Ansible Setup¶

Installation¶

Megaphone Ansible scripts assume Ansible 2.4+. If you're using Debian 9, install Ansible from backports.

sudo apt install ansible pass expect
sudo pip2 install python-linode #Needed for generating Linode VMs on the fly

# Debian 9:
sudo apt install -t stretch-backports ansible

Configuration¶

Create an ansible.log file and make it world-writable:

sudo touch /var/log/ansible.log
sudo chmod a+w /var/log/ansible.log   

Clone the password repo:

mkdir $HOME/.password-store && cd $HOME/.password-store
git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git .
# For security reasons, explicitly set the GPG keys who can decrypt passwords you create
cp .gpg-id.example .gpg-id

TODO: Git clone the ansible and passwords repos to the appropriate place; copy ~/.passsword-store/.gpg.id.example to .gpg-id.

Localhost setup¶

[Note: You only need this to start managing your OWN host via Ansible, not to use Ansible to manage other servers]

• sudo apt install acl (This simplifies becoming an unprivileged user)
• After adding your local computer to the Server List, create a folder for it in <ansibleroot>/group_vars. Set any reasonable defaults, in particular ansible_authorized_keys. This mitigates the security issue of having passwordless sudo access on each other's localhosts.