Any tips on how to improve this would be appreciated
The scenario. You boot up a VPS and only have root access over SSH. You're told to turn off root access over SSH, so how do you setup ansible to be in a position to rerun without root?
Create a bootstrap.yml playbook. Use this to create a privileged user and add your SSH key.
playbooks/bootstrap.yml---- hosts: allremote_user: rootroles:- bootstrap
Here's what the bootstrap role consists of ...
playbooks/roles/bootstrap/tasks/main.yml---- name: user (mathew)user:name: mathewcomment: Mathew Daviespassword:group: sudoshell: /bin/bash​- name: authorized key (mathew)authorized_key:user: mathewstate: presentkey: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
This is your main playbook you run as the user you create in bootstrap.yml, then you elevate permissions using become: true where required.
playbooks/playbook.yml---- hosts: allremote_user: mathewbecome: trueroles:- common
Use --ask-become-pass so you can become root when required.
ansible-playbook playbooks/playbook.yml --ask-become-pass
Tips and tricks used in my ansible inventories.
My ansible inventory is dynamically generated from Terraform. You can see how that works over at Generating Ansible Inventory page in Terraform.
Something for me as I keep forgetting. Being able to set variables on a host in an inventory. I typically use these in conjunction with Terraform.
[nomad_client]127.0.0.1 ipv4_address_private=10.0.0.0 ipv4_address_floating=127.0.0.1