Project

General

Profile

Ansible Setup » History » Version 11

Jon Goldberg, 04/03/2018 07:54 PM

1 1 Jon Goldberg
# Ansible Setup
2
3 5 Jon Goldberg
### Installation
4 2 Jon Goldberg
Megaphone Ansible scripts assume Ansible 2.4+.  If you're using Debian 9, install Ansible from backports.
5
6 1 Jon Goldberg
```bash
7 3 Jon Goldberg
sudo apt install ansible pass expect
8 1 Jon Goldberg
sudo pip2 install python-linode #Needed for generating Linode VMs on the fly
9 9 Jon Goldberg
10 1 Jon Goldberg
# Debian 9:
11 4 Jon Goldberg
sudo apt install -t stretch-backports ansible
12 2 Jon Goldberg
```
13 5 Jon Goldberg
14 6 Jon Goldberg
### Configuration
15 11 Jon Goldberg
Clone the password repo:
16
17
```bash
18
mkdir $HOME/.password-store && cd $HOME/.password-store
19
git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git .
20
```
21
Clone the ansible repo:
22
23
```bash
24
git clone ssh://git@git.megaphonetech.com:10022/megaphone/ansible.git
25
```
26
27 9 Jon Goldberg
Create an ansible.log file and make it world-writable:
28
29 10 Jon Goldberg
```bash
30 1 Jon Goldberg
sudo touch /var/log/ansible.log
31 10 Jon Goldberg
sudo chmod a+w /var/log/ansible.log   
32
```
33
34 11 Jon Goldberg
35 10 Jon Goldberg
# For security reasons, explicitly set the GPG keys who can decrypt passwords you create
36
cp .gpg-id.example .gpg-id
37
```
38 9 Jon Goldberg
39 6 Jon Goldberg
TODO: Git clone the `ansible` and `passwords` repos to the appropriate place; copy `~/.passsword-store/.gpg.id.example to .gpg-id`.
40
41 5 Jon Goldberg
### Localhost setup
42
[Note: You only need this to start managing your OWN host via Ansible, not to use Ansible to manage other servers]
43 8 Jon Goldberg
44 1 Jon Goldberg
* `sudo apt install acl` (This simplifies [becoming an unprivileged user](http://docs.ansible.com/ansible/latest/user_guide/become.html))
45 8 Jon Goldberg
* After adding your local computer to the [Server List](https://crm.megaphonetech.com/server-list), create a folder for it in `<ansibleroot>/group_vars`.  Set any reasonable defaults, in particular `ansible_authorized_keys`.  This mitigates the security issue of having passwordless sudo access on each other's localhosts.