Afficher la pageAnciennes révisionsLiens de retourExportation ODTHaut de page Cette page est en lecture seule. Vous pouvez afficher le texte source, mais ne pourrez pas le modifier. Contactez votre administrateur si vous pensez qu'il s'agit d'une erreur. ====== Initial configuration ====== ===== Clone our ansible-roles repo ===== <code bash> git clone https://git.fws.fr/fws/ansible-roles.git cd ansible-roles </code> ===== Create the configuration directories ===== Those directories will holds configurations of your hosts, groups etc. <code bash> # This dir will contain your hosts inventories mkdir inventories # This one will contain vars for individual hosts mkdir host_vars # This one will contain vars for group of hosts mkdir group_vars # Will contain SSH related stuff mkdir ssh </code> ===== Create an SSH key pair ===== The public key will have to be configured on the hosts you want to manage <code bash> ssh-keygen -t rsa -b 4096 -f ssh/id_rsa </code> <note important>It's advised to protect the private key with a password</note> ===== Create your inventory file ===== This inventory will contains all the hosts you manage with ansible. You can have several inventories (eg, one per client). For example **inventories/fws.ini**. Here I create a single group of hosts named fws. And a single host **proxyin.fws.fr** <code ini> [fws] proxyin.fws.fr </code> ===== Setup the host to be managed ===== On the machine proxyin.fws.fr, we have to configure a few things : * Create a user named ansible * Grant ansible full access to the system with sudo * Configure the public SSH key on this ansible user account <code bash> useradd -m ansible mkdir ~ansible/.ssh cat <<_EOF > ~ansible/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCj9d6jDy0m7xtqGfR0ywyXnq0lRfqqP0TzBhvCI4rcrJaDSLyA5/mnme0TLfy6YsOUZq2bl/9ZMr4mq4Yw23CGDDha4XR2SUWuKzzkCvvGvDwy0qXUhwsT2tafknCPFDv91bAL5DvWae/Bv/jwhVc/116ICYJOBnxljkD2M6xbnJE92uCkgzSvthuWwBZsT5Oh/ofxHWhpcRISZeWZ70l1/U6jr7nJeBDX8p+uLKpBb+VNywtTmgnFbrS1HSc9MWkWNV7GrrZgXS5DumdKm5uX7IkSKsPNWtKHdC4M7OskqIjK9Fdp1mvI2fOaeJ4/20u45ojaltKy+4Xu7XxqZR3/FCugrlBujyXPRQZQUiYBAqjaWL6KRNxXEBNB8Om2n8+rRv4jKZ6VVbXi+8yJ5Iqp8HWlUNAUfOzBT3O5cV1UUAEke5INJnmiuojsHk9MhWoqwQ71FmcvYTpAAPtT+SdmF2nK1jrC7Nea4ODdFksN799zg4Kfyb8Vuv/F+nL/5wKwmwI5B5NmoCtrt4ZY8PMn/J/tT4cjkSjhQZjbN4KcCFSjf5vKPE70/iUQWB3C9dqz0+bmqx0Q+zTMHkEGHIgVE/jl02CvoXPnCoEd8rVG08Koqh4TDLnr6trEHueKE3FCXK1b3pIjpbzQ6Ytg4Pq4NkbMMOQAlYN0AR7i+rvngQ== ansible@firewall-services.com _EOF chown -R ansible:ansible ~ansible/.ssh/ chmod 700 ~ansible/.ssh/ chmod 600 ~ansible/.ssh/authorized_keys cat <<_EOF > /etc/sudoers.d/ansible Defaults:ansible !requiretty ansible ALL=(ALL) NOPASSWD: ALL _EOF chmod 600 /etc/sudoers.d/ansible </code> <note important>Of course, adapt this to your own public SSH key !</note> ===== Connect a first time ===== The first time you connect, you have to validate the SSH host key, so, let's do it once, and check everything is OK <code bash> ansible -m setup -i inventories/fws.ini proxyin.fws.fr </code> You should be prompted to accept the SSH key (which will be recorded in ssh/known_hosts), and ansible will output some info about your host. Your now ready to play ! ansible/basic/start.txt Dernière modification: 12/02/2021 15:35de dani