Ansible Setup » History » Revision 13
Revision 12 (Jon Goldberg, 04/03/2018 07:57 PM) → Revision 13/32 (Jon Goldberg, 07/19/2020 07:06 PM)
# Ansible Setup ### Installation Megaphone Ansible setup is now done through scripts assume Ansible itself plus a short bootstrap script. 2.4+. Please check earlier revisions of this page for manual setup. If you're using Debian 9, install Ansible from backports. ### Prerequisites ```bash * You have sudo installed and you have apt install ansible pass expect sudo permissions. * You have a GPG key pair and SSH key pair on this computer. * Your SSH public key pip2 install python-linode #Needed for this computer must be added to your Gitea account. Ideally it's also generating Linode VMs on other servers. * Your GPG public key must be added to the pass database, and it must be signed by Jon. fly NOTE: You can bootstrap without adding your server to crm.megaphonetech.com, but after bootstrap your server must be in the inventory. ### Bootstrap script # Debian 9: Run these commands: ```shell sudo apt install -t stretch-backports ansible git git clone https://github.com/MegaphoneJon/ansible-main.git ansible ``` ### Configuration Clone the password repo: ```bash mkdir $HOME/.password-store && cd ansible $HOME/.password-store git submodule init clone ssh://git@git.megaphonetech.com:10022/megaphone/passwords.git . git submodule sync git submodule update # If this server has no desktop environment, you'll probably need to start ssh-agent manually. Otherwise skip For security reasons, explicitly set the next 2 commands. GPG keys who can decrypt passwords you create eval "$(ssh-agent)" cp .gpg-id.example .gpg-id # This command will prompt you for your SSH passphrase. ``` ssh-add # run Clone the bootstrap. You'll be prompted for your 'BECOME password'; it's your user pw (for sudo). ansible repo: ```bash ansible-playbook localhost-bootstrap.yml --ask-become-pass git clone ssh://git@git.megaphonetech.com:10022/megaphone/ansible.git ``` Once Create an ansible.log file and make it world-writable: ```bash sudo touch /var/log/ansible.log sudo chmod a+w /var/log/ansible.log ``` ### Localhost setup [Note: You only need this is done you can to start managing your OWN host via Ansible, not to use Ansible normally. to manage other servers] * `sudo apt install acl` (This simplifies [becoming an unprivileged user](http://docs.ansible.com/ansible/latest/user_guide/become.html)) * After adding your local computer to the [Server List](https://crm.megaphonetech.com/server-list), create a folder for it in `<ansibleroot>/group_vars`. Set any reasonable defaults, in particular `ansible_authorized_keys`. This mitigates the security issue of having passwordless sudo access on each other's localhosts.