Ansible
Installation
Installation of the development machine
pip install ansible brew install hudochenkov/sshpass/sshpass
Installation of ubuntu server
sudo apt update sudo apt install ansible sudo apt install sshpass
Running playbooks
To run all playbooks write this command in the ansible folder.
Be sure SSH Key based authentication is sorted before. See below.
ansible-playbook ./playbooks/all.yml -i ./inventory/hosts
Folders and files
Hosts
Add / update servers to ./inventory/hosts file with either name or ip addresses
Test it by
ansible -i ./inventory/hosts servers -m ping --user logicmade --ask-pass
servers is the name of the group in hosts logicmade is the username
Playbooks
In a playbook yaml file become: true means it runs as sudo
To run a playbook :
ansible-playbook ./playbooks/apt.yml --user logicmade --ask-pass --ask-become-pass -i ./inventory/hosts
Key base Authentication
Setting Up SSH Key-Based Authentication
Generate Key Pair: On the Ansible controller, run command below to create keys.
ssh-keygen -t rsa -f ~/.ssh/ansible-keys
Distribute Public Key
Copy the public key to managed nodes using
ssh-copy-id -i ~/.ssh/ansible-keys.pub user@node.
Configure Ansible Inventory
Specify the private key in your inventory file:
[servers] node1 ansible_host=192.168.1.10 ansible_user=admin ansible_ssh_private_key_file=~/.ssh/ansible-keys
Fixing sudo issue
In the server run sudo visudo and add this line
logicmade ALL=(ALL) NOPASSWD: ALL
logicmade is the username to be escalated
To be safe, you can also create a dedicated file:
sudo visudo -f /etc/sudoers.d/logicmade
Now we can run a playbook like this
ansible-playbook ./playbooks/apt.yml -i ./inventory/hosts
Add:
logicmade ALL=(ALL) NOPASSWD: ALL
Tips
Vault
No blank lines No special characters like (+)
Create Vault
ansible-vault create group_vars/all/vault.yml
Edit Vault
ansible-vault edit group_vars/all/vault.yml
Verify Vault file
ansible all -i inventory/hosts -m debug -a "var=aws_access_key_id" --ask-vault-pass
aws_access_key_id is a key in the vault.
