dannylamb · dannylamb · Dec 1, 2017 · Nov 29, 2017 · Dec 1, 2017 · Dec 1, 2017
diff --git a/README.md b/README.md
@@ -53,27 +53,26 @@ If you're looking for a development environment, using our Vagrant deployment is
 
 If you want to provision an all-in-one remote Ubuntu environment, like a production server:
 
-1. SSH into your remote server and add an `ubuntu` [user with sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart)
-1. Clone the repository onto your local machine
-1. Create an inventory for your new environment ('production' in this example): `cp -r inventory/vagrant inventory/production`
-1. Edit `inventory/produciont/hosts` to point to your new environment by changing 'default' line to:
+1. SSH into your remote server and add an [user with password-less sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart), and make sure you can log in as that user. Its easiest if you use SSH keys for login, so that you an log in to the server without a password. Another option if you are no comfortable with password-less sudo is to set the `ansible_become_pass` variable in your inventory as outlined [here](http://docs.ansible.com/ansible/latest/become.html).
+1. Clone the repository onto your local machine.
+1. Create an inventory for your new environment ('production' in this example): `cp -r inventory/vagrant inventory/production`.
+1. Edit `inventory/production/hosts` to point to your new environment by changing 'default' line to:
 ```
-default ansible_ssh_host=my_ip_or_domain_name ansible_ssh_user=root ansible_ssh_pass=my_super_secret_password
+default ansible_ssh_host=my_ip_or_domain_name
 ```
-1. Change all the passwords from "islandora" to something else.  You can get a full list of them by grepping your new inventory:
-```bash
-$ grep -rn pass inventory/production
-inventory/production/group_vars/webserver/drupal.yml:21:drupal_db_password: islandora
-inventory/production/group_vars/webserver/drupal.yml:29:drupal_account_pass: islandora
-inventory/production/group_vars/database.yml:2:mysql_root_password: islandora
-inventory/production/group_vars/database.yml:6:    password: islandora
-inventory/production/group_vars/tomcat.yml:5:    password: islandora
-inventory/production/group_vars/tomcat.yml:46:cantaloupe_admin_password: islandora
+Optionally if you need to specify a username, password or port to connect to the server you can specify those in the inventory file as well:
+```
+default ansible_ssh_host=my_ip_or_domain_name ansible_ssh_user=my_user ansible_ssh_pass=my_super_secret_password ansible_ssh_port=my_port
 ```
-1. Change the `drupal_trusted_host` configuration in `inventory/production/group_vars/webserver/drupal.yml` to reflect your IP or domain name
-1. Change the Apache's port to 80 in `inventory/production/group_vars/webserver/apache.yml`
+More information about inventories can be found in the [ansible documentation](http://docs.ansible.com/ansible/latest/intro_inventory.html).
+1. Update the inventory variables as you see fit to customize your Islandora installation. 
+  1. You should modify `group_vars\all\passwords.yml` to use more secure passwords. These passwords can be encrypted using [Ansible Vault](https://docs.ansible.com/ansible/latest/vault.html) if you wish to keep your inventory secure.
+  1. Change the `drupal_trusted_host` configuration in `inventory/production/group_vars/webserver/drupal.yml` to reflect your IP or domain name
+  1. Change the Apache's port to 80 in `inventory/production/group_vars/webserver/apache.yml`
+  1. Any other variable changes you wish.
 1. Install the roles using `ansible-galaxy`: `$ ansible-galaxy install -r requirements.yml`
-1. Provision the server with `$ ansible-playbook -i inventory/production -e "islandora_distro=ubuntu/xenial64"`
+1. Provision the server with `$ ansible-playbook -i inventory/production`
+  - If the host you are provisioning is a Ubuntu 16.04 machine, you may wish to have the playbook install Python for you. This is a requirement to run the playbook. You can do this by passing an additional variable on the command line like this. `$ ansible-playbook -i inventory/production -e "islandora_distro=ubuntu/xenial64"`
 
 ## Connect
 

diff --git a/bootstrap.yml b/bootstrap.yml
@@ -14,7 +14,7 @@
       changed_when:
         - output.stdout != ""
         - output.stdout != "\r\n"
-      when: islandora_distro == "ubuntu/xenial64"
+      when: islandora_distro|default('') == "ubuntu/xenial64"
 
     # Manually gather facts once python is installed
     - name: gather facts

diff --git a/inventory/vagrant/group_vars/all.yml → inventory/vagrant/group_vars/all/main.yml b/inventory/vagrant/group_vars/all.yml → inventory/vagrant/group_vars/all/main.yml
diff --git a/inventory/vagrant/group_vars/all/passwords.yml b/inventory/vagrant/group_vars/all/passwords.yml
@@ -0,0 +1,17 @@
+---
+
+# Drupal
+drupal_db_password: islandora
+drupal_account_pass: islandora
+
+# MySQL/Postgres
+islandora_db_root_password: islandora
+
+# Tomcat
+islandora_tomcat_password: islandora
+
+# Syn
+islandora_syn_token: islandora
+
+# Cantaloupe
+cantaloupe_admin_password: islandora
diff --git a/inventory/vagrant/group_vars/database.yml b/inventory/vagrant/group_vars/database.yml
@@ -1,9 +1,9 @@
 mysql_root_username: root
-mysql_root_password: islandora
+mysql_root_password: "{{ islandora_db_root_password }}"
 
 postgresql_users:
   - name: root
-    password: islandora
+    password: "{{ islandora_db_root_password }}"
     db: "{{ drupal_db_name }}"
 
 postgresql_databases:

diff --git a/inventory/vagrant/group_vars/tomcat.yml b/inventory/vagrant/group_vars/tomcat.yml
@@ -2,7 +2,7 @@
 
 tomcat8_users:
   - username: islandora
-    password: islandora
+    password: "{{ islandora_tomcat_password }}"
     roles:
       - manager-gui
 
@@ -36,14 +36,13 @@ fcrepo_syn_tokens:
   - user: admin
     roles:
       - admin
-    token: islandora
+    token: "{{ islandora_syn_token }}"
 
 cantaloupe_deploy_war: yes
 cantaloupe_deploy_war_path: "{{ tomcat8_home }}/webapps"
 cantaloupe_user: tomcat8
 cantaloupe_group: tomcat8
 cantaloupe_admin_enabled: "true"
-cantaloupe_admin_password: islandora
 cantaloupe_OpenJpegProcessor_path_to_binaries: /usr/local/bin
 cantaloupe_log_application_ConsoleAppender_enabled: "false"
 cantaloupe_log_application_FileAppender_enabled: "true"

diff --git a/inventory/vagrant/group_vars/webserver/drupal.yml b/inventory/vagrant/group_vars/webserver/drupal.yml
@@ -2,7 +2,7 @@
 
 drupal_build_composer_project: true
 drupal_composer_install_dir: /var/www/html/drupal
-drupal_core_owner: "{{ ansible_user }}"
+drupal_core_owner: "{{ ansible_user_id }}"
 drupal_composer_dependencies:
   - "drupal/console:~1.0"
   - "drupal/devel:^1.0@beta"
@@ -18,15 +18,13 @@ drupal_composer_project_package: "drupal-composer/drupal-project:8.x-dev"
 drupal_composer_project_options: "--prefer-dist --stability dev --no-interaction"
 drupal_core_path: "{{ drupal_composer_install_dir }}/web"
 drupal_db_user: root
-drupal_db_password: islandora
 drupal_db_name: drupal8
 drupal_db_backend: "{{ claw_db }}"
 drupal_db_host: "127.0.0.1"
 drupal_domain: "claw.dev"
 drupal_site_name: "Islandora-CLAW"
 drupal_install_profile: standard
 drupal_account_name: admin
-drupal_account_pass: islandora
 drupal_enable_modules:
   - rdf
   - responsive_image