setting up a new system with Ansible

Ed_Wong · July 22, 2020, 1:22am

Hi,

I’ve played with Ansible before but hadn’t really done much in terms of maintaining a whole infrastructure. I’m hoping to restart my foray into it in hopes to migrate off of the old way of standing up systems. I wish to migrate to using Ansible to manage the whole infrastructure. That said, I’m starting off simple. I’m not touching the existing systems. I have a basic control node and just set up a minimal CentOS 7 system.

Here is where i"m a tad bit confused in what I need to do and if someone can clarify things, I’d be appreciated.

Is the following process correct?

Log on to Alpha and create a new user, say automation.
create ssh keys for automation.
allow automation to have sudo access w/ no password.
copy ssh credentials to control node.

Is this the very first thing one does for every new system? (Granted, I won’t need to create new ssh-keys as I just need to copy the original ones to the new system).
My understanding of this process is that in order to manage any system, I need a user that can have access to said system. Once I have that user set up properly,
I won’t need to even log in manually to do things.

Thanks for the clarifications.

Ed

jcpetro · July 22, 2020, 7:36pm

That is pretty close to what I am doing. The only thing I want to do differently, is that I want to lock the automation account, so that it’s only accepted from a specific host. ( ie. the ansible control node)

–jp

Gildas_Cotomale · July 23, 2020, 6:52am

Just tailor the authorized_keys file to restrict to the control node IP and you’re done

Gildas_Cotomale · July 23, 2020, 6:58am

Here is where i"m a tad bit confused in what I need to do and if someone can clarify things, I’d be appreciated.

Is the following process correct?

Yes Ed, the steps you’ve listed are fine.

Log on to Alpha and create a new user, say automation.

create ssh keys for automation.

allow automation to have sudo access w/ no password.

copy ssh credentials to control node.

Is this the very first thing one does for every new system? (Granted, I won’t need to create new ssh-keys as I just need to copy the original ones to the new system).
My understanding of this process is that in order to manage any system, I need a user that can have access to said system. Once I have that user set up properly,
I won’t need to even log in manually to do things.

Correct.

jcpetro · July 23, 2020, 4:17pm

Oh, that’s a good idea, thanks for the suggestion. I hadn’t thought about that one

Ed_Wong · July 24, 2020, 12:53am

Hi Gildas,

Thanks for the info. Much appreciated.

Ed

Topic		Replies	Views
I promise you.... I'm pretty smart!! Ansible Project	1	0	January 27, 2017
Set up authorized_keys for purely new machine. Ansible Project azure	0	0	September 8, 2015
Understanding security - "your keys are still locked and no one can take control of your nodes." Ansible Project	8	0	January 13, 2013
ansible central-authority automated runs Ansible Project	1	2	October 9, 2012
Bootstrapping question - modules, role, or something else? Ansible Project ubuntu	4	1	December 31, 2013

setting up a new system with Ansible

Related topics