Ansible

General

Bootstrapping

Any tips on how to improve this would be appreciated

The scenario. You boot up a VPS and only have root access over SSH. You're told to turn off root access over SSH, so how do you setup ansible to be in a position to rerun without root?

Step 1

Create a bootstrap.yml playbook. Use this to create a privileged user and add your SSH key.

playbooks/bootstrap.yml

---
- hosts: all
  remote_user: root
  roles:
    - bootstrap

Here's what the bootstrap role consists of ...

playbooks/roles/bootstrap/tasks/main.yml

---
- name: user (mathew)
  user:
    name: mathew
    comment: Mathew Davies
    password: 
    group: sudo
    shell: /bin/bash

- name: authorized key (mathew)
  authorized_key:
    user: mathew
    state: present
    key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"

Step 2

This is your main playbook you run as the user you create in bootstrap.yml, then you elevate permissions using become: true where required.

playbooks/playbook.yml

---
- hosts: all
  remote_user: mathew
  become: true
  roles:
    - common

Use --ask-become-pass so you can become root when required.

ansible-playbook playbooks/playbook.yml --ask-become-pass

Inventory

Tips and tricks used in my ansible inventories.

Terraform

My ansible inventory is dynamically generated from Terraform. You can see how that works over at Generating Ansible Inventory page in Terraform.

Variables

Something for me as I keep forgetting. Being able to set variables on a host in an inventory. I typically use these in conjunction with Terraform.

[nomad_client]
127.0.0.1 ipv4_address_private=10.0.0.0 ipv4_address_floating=127.0.0.1

PreviousDocker NextTerraform

Last updated 4 years ago