docs.sr2.uk/docs/operator/deploy.md

---
sidebar_position: 50
sidebar_label: Deploy CDR Link
---

# Deploy the CDR Link Stack

## Set up the Ansible inventory and host variables

Create `$HOME/ops/inventory`:

```ini
[cdr_link]
example.cdr.link
```

Create `$HOME/ops/group_vars/all.yml` if you use our baseline role and integrate with Identity Management:

```yaml
---
ipaserver_domain: CHANGEME
ipaserver_realm: CHANGEME
ipaserver_netbios_name: CHANGEME
```

Create `$HOME/ops/host_vars/example.cdr.link.yml`:

```yaml
---
baseline_second_disk_device: /dev/sdb  # This is the device path for the data volume
baseline_home_luks_passphrase: CHANGEME
ipaclient_otp: CHANGEME  # This is the OTP generated in the IdM step and is not sensitive after use
podman_link_podman_rootless_user: link_example  # This is the user you created in the IdM step
podman_link_postgres_zammad_password: CHANGEME
podman_link_postgres_link_password: CHANGEME
podman_link_postgres_root_password: CHANGEME
podman_link_zammad_redis_password: CHANGEME
podman_link_opensearch_password: CHANGEME
podman_link_nextauth_secret: CHANGEME
```

:::warning
Do not store sensitive values in the `host_vars` file in plaintext, use lookup plugins to look up the secret values
using your secrets management solution of choice.
:::

The variables prefixed with `baseline_` and `ipaclient_` are only applicable if you are using our baseline role with
Identity Management integration.
If you manage your own hardening and use local users and groups you can omit these.
The user you reference in `podman_link_podman_rootless_user` must exist before continuing.

## Execute the Ansible playbook

If you are using our baseline role:

```shell
ansible-playbook -i inventory sr2.apps.link
```

If you manage your own hardening and identity management, use the `link` tag to only run the CDR Link stack deployment:

```shell
ansible-playbook -i inventory sr2.apps.link --tags link
```