Denis Machard

My technical gists

Infrastructure background, developer mindset. I build things for pleasure.
    @github @mastodon @rss

    Initial Ansible setup server

    This tutorial explains how to make the initial setup of ansible.

    Initial setup

    On this tutorial we assume you have at least python installed on all servers to manage and all your servers are available with a hostname in your dns and a root ssh access.

    Create a specific automation user for your ansible srever

    adduser automation
    passwd automation
    echo  -e 'automation\tALL=(ALL)\tNOPASSWD:\tALL' > /etc/sudoers.d/automation
    

    Connect with-it

    su - automation
    

    Create key pair

    ssh-keygen -o -b 4096
    

    Describe your inventory.

    vim inventory.ini 
    [group1]
    server01
    server02
    server03
    

    Create default ansible configuration and define the python path.

    touch ansible.cfg

    [defaults]
    interpreter_python=/usr/bin/python3
    

    Run the playbook

    Clone the repository https://github.com/dmachard/ansible-playbooks/tree/main/setup_ansible and run-it to configure:

    • a specific user for ansible to run
    • disable root ssh access
    • disable password authentication

    Run-it with the root account of each server, after that the connection to the server can be done with the automation user.

    $ ansible-playbook -i inventory.ini setup-ansible/playbook.yml --ask-pass -u root
    SSH password: 
    
    PLAY [all] *************************************************************************
    
    TASK [Gathering Facts] *************************************************************
    ok: [server01]
    ok: [server02]
    ok: [server03]
    
    TASK [Add a new user named automation] *********************************************
    ok: [server03]
    ok: [server01]
    ok: [server02]
    
    TASK [Add automation user to the sudoers] ******************************************
    changed: [server03]
    changed: [server02]
    changed: [server01]
    
    TASK [Deploy SSH Key] **************************************************************
    changed: [server01]
    changed: [server02]
    changed: [server03]
    
    TASK [Disable Password Authentication] *********************************************
    changed: [server01]
    changed: [server03]
    changed: [server02]
    
    TASK [Disable Root Login] **********************************************************
    changed: [server02]
    changed: [server03]
    changed: [server01]
    
    RUNNING HANDLER [restart_ssh] ******************************************************
    changed: [server01]
    changed: [server02]
    changed: [server03]
    
    PLAY RECAP *************************************************************************
    server01    : ok=7    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    server02    : ok=7    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    server03    : ok=7    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    

    Sanity check

    Finally run the ansible command with ping module

    $ ansible all -i inventory.ini -m ping
    server01 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
    server02 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
    server03 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }
    
    propulsed by hugo and hugo-theme-gists