Ansible

General

Bootstrapping

Any tips on how to improve this would be appreciated

The scenario. You boot up a VPS and only have root access over SSH. You're told to turn off root access over SSH, so how do you setup ansible to be in a position to rerun without root?

Step 1

Create a bootstrap.yml playbook. Use this to create a privileged user and add your SSH key.

playbooks/bootstrap.yml
---
- hosts: all
remote_user: root
roles:
- bootstrap

Here's what the bootstrap role consists of ...

playbooks/roles/bootstrap/tasks/main.yml
---
- name: user (mathew)
user:
name: mathew
comment: Mathew Davies
password:
group: sudo
shell: /bin/bash
- name: authorized key (mathew)
authorized_key:
user: mathew
state: present
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"

Step 2

This is your main playbook you run as the user you create in bootstrap.yml, then you elevate permissions using become: true where required.

playbooks/playbook.yml
---
- hosts: all
remote_user: mathew
become: true
roles:
- common

Use --ask-become-pass so you can become root when required.

ansible-playbook playbooks/playbook.yml --ask-become-pass

Inventory

Tips and tricks used in my ansible inventories.

Terraform

My ansible inventory is dynamically generated from Terraform. You can see how that works over at Generating Ansible Inventory page in Terraform.

Variables

Something for me as I keep forgetting. Being able to set variables on a host in an inventory. I typically use these in conjunction with Terraform.

[nomad_client]
127.0.0.1 ipv4_address_private=10.0.0.0 ipv4_address_floating=127.0.0.1