Ansible Setup¶

Installation¶

Megaphone Ansible scripts assume Ansible 2.4+. If you're using Debian 9, install Ansible from backports.

sudo apt install ansible pass expect
sudo pip2 install python-linode #Needed for generating Linode VMs on the fly

# Debian 9:
sudo apt install -t stretch-backports ansible

Configuration¶

Clone the password repo:

mkdir $HOME/.password-store && cd $HOME/.password-store
git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git .

Clone the ansible repo:

git clone ssh://git@git.megaphonetech.com:10022/megaphone/ansible.git

Create an ansible.log file and make it world-writable:

sudo touch /var/log/ansible.log
sudo chmod a+w /var/log/ansible.log   

For security reasons, explicitly set the GPG keys who can decrypt passwords you create¶

cp .gpg-id.example .gpg-id

TODO: Git clone the `ansible` and `passwords` repos to the appropriate place; copy `~/.passsword-store/.gpg.id.example to .gpg-id`.

### Localhost setup
[Note: You only need this to start managing your OWN host via Ansible, not to use Ansible to manage other servers]

* `sudo apt install acl` (This simplifies [becoming an unprivileged user](http://docs.ansible.com/ansible/latest/user_guide/become.html))
* After adding your local computer to the [Server List](https://crm.megaphonetech.com/server-list), create a folder for it in `<ansibleroot>/group_vars`.  Set any reasonable defaults, in particular `ansible_authorized_keys`.  This mitigates the security issue of having passwordless sudo access on each other's localhosts.