Ansible Setup » History » Revision 11
Revision 10 (Jon Goldberg, 04/03/2018 07:52 PM) → Revision 11/32 (Jon Goldberg, 04/03/2018 07:54 PM)
# Ansible Setup ### Installation Megaphone Ansible scripts assume Ansible 2.4+. If you're using Debian 9, install Ansible from backports. ```bash sudo apt install ansible pass expect sudo pip2 install python-linode #Needed for generating Linode VMs on the fly # Debian 9: sudo apt install -t stretch-backports ansible ``` ### Configuration Clone the password repo: ```bash mkdir $HOME/.password-store && cd $HOME/.password-store git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git . ``` Clone the ansible repo: ```bash git clone ssh://git@git.megaphonetech.com:10022/megaphone/ansible.git ``` Create an ansible.log file and make it world-writable: ```bash sudo touch /var/log/ansible.log sudo chmod a+w /var/log/ansible.log ``` Clone the password repo: ```bash mkdir $HOME/.password-store && cd $HOME/.password-store git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git . # For security reasons, explicitly set the GPG keys who can decrypt passwords you create cp .gpg-id.example .gpg-id ``` TODO: Git clone the `ansible` and `passwords` repos to the appropriate place; copy `~/.passsword-store/.gpg.id.example to .gpg-id`. ### Localhost setup [Note: You only need this to start managing your OWN host via Ansible, not to use Ansible to manage other servers] * `sudo apt install acl` (This simplifies [becoming an unprivileged user](http://docs.ansible.com/ansible/latest/user_guide/become.html)) * After adding your local computer to the [Server List](https://crm.megaphonetech.com/server-list), create a folder for it in `<ansibleroot>/group_vars`. Set any reasonable defaults, in particular `ansible_authorized_keys`. This mitigates the security issue of having passwordless sudo access on each other's localhosts.