Favorisieren 0
Fork 0

Zuletzt aktiv 8 months ago

Gjorret hat die Gist bearbeitet 8 months ago. Zu Änderung gehen

1 file changed, 18 insertions

setup-ansible.md

@@ -15,6 +15,24 @@ echo 'ansible ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/ansible
15 15 sudo chmod 440 /etc/sudoers.d/ansible
16 16 ```
17 17
18 + # Deploy runbook
19 + Run the following runbook with e.g.
20 + ```sh
21 + ansible-playbook -i hosts.ini default-installation.yml
22 + ```
23 +
24 + # hosts.ini
25 + ```yaml
26 + root@ansible:~/ansible# cat hosts.ini
27 + [logservers]
28 + log1.h0me.dk ansible_user=ansible
29 + log2.h0me.dk ansible_user=ansible
30 + log3.h0me.dk ansible_user=ansible
31 + log4.h0me.dk ansible_user=ansible
32 + log5.h0me.dk ansible_user=ansible
33 + log6.h0me.dk ansible_user=ansible
34 + ```
35 +
18 36 # Default ansible runbook:
19 37 Just an example of simple runbook.
20 38 Requires .zshrc file

Gjorret hat die Gist bearbeitet 8 months ago. Zu Änderung gehen

1 file changed, 99 insertions

setup-ansible.md(Datei erstellt)

@@ -0,0 +1,99 @@
1 + # Account
2 + Run this on the server end server to add ansible user with outpassword, ssh key only.
3 + ```sh
4 + sudo adduser --disabled-password --gecos "" ansible
5 + sudo usermod -aG sudo ansible
6 + sudo mkdir -p /home/ansible/.ssh
7 + sudo chown ansible:ansible /home/ansible/.ssh
8 + sudo chmod 700 /home/ansible/.ssh
9 + echo '<ssh-key>
10 + ' | sudo tee /home/ansible/.ssh/authorized_keys
11 + sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
12 + sudo chmod 600 /home/ansible/.ssh/authorized_keys
13 + sudo passwd -l ansible
14 + echo 'ansible ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/ansible
15 + sudo chmod 440 /etc/sudoers.d/ansible
16 + ```
17 +
18 + # Default ansible runbook:
19 + Just an example of simple runbook.
20 + Requires .zshrc file
21 +
22 + ```yaml
23 + root@ansible:~/ansible# cat default-installation.yml
24 + - name: Install default stuff
25 + hosts: logservers,otherservers
26 + become: true
27 + tasks:
28 + - name: Update APT package cache
29 + apt:
30 + update_cache: yes
31 + cache_valid_time: 3600 # Only re-check if cache is older than 1 hour
32 +
33 + - name: Upgrade all packages
34 + apt:
35 + upgrade: dist
36 +
37 + - name: Autoremove unused packages
38 + apt:
39 + autoremove: yes
40 +
41 + - name: Install apps with apt
42 + apt:
43 + name:
44 + - ipcalc
45 + - zsh
46 + - fortune
47 + - cowsay
48 + - chroma
49 + - python3-pygments
50 + - tmux
51 + - qemu-guest-agent
52 + # - default-jdk
53 +
54 + state: present
55 + update_cache: true
56 +
57 + - name: Set zsh as default shell for rasmus
58 + user:
59 + name: rasmus
60 + shell: /usr/bin/zsh
61 +
62 + - name: Install oh-my-zsh for rasmus (root install method)
63 + shell: |
64 + curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh | bash -s -- --unattended
65 + args:
66 + chdir: /home/rasmus
67 + executable: /bin/bash
68 + creates: /home/rasmus/.oh-my-zsh
69 + environment:
70 + HOME: /home/rasmus
71 +
72 + - name: Fix ownership of oh-my-zsh files for rasmus
73 + file:
74 + path: /home/rasmus/.oh-my-zsh
75 + state: directory
76 + recurse: true
77 + owner: rasmus
78 + group: rasmus
79 +
80 + - name: Copy custom .zshrc to rasmus' home
81 + copy:
82 + src: files/zshrc
83 + dest: /home/rasmus/.zshrc
84 + owner: rasmus
85 + group: rasmus
86 + mode: '0644'
87 +
88 + - name: Ensure .ssh directory exists for rasmus
89 + file:
90 + path: /home/rasmus/.ssh
91 + state: directory
92 + owner: rasmus
93 + group: rasmus
94 + mode: '0700'
95 +
96 + - name: Add SSH keys from laptop and workstation to rasmus' authorized_keys
97 + authorized_key:
98 + user: rasmus
99 + ```
Neuer Älter

Powered by Opengist Load: 12ms

Deutsch