Megaphone Commons

# Ansible Setup

### Installation

Megaphone Ansible scripts assume Ansible 2.4+.  If you're using Debian 9, install Ansible from backports.

```bash

sudo apt install ansible pass expect

sudo pip2 install python-linode #Needed for generating Linode VMs on the fly

# Debian 9:

sudo apt install -t stretch-backports ansible

```

### Configuration

Clone the password repo:

```bash

mkdir $HOME/.password-store && cd $HOME/.password-store

git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git .

```

Clone the ansible repo:

```bash

git clone ssh://git@git.megaphonetech.com:10022/megaphone/ansible.git

```

Create an ansible.log file and make it world-writable:

```bash

sudo touch /var/log/ansible.log

sudo chmod a+w /var/log/ansible.log   

```

# For security reasons, explicitly set the GPG keys who can decrypt passwords you create

cp .gpg-id.example .gpg-id

```

TODO: Git clone the `ansible` and `passwords` repos to the appropriate place; copy `~/.passsword-store/.gpg.id.example to .gpg-id`.

### Localhost setup

[Note: You only need this to start managing your OWN host via Ansible, not to use Ansible to manage other servers]

* `sudo apt install acl` (This simplifies [becoming an unprivileged user](http://docs.ansible.com/ansible/latest/user_guide/become.html))

* After adding your local computer to the [Server List](https://crm.megaphonetech.com/server-list), create a folder for it in `<ansibleroot>/group_vars`.  Set any reasonable defaults, in particular `ansible_authorized_keys`.  This mitigates the security issue of having passwordless sudo access on each other's localhosts.