ReachableCEO
f6acf660f6
- Add Project-Tests directory with complete testing infrastructure - Create main test runner with JSON reporting and categorized tests - Implement system validation tests (RAM, disk, network, permissions) - Add security testing for HTTPS enforcement and deployment methods - Create unit tests for framework functions and syntax validation - Add ConfigValidation.sh framework for pre-flight system checks - Enhance documentation with SECURITY.md and DEPLOYMENT.md guides - Provide comprehensive testing README with usage instructions The testing framework validates system compatibility, security configurations, and deployment requirements before execution, preventing deployment failures and providing clear error reporting for troubleshooting. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
7.6 KiB
7.6 KiB
TSYS FetchApply Deployment Guide
Overview
This guide provides comprehensive instructions for deploying the TSYS FetchApply infrastructure provisioning system on Linux servers.
Prerequisites
System Requirements
- Operating System: Ubuntu 18.04+ or Debian 10+ (recommended)
- RAM: Minimum 2GB, recommended 4GB
- Disk Space: Minimum 10GB free space
- Network: Internet connectivity for package downloads
- Privileges: Root or sudo access required
Required Tools
git- Version control systemcurl- HTTP client for downloadswget- Alternative download toolsystemctl- System service managementapt-get- Package management (Debian/Ubuntu)
Network Requirements
- HTTPS access to:
https://archive.ubuntu.com(Ubuntu packages)https://linux.dell.com(Dell hardware support)https://download.proxmox.com(Proxmox packages)https://github.com(Git repositories)
Pre-Deployment Validation
1. System Compatibility Check
# Clone repository
git clone [repository-url]
cd FetchApply
# Run system validation
./Project-Tests/validation/system-requirements.sh
2. Network Connectivity Test
# Test network connectivity
curl -I https://archive.ubuntu.com
curl -I https://linux.dell.com
curl -I https://download.proxmox.com
3. Permission Verification
# Verify write permissions
test -w /etc && echo "✅ /etc writable" || echo "❌ /etc not writable"
test -w /usr/local/bin && echo "✅ /usr/local/bin writable" || echo "❌ /usr/local/bin not writable"
Deployment Methods
Method 1: Standard Deployment (Recommended)
# 1. Clone repository
git clone [repository-url]
cd FetchApply
# 2. Run pre-deployment tests
./Project-Tests/run-tests.sh validation
# 3. Execute deployment
cd ProjectCode
sudo bash SetupNewSystem.sh
Method 2: Dry Run Mode
# 1. Clone repository
git clone [repository-url]
cd FetchApply
# 2. Review configuration
cat ProjectCode/SetupNewSystem.sh
# 3. Execute with manual review
cd ProjectCode
sudo bash -x SetupNewSystem.sh # Debug mode
Deployment Process
Phase 1: Framework Initialization
-
Environment Setup
- Load framework variables
- Source framework includes
- Initialize logging system
-
System Detection
- Detect physical vs virtual hardware
- Identify operating system
- Check for existing users
Phase 2: Base System Configuration
-
Package Installation
- Update package repositories
- Install essential packages
- Configure package sources
-
User Management
- Create required user accounts
- Configure SSH access
- Set up sudo permissions
Phase 3: Security Hardening
-
SSH Configuration
- Deploy hardened SSH configuration
- Install SSH keys
- Disable password authentication
-
System Hardening
- Configure firewall rules
- Enable audit logging
- Install security tools
Phase 4: Monitoring and Management
-
Monitoring Agents
- Deploy LibreNMS agents
- Configure SNMP
- Set up system monitoring
-
Management Tools
- Install Cockpit dashboard
- Configure remote access
- Set up maintenance scripts
Post-Deployment Verification
1. Security Validation
# Run security tests
./Project-Tests/run-tests.sh security
# Verify SSH configuration
ssh -T [server-ip] # Should work with key authentication
2. Service Status Check
# Check critical services
sudo systemctl status ssh
sudo systemctl status auditd
sudo systemctl status snmpd
3. Network Connectivity
# Test internal services
curl -k https://localhost:9090 # Cockpit
snmpwalk -v2c -c public localhost system
Troubleshooting
Common Issues
1. Permission Denied Errors
# Solution: Run with sudo
sudo bash SetupNewSystem.sh
2. Network Connectivity Issues
# Check DNS resolution
nslookup archive.ubuntu.com
# Test direct IP access
curl -I 91.189.91.26 # Ubuntu archive IP
3. Package Installation Failures
# Update package cache
sudo apt-get update
# Fix broken packages
sudo apt-get -f install
4. SSH Key Issues
# Verify key permissions
ls -la ~/.ssh/
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
Debug Mode
# Enable debug logging
export DEBUG=1
bash -x SetupNewSystem.sh
Log Analysis
# Check deployment logs
tail -f /var/log/fetchapply/deployment.log
# Review system logs
journalctl -u ssh
journalctl -u auditd
Environment-Specific Configurations
Physical Dell Servers
- OMSA Installation: Dell OpenManage Server Administrator
- Hardware Monitoring: iDRAC configuration
- Performance Tuning: CPU and memory optimizations
Virtual Machines
- Guest Additions: VMware tools or VirtualBox additions
- Resource Limits: Memory and CPU constraints
- Network Configuration: Bridge vs NAT settings
Development Environments
- SSH Configuration: Less restrictive settings
- Development Tools: Additional packages for development
- Testing Access: Enhanced logging and debugging
Maintenance and Updates
Regular Maintenance
# Update system packages
sudo apt-get update && sudo apt-get upgrade
# Update monitoring scripts
cd /usr/local/bin
sudo wget https://[repository]/scripts/up2date.sh
sudo chmod +x up2date.sh
Security Updates
# Check for security updates
sudo apt-get update
sudo apt list --upgradable | grep -i security
# Apply security patches
sudo apt-get upgrade
Configuration Updates
# Update FetchApply
cd FetchApply
git pull origin main
# Re-run specific modules
cd ProjectCode/Modules/Security
sudo bash secharden-ssh.sh
Best Practices
1. Pre-Deployment
- Always test in non-production environment first
- Review all scripts before execution
- Validate network connectivity
- Ensure proper backup procedures
2. During Deployment
- Monitor deployment progress
- Check for errors and warnings
- Document any customizations
- Validate each phase completion
3. Post-Deployment
- Run full security test suite
- Verify all services are running
- Test remote access
- Document deployment specifics
4. Ongoing Operations
- Regular security updates
- Monitor system performance
- Review audit logs
- Maintain deployment documentation
Support and Resources
Documentation
- README.md: Basic usage instructions
- SECURITY.md: Security architecture and guidelines
- Project-Tests/README.md: Testing framework documentation
Community Support
- Issues: https://projects.knownelement.com/project/reachableceo-vptechnicaloperations/timeline
- Discussion: https://community.turnsys.com/c/chieftechnologyandproductofficer/26
Professional Support
- Technical Support: [Contact information to be added]
- Consulting Services: [Contact information to be added]
Deployment Checklist
Pre-Deployment
- System requirements validated
- Network connectivity tested
- Backup procedures in place
- Security review completed
Deployment
- Repository cloned successfully
- Pre-deployment tests passed
- Deployment executed without errors
- Post-deployment verification completed
Post-Deployment
- Security tests passed
- All services running
- Remote access verified
- Documentation updated
Maintenance
- Update schedule established
- Monitoring configured
- Backup procedures tested
- Incident response plan activated
Version History
- v1.0: Initial deployment framework
- v1.1: Added security hardening and secrets management
- v1.2: Enhanced testing framework and documentation
Last updated: July 14, 2025