objects │ │ - Relationships │ │ - Thumbnails │ │ - Revision history │ │ │ @@ -63,7 +63,7 @@ Silo treats **part numbering schemas as configuration, not code**. Multiple numb | Component | Technology | Notes | |-----------|------------|-------| -| Database | PostgreSQL 16 | Existing instance at psql.kindred.internal | +| Database | PostgreSQL 16 | Existing instance at psql.example.internal | | File Storage | MinIO | S3-compatible, versioning enabled | | CLI & API Server | Go (1.24) | chi/v5 router, pgx/v5 driver, zerolog | | Authentication | Multi-backend | Local (bcrypt), LDAP/FreeIPA, OIDC/Keycloak | diff --git a/docs/STATUS.md b/docs/STATUS.md index 43235c2..3196d27 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -55,7 +55,7 @@ FreeCAD workbench and LibreOffice Calc extension are maintained in separate repo | Service | Host | Status | |---------|------|--------| -| PostgreSQL | psql.kindred.internal:5432 | Running | +| PostgreSQL | psql.example.internal:5432 | Running | | MinIO | localhost:9000 (API) / :9001 (console) | Configured | | Silo API | localhost:8080 | Builds successfully | diff --git a/scripts/deploy.sh b/scripts/deploy.sh index f93df11..fca11a5 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -1,18 +1,18 @@ #!/bin/bash -# Deploy Silo to silo.kindred.internal +# Deploy Silo to silo.example.internal # # Usage: ./scripts/deploy.sh [host] -# host defaults to silo.kindred.internal +# host defaults to silo.example.internal # # Prerequisites: # - SSH access to the target host # - /etc/silo/silod.env must exist on target with credentials filled in -# - PostgreSQL reachable from target at psql.kindred.internal -# - MinIO reachable from target at minio.kindred.internal +# - PostgreSQL reachable from target at psql.example.internal +# - MinIO reachable from target at minio.example.internal set -euo pipefail -TARGET="${1:-silo.kindred.internal}" +TARGET="${1:-silo.example.internal}" DEPLOY_DIR="/opt/silo" CONFIG_DIR="/etc/silo" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -123,14 +123,14 @@ if command -v psql &>/dev/null && [ -n "${SILO_DB_PASSWORD:-}" ]; then for f in "$DEPLOY_DIR/migrations/"*.sql; do echo " $(basename "$f")" PGPASSWORD="$SILO_DB_PASSWORD" psql \ - -h psql.kindred.internal -p 5432 \ + -h psql.example.internal -p 5432 \ -U silo -d silo \ -f "$f" -q 2>&1 | grep -v "already exists" || true done echo " Migrations complete." else echo " WARNING: psql not available or SILO_DB_PASSWORD not set, skipping migrations." - echo " Run migrations manually: PGPASSWORD=... psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/migrations/NNN_name.sql" + echo " Run migrations manually: PGPASSWORD=... psql -h psql.example.internal -U silo -d silo -f /opt/silo/migrations/NNN_name.sql" fi # Start service diff --git a/scripts/setup-host.sh b/scripts/setup-host.sh index 725f3a0..65d8b6b 100755 --- a/scripts/setup-host.sh +++ b/scripts/setup-host.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # # Silo Host Setup Script -# Run this once on silo.kindred.internal to prepare for deployment +# Run this once on silo.example.internal to prepare for deployment # # Usage: # sudo ./setup-host.sh @@ -24,7 +24,7 @@ BLUE='\033[0;34m' NC='\033[0m' # Configuration -REPO_URL="${SILO_REPO_URL:-https://gitea.kindred.internal/kindred/silo-0062.git}" +REPO_URL="${SILO_REPO_URL:-https://git.kindred-systems.com/kindred/silo.git}" REPO_BRANCH="${SILO_BRANCH:-main}" INSTALL_DIR="/opt/silo" CONFIG_DIR="/etc/silo" @@ -159,17 +159,17 @@ if [[ ! -f "${ENV_FILE}" ]]; then # Silo daemon environment variables # Fill in the values below -# Database credentials (psql.kindred.internal) +# Database credentials (psql.example.internal) # Database: silo, User: silo SILO_DB_PASSWORD= -# MinIO credentials (minio.kindred.internal) +# MinIO credentials (minio.example.internal) # User: silouser SILO_MINIO_ACCESS_KEY=silouser SILO_MINIO_SECRET_KEY= # Optional overrides -# SILO_SERVER_BASE_URL=http://silo.kindred.internal:8080 +# SILO_SERVER_BASE_URL=http://silo.example.internal:8080 EOF chmod 600 "${ENV_FILE}" chown root:silo "${ENV_FILE}" @@ -214,10 +214,10 @@ echo "1. Edit ${ENV_FILE} and fill in credentials:" echo " sudo nano ${ENV_FILE}" echo "" echo "2. Verify database connectivity:" -echo " psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'" +echo " psql -h psql.example.internal -U silo -d silo -c 'SELECT 1'" echo "" echo "3. Verify MinIO connectivity:" -echo " curl -I http://minio.kindred.internal:9000/minio/health/live" +echo " curl -I http://minio.example.internal:9000/minio/health/live" echo "" echo "4. Run the deployment:" echo " sudo ${INSTALL_DIR}/src/scripts/deploy.sh" diff --git a/scripts/setup-ipa-nginx.sh b/scripts/setup-ipa-nginx.sh index f35ea8b..0a37d4c 100755 --- a/scripts/setup-ipa-nginx.sh +++ b/scripts/setup-ipa-nginx.sh @@ -7,8 +7,8 @@ # sudo ./scripts/setup-ipa-nginx.sh # # Prerequisites: -# - FreeIPA server at ipa.kindred.internal -# - DNS configured for silo.kindred.internal +# - FreeIPA server at ipa.example.internal +# - DNS configured for silo.example.internal # - Admin credentials for IPA enrollment set -euo pipefail @@ -21,10 +21,10 @@ BLUE='\033[0;34m' NC='\033[0m' # Configuration -IPA_SERVER="${IPA_SERVER:-ipa.kindred.internal}" -IPA_DOMAIN="${IPA_DOMAIN:-kindred.internal}" +IPA_SERVER="${IPA_SERVER:-ipa.example.internal}" +IPA_DOMAIN="${IPA_DOMAIN:-example.internal}" IPA_REALM="${IPA_REALM:-KINDRED.INTERNAL}" -HOSTNAME="silo.kindred.internal" +HOSTNAME="silo.example.internal" CERT_DIR="/etc/ssl/silo" SILO_PORT=8080 @@ -193,7 +193,7 @@ cat > /etc/nginx/sites-available/silo << 'NGINX_EOF' server { listen 80; listen [::]:80; - server_name silo.kindred.internal; + server_name silo.example.internal; # Allow certmonger/ACME challenges location /.well-known/ { @@ -209,7 +209,7 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name silo.kindred.internal; + server_name silo.example.internal; # SSL certificates (managed by certmonger/IPA) ssl_certificate /etc/ssl/silo/silo.crt; @@ -343,14 +343,14 @@ echo " getcert list" echo "" echo "2. Update silo config to use correct base URL:" echo " sudo nano /etc/silo/config.yaml" -echo " # Change base_url to: https://silo.kindred.internal" +echo " # Change base_url to: https://silo.example.internal" echo "" echo "3. Restart silo service:" echo " sudo systemctl restart silod" echo "" echo "4. Test the setup:" -echo " curl -k https://silo.kindred.internal/health" -echo " curl https://silo.kindred.internal/health # after trusting IPA CA" +echo " curl -k https://silo.example.internal/health" +echo " curl https://silo.example.internal/health # after trusting IPA CA" echo "" echo "5. Trust IPA CA on client machines:" echo " # The CA cert is at: ${CERT_DIR}/ca.crt"