Project

General

Profile

Ansible Setup » History » Revision 11

Revision 10 (Jon Goldberg, 04/03/2018 07:52 PM) → Revision 11/32 (Jon Goldberg, 04/03/2018 07:54 PM)

# Ansible Setup 

 ### Installation 
 Megaphone Ansible scripts assume Ansible 2.4+.    If you're using Debian 9, install Ansible from backports. 

 ```bash 
 sudo apt install ansible pass expect 
 sudo pip2 install python-linode #Needed for generating Linode VMs on the fly 

 

 # Debian 9: 
 sudo apt install -t stretch-backports ansible 
 ``` 

 ### Configuration 
 Clone the password repo: 

 ```bash 
 mkdir $HOME/.password-store && cd $HOME/.password-store 
 git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git . 
 ``` 
 Clone the ansible repo: 

 ```bash 
 git clone ssh://git@git.megaphonetech.com:10022/megaphone/ansible.git 
 ``` 

 Create an ansible.log file and make it world-writable: 

 ```bash 
 sudo touch /var/log/ansible.log 
 sudo chmod a+w /var/log/ansible.log    
 ``` 


 
 Clone the password repo: 

 ```bash 
 mkdir $HOME/.password-store && cd $HOME/.password-store 
 git clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git . 
 # For security reasons, explicitly set the GPG keys who can decrypt passwords you create 
 cp .gpg-id.example .gpg-id 
 ``` 

 TODO: Git clone the `ansible` and `passwords` repos to the appropriate place; copy `~/.passsword-store/.gpg.id.example to .gpg-id`. 

 ### Localhost setup 
 [Note: You only need this to start managing your OWN host via Ansible, not to use Ansible to manage other servers] 

 * `sudo apt install acl` (This simplifies [becoming an unprivileged user](http://docs.ansible.com/ansible/latest/user_guide/become.html)) 
 * After adding your local computer to the [Server List](https://crm.megaphonetech.com/server-list), create a folder for it in `<ansibleroot>/group_vars`.    Set any reasonable defaults, in particular `ansible_authorized_keys`.    This mitigates the security issue of having passwordless sudo access on each other's localhosts.