Revision of default-ubuntu-server.md

1 file changed, 1 insertion, 1 deletion

default-ubuntu-server.md

			@@ -44,7 +44,7 @@ sudo passwd -l ansible
44	44		echo 'ansible ALL=(ALL) NOPASSWD: ALL' \| sudo tee /etc/sudoers.d/ansible
45	45		sudo chmod 440 /etc/sudoers.d/ansible
46	46		```
47		-	# allow root og add keys
	47	+	# allow root og add keys (kun poensearch)
48	48		Fordi opensearch kræver root for ansible deployment.
49	49
50	50		```bash

1 file changed, 11 insertions

default-ubuntu-server.md

			@@ -44,6 +44,17 @@ sudo passwd -l ansible
44	44		echo 'ansible ALL=(ALL) NOPASSWD: ALL' \| sudo tee /etc/sudoers.d/ansible
45	45		sudo chmod 440 /etc/sudoers.d/ansible
46	46		```
	47	+	# allow root og add keys
	48	+	Fordi opensearch kræver root for ansible deployment.
	49	+
	50	+	```bash
	51	+	sudo mkdir -p /root/.ssh
	52	+	sudo chmod 700 /root/.ssh
	53	+	echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDheyyD3YcdX9nEY86UsTJyECxXnqOdoUc2jumPKFBvZ root@ansible' \| sudo tee /root/.ssh/authorized_keys
	54	+	sudo chmod 600 /root/.ssh/authorized_keys
	55	+	sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
	56	+	sudo systemctl restart ssh
	57	+	```
47	58
48	59
49	60		# REST IS DONE WITH ANSIBLE <3

1 file changed, 3 insertions, 6 deletions

default-ubuntu-server.md

			@@ -1,9 +1,3 @@
1		-	# qemu tools
2		-
3		-	```bash
4		-	sudo apt-get install qemu-guest-agent
5		-	```
6		-
7	1		# with lvm utilize entire disk:
8	2
9	3		```bash
			@@ -50,3 +44,6 @@ sudo passwd -l ansible
50	44		echo 'ansible ALL=(ALL) NOPASSWD: ALL' \| sudo tee /etc/sudoers.d/ansible
51	45		sudo chmod 440 /etc/sudoers.d/ansible
52	46		```
	47	+
	48	+
	49	+	# REST IS DONE WITH ANSIBLE <3

1 file changed, 4 insertions, 7 deletions

default-ubuntu-server.md

			@@ -34,7 +34,7 @@ df -h \| grep /mnt/log
34	34		sudo lvs
35	35		```
36	36
37		-	# add ansible account
	37	+	# add ansible account, add keys, disable passwword login, allow sudo without password
38	38
39	39		```bash
40	40		sudo adduser --disabled-password --gecos "" ansible
			@@ -42,14 +42,11 @@ sudo usermod -aG sudo ansible
42	42		sudo mkdir -p /home/ansible/.ssh
43	43		sudo chown ansible:ansible /home/ansible/.ssh
44	44		sudo chmod 700 /home/ansible/.ssh
45		-	```
46		-
47		-	## add keys and disable password login
48		-
49		-	```bash
50	45		echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDheyyD3YcdX9nEY86UsTJyECxXnqOdoUc2jumPKFBvZ root@ansible
51	46		' \| sudo tee /home/ansible/.ssh/authorized_keys
52	47		sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
53	48		sudo chmod 600 /home/ansible/.ssh/authorized_keys
54	49		sudo passwd -l ansible
55		-	```
	50	+	echo 'ansible ALL=(ALL) NOPASSWD: ALL' \| sudo tee /etc/sudoers.d/ansible
	51	+	sudo chmod 440 /etc/sudoers.d/ansible
	52	+	```

1 file changed, 2 insertions, 1 deletion

default-ubuntu-server.md

			@@ -44,11 +44,12 @@ sudo chown ansible:ansible /home/ansible/.ssh
44	44		sudo chmod 700 /home/ansible/.ssh
45	45		```
46	46
47		-	## add keys
	47	+	## add keys and disable password login
48	48
49	49		```bash
50	50		echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDheyyD3YcdX9nEY86UsTJyECxXnqOdoUc2jumPKFBvZ root@ansible
51	51		' \| sudo tee /home/ansible/.ssh/authorized_keys
52	52		sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
53	53		sudo chmod 600 /home/ansible/.ssh/authorized_keys
	54	+	sudo passwd -l ansible
54	55		```

1 file changed, 1 insertion, 1 deletion

default-ubuntu-server.md

			@@ -46,7 +46,7 @@ sudo chmod 700 /home/ansible/.ssh
46	46
47	47		## add keys
48	48
49		-	``bash
	49	+	```bash
50	50		echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDheyyD3YcdX9nEY86UsTJyECxXnqOdoUc2jumPKFBvZ root@ansible
51	51		' \| sudo tee /home/ansible/.ssh/authorized_keys
52	52		sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys

1 file changed, 1 insertion, 1 deletion

default-ubuntu-server.md

			@@ -42,7 +42,7 @@ sudo usermod -aG sudo ansible
42	42		sudo mkdir -p /home/ansible/.ssh
43	43		sudo chown ansible:ansible /home/ansible/.ssh
44	44		sudo chmod 700 /home/ansible/.ssh
45		-	``
	45	+	```
46	46
47	47		## add keys
48	48

1 file changed, 2 insertions, 1 deletion

default-ubuntu-server.md

			@@ -45,7 +45,8 @@ sudo chmod 700 /home/ansible/.ssh
45	45		``
46	46
47	47		## add keys
48		-	```bash
	48	+
	49	+	``bash
49	50		echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDheyyD3YcdX9nEY86UsTJyECxXnqOdoUc2jumPKFBvZ root@ansible
50	51		' \| sudo tee /home/ansible/.ssh/authorized_keys
51	52		sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys

1 file changed, 9 insertions, 1 deletion

default-ubuntu-server.md

			@@ -42,4 +42,12 @@ sudo usermod -aG sudo ansible
42	42		sudo mkdir -p /home/ansible/.ssh
43	43		sudo chown ansible:ansible /home/ansible/.ssh
44	44		sudo chmod 700 /home/ansible/.ssh
45		-	``
	45	+	``
	46	+
	47	+	## add keys
	48	+	```bash
	49	+	echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDheyyD3YcdX9nEY86UsTJyECxXnqOdoUc2jumPKFBvZ root@ansible
	50	+	' \| sudo tee /home/ansible/.ssh/authorized_keys
	51	+	sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
	52	+	sudo chmod 600 /home/ansible/.ssh/authorized_keys
	53	+	```

1 file changed, 11 insertions, 1 deletion

default-ubuntu-server.md

			@@ -32,4 +32,14 @@ Confirm:
32	32		lsblk
33	33		df -h \| grep /mnt/log
34	34		sudo lvs
35		-	```
	35	+	```
	36	+
	37	+	# add ansible account
	38	+
	39	+	```bash
	40	+	sudo adduser --disabled-password --gecos "" ansible
	41	+	sudo usermod -aG sudo ansible
	42	+	sudo mkdir -p /home/ansible/.ssh
	43	+	sudo chown ansible:ansible /home/ansible/.ssh
	44	+	sudo chmod 700 /home/ansible/.ssh
	45	+	``