diff options
| author | Paul Buetow <git@mx.buetow.org> | 2021-05-27 04:46:37 +0100 |
|---|---|---|
| committer | Paul Buetow <git@mx.buetow.org> | 2021-05-27 04:46:37 +0100 |
| commit | b7af00ae75b59cc3706be271d960d8f3435f5d5c (patch) | |
| tree | 5cf9354f19a7be1929203a034cb46f0941135d69 /doc/installation.md | |
| parent | fa33b20e9c1ec3b8e77add93b64073919b9433cb (diff) | |
Improve documentation through advanced AI
Diffstat (limited to 'doc/installation.md')
| -rw-r--r-- | doc/installation.md | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/installation.md b/doc/installation.md index 6bf17b0..9ca344e 100644 --- a/doc/installation.md +++ b/doc/installation.md @@ -5,13 +5,13 @@ The following installation guide has been tested successfully on CentOS 7. You m # Compile it -Please check the [Quick Starting Guide](quickstart.md) for instructions how to compile DTail. It is recommended to automate the build process via your build pipeline (e.g. produce a deployable RPM via Jenkins). You don't have to use ``go get...`` to compile and install the binaries. You can also clone the repository and use ``make`` instead. +Please check the [Quick Starting Guide](quickstart.md) for instructions on compiling DTail. It is recommended to automate the build process via your build pipeline (e.g. produce a deployable RPM via Jenkins). You don't have to use ``go get...`` to compile and install the binaries. You can also clone the repository and use ``make`` instead. ## Linux ACL support -This is optional but it gives you better security. On Linux you have the option to compile `dserver` with File System Access Control List support. For that you need: +This is optional, but it gives you better security. On Linux, you have the option to compile `dserver` with File System Access Control List support. For that, you need: -### 1. Install the `libacl` development library. On RHEL, CentOS and Fedora it would be +### 1. Install the `libacl` development library. On RHEL, CentOS and Fedora, it would be ```console % sudo dnf install libacl-devel -y @@ -25,11 +25,11 @@ Set the `USE_ACL` environment variable before invoking the make command. % export USE_ACL=yes ``` -Alternatively you could just add `-tags linuxacl` to the Go compiler. +Alternatively, you could add `-tags linuxacl` to the Go compiler. # Install it -It is recommended to automate all the installation process outlined here. You could use a configuration management system such as Puppet, Chef or Ansible. However, that relies heavily on how your infrastructure is managed and is out of scope of this documentation. +It is recommended to automate all the installation process outlined here. You could use a configuration management system such as Puppet, Chef or Ansible. However, that relies heavily on how your infrastructure is managed and is out of the scope of this documentation. 1. The ``dserver`` binary has to be installed on all machines (server boxes) involved. A good location for the binary would be ``/usr/local/bin/dserver`` with permissions set as follows: @@ -95,7 +95,7 @@ To start the DTail server via ``systemd`` run: # Register SSH public keys in DTail server -The DTail server now runs as a ``systemd`` service under system user ``dserver``. The system user ``dserver`` however has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish a SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``. +The DTail server now runs as a ``systemd`` service under system user ``dserver``. However, the system user ``dserver`` has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish an SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``. It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while, e.g. every 30 minutes: @@ -115,11 +115,11 @@ It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.s # Run DTail client -Now you should be able to use DTail client like outlined in the [Quick Starting Guide](quickstart.md). Also have a look at the [Examples](examples.md). +Now you should be able to use DTail client like outlined in the [Quick Starting Guide](quickstart.md). Also, have a look at the [Examples](examples.md). # Monitor it -To verify that DTail server is up and running and functioning as expected you should configure the Nagios check [check_dserver.sh](../samples/check_dserver.sh.sample) in your monitoring system. The check has to be executed locally on the server (e.g. via NRPE). How to configure the monitoring system in detail is out of scope of this guide. +To verify that DTail server is up and running and functioning as expected, you should configure the Nagios check [check_dserver.sh](../samples/check_dserver.sh.sample) in your monitoring system. The check has to be executed locally on the server (e.g. via NRPE). How to configure the monitoring system in detail is out of the scope of this guide. ```console % ./check_dserver.sh |