Difference between revisions of "Ansible"
(Created page with "Category:Linux Category:Ansible = Installation = == Installation of the development machine == <pre> pip install ansible brew install hudochenkov/sshpass/sshpass </...") |
(→Vault) |
||
| Line 113: | Line 113: | ||
== Vault == | == Vault == | ||
| − | No blank lines | + | * No blank lines |
| − | No special characters like (+) | + | * No special characters like (+) |
| + | * In playbook it's relative to playbook's folder. | ||
| + | like : | ||
| + | <pre> | ||
| + | /playbooks/test.yml | ||
| + | /aws_vault.yml | ||
| + | </pre> | ||
| + | then | ||
| + | <pre> | ||
| + | - name: Show AWS key from vault | ||
| + | hosts: localhost | ||
| + | gather_facts: false | ||
| + | vars_files: | ||
| + | - ../aws_vault.yml | ||
| + | |||
| + | tasks: | ||
| + | - name: Display the AWS Access Key ID | ||
| + | debug: | ||
| + | msg: "aws_access_key_id = {{ aws_access_key_id }}" | ||
| + | </pre> | ||
=== Create Vault === | === Create Vault === | ||
Revision as of 10:56, 30 March 2026
Installation
Installation of the development machine
pip install ansible brew install hudochenkov/sshpass/sshpass
Installation of ubuntu server
sudo apt update sudo apt install ansible sudo apt install sshpass
Running playbooks
To run all playbooks write this command in the ansible folder.
Be sure SSH Key based authentication is sorted before. See below.
ansible-playbook ./playbooks/all.yml -i ./inventory/hosts
Folders and files
Hosts
Add / update servers to ./inventory/hosts file with either name or ip addresses
Test it by
ansible -i ./inventory/hosts servers -m ping --user logicmade --ask-pass
servers is the name of the group in hosts logicmade is the username
Playbooks
In a playbook yaml file become: true means it runs as sudo
To run a playbook :
ansible-playbook ./playbooks/apt.yml --user logicmade --ask-pass --ask-become-pass -i ./inventory/hosts
Key base Authentication
Setting Up SSH Key-Based Authentication
Generate Key Pair: On the Ansible controller, run command below to create keys.
ssh-keygen -t rsa -f ~/.ssh/ansible-keys
Distribute Public Key
Copy the public key to managed nodes using
ssh-copy-id -i ~/.ssh/ansible-keys.pub user@node.
Configure Ansible Inventory
Specify the private key in your inventory file:
[servers] node1 ansible_host=192.168.1.10 ansible_user=admin ansible_ssh_private_key_file=~/.ssh/ansible-keys
Fixing sudo issue
In the server run sudo visudo and add this line
logicmade ALL=(ALL) NOPASSWD: ALL
logicmade is the username to be escalated
To be safe, you can also create a dedicated file:
sudo visudo -f /etc/sudoers.d/logicmade
Now we can run a playbook like this
ansible-playbook ./playbooks/apt.yml -i ./inventory/hosts
Add:
logicmade ALL=(ALL) NOPASSWD: ALL
Tips
Vault
- No blank lines
- No special characters like (+)
- In playbook it's relative to playbook's folder.
like :
/playbooks/test.yml /aws_vault.yml
then
- name: Show AWS key from vault
hosts: localhost
gather_facts: false
vars_files:
- ../aws_vault.yml
tasks:
- name: Display the AWS Access Key ID
debug:
msg: "aws_access_key_id = {{ aws_access_key_id }}"
Create Vault
ansible-vault create group_vars/all/vault.yml
Edit Vault
ansible-vault edit group_vars/all/vault.yml
Verify Vault file
ansible all -i inventory/hosts -m debug -a "var=aws_access_key_id" --ask-vault-pass
aws_access_key_id is a key in the vault.
