On-Premises

In this section, we will guide you through the declaration of a completely functional on-prem infrastructure.

1. Install your server

• Install your Linux server on-premises as per your needs and company standards.

• Get the IP address of your server, we will need it later.

• The YaK needs a user that can use sudo without password.

  • Create a dedicated user on your server, this user will be used by the YaK for configuration and deployment purpose (we usually create a user "yak", but this is totally up to you).

useradd -m yak

• Create the .ssh folder for this user and change folder permissions.

#As the user created previously:

mkdir /home/yak/.ssh
chmod 700 /home/yak/.ssh

• Add this user to the list of sudoers, here is an example of how to accomplish that:

echo 'yak        ALL=(ALL)       NOPASSWD: ALL' > /etc/sudoers.d/yak

2. Declare and exchange SSH keys

In order to connect securely to the Linux targets and deploy components, a pair of SSH keys must be generated and the private SSH key must be given to the YaK.

1. Generate a SSH key

   • Linux users:

     • SSH keys can be generated from any Linux distribution running openSSH with the "ssh-keygen" command:

ssh-keygen -b 4096 -m PEM -t rsa -f mysshkey -q -N ""

• Windows users:

  • PuTTYgen can be used to generate private and public SSH keys on Windows. The keys must respect the following characteristics:

    • number of bits: 4096

    • type of key to generate: rsa

    • no passphrase

1. Copy the content of the private key file:

yak@yak-srv-onprem-1:~$ cat mysshkey

##This is just an example, generate your own private key

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABASDILVb1
MiZ78g848c6Dk6KYwkJZXloSIruLe+Sid0Xd+Lb1rAxbwzAhXWRMzzBT5k3WciXk2fMhUD
p4YSahpYvquZK950aXiZNDOJpKZP8wjf4g4nQyiJZ/0G0J9mIaI2h/fr8TA67KHYtu/Eyf
PN9bKJwII3aiGlu5/Viq2cgYT8jJ01AK8cY3tSqKdlrN2GyxllBFl42QplbxA2USPJ1E6v
VIjtbmJjdz[...........................................]qAc4HxP02t/N2ZN
q+dDNWeShfVz4zjApPQCzdiGqLAlzUy67KNxQgljhaOEaYTQgrLE8XNGsIFNZwGvsEo/xZ
XnN2p
-----END OPENSSH PRIVATE KEY-----

1. From the YaK UI, navigate to Configuration > Secrets > Declare

2. Give an explicit name to your secret, select type "ssh key" and paste the entirety of the private key into the corresponding field of the form.

3. Click "Save".

4. Copy the public file to your target server.

   • Linux users:

     • Copy the public key to your target server.

     ssh-copy-id -i <your_public_key> <yak_user>@<target_server>
     
     Ex:
     ssh-copy-id -i mysshkey.pub yak@172.22.18.159

   • Windows users:

     • Copy the public key generated with PuTTYgen to your target server:

       • Use your preferred text editor to create and/or open the authorized_keys file.

         • vi ~/.ssh/authorized_keys

       • Paste the content of the public key into the authorized_keys file.

       • Save the file and close the text editor.

       • Adjust the permissions of the authorized_keys file.

         • chmod 600 ~/.ssh/authorized_keys

3. Declare your infrastructure

• From the menu, navigate to "Infrastructures".

• Click the "declare" button.

• Give a name to your infrastructure (⚠️ : "_" character is not supported in infrastructure names).
• Select your provider ("On premises" in the present example).

• Click "Save".

4. Attach your SSH secret

• From the menu, navigate to "Infrastructures".

• Select your on-premises infrastructure in the list.

• Click the "Action" button.

• Click "Attach secret".

• Select the secret created previously from the list.

• Click "Attach".

Secrets can be attached at infrastructure or at server level. When attached to an infrastructure, all servers pertaining to this infrastructure will share the same secrets. In this case, all servers belonging to the infrastructure must share the same key. When attached to the server, this secret will take precedence over the secret attached to the infrastructure and individual keys must be generated for each server.

5. Declare a server

• Navigate to the "Servers" menu.

• Click "declare".

• Give it a name.

• Select the on premises infrastructure to deploy your servers to.

• Select an operating system family from the list.

• Enter the Ansible user (this is the user created in step 1, ex: "yak").

• Configure Network:

  • Mode: select "manual".

  • IP address: enter the IP address of your server.

  • Scope: select private or public.

  • Check the "Admin access" checkbox.

• Click Save.

Your server is now in "registered" state. The YaK is now able to communicate with it and deploy components.

6. Connect to your server

• Connect to your newly declared server.

ssh -i <your_private_key> <yak_user>@<target_server>

Ex:
ssh -i mysshkey yak@172.22.18.159

7. Declare and deploy your components

Please note that the YaK cannot manage on-premise servers. Hence the start/stop or destroy features have no effect when it comes to on-premises servers. Actions such as start, stop, destroy, etc... must be executed from your hypervisor (VmWare vSphere, Nutanix AHV, ProxMox..) or from your bare-metal machines.