Différences

Ci-dessous, les différences entre deux révisions de la page.

--- basic:start [12/02/2021 15:35]
dani supprimée
+++ — (Version actuelle)
@@ Ligne 1: / Ligne 1: @@
-====== Initial configuration ======
-===== Clone our ansible-roles repo =====
-<code bash>
-git clone https://git.fws.fr/fws/ansible-roles.git
-cd ansible-roles
-</code>
-===== Create the configuration directories =====
-Those directories will holds configurations of your hosts, groups etc.
-<code bash>
-# This dir will contain your hosts inventories
-mkdir inventories
-# This one will contain vars for individual hosts
-mkdir host_vars
-# This one will contain vars for group of hosts
-mkdir group_vars
-# Will contain SSH related stuff
-mkdir ssh
-</code>
-===== Create an SSH key pair =====
-The public key will have to be configured on the hosts you want to manage
-<code bash>
-ssh-keygen -t rsa -b 4096 -f ssh/id_rsa
-</code>
-<note important>It's advised to protect the private key with a password</note>
-===== Create your inventory file =====
-This inventory will contains all the hosts you manage with ansible. You can have several inventories (eg, one per client). For example **inventories/fws.ini**. Here I create a single group of hosts named fws. And a single host **proxyin.fws.fr**
-<code ini>
-[fws]
-proxyin.fws.fr
-</code>
-===== Setup the host to be managed =====
-On the machine proxyin.fws.fr, we have to configure a few things :
-  * Create a user named ansible
-  * Grant ansible full access to the system with sudo
-  * Configure the public SSH key on this ansible user account
-<code bash>
-useradd -m ansible
-mkdir ~ansible/.ssh
-cat <<_EOF > ~ansible/.ssh/authorized_keys
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCj9d6jDy0m7xtqGfR0ywyXnq0lRfqqP0TzBhvCI4rcrJaDSLyA5/mnme0TLfy6YsOUZq2bl/9ZMr4mq4Yw23CGDDha4XR2SUWuKzzkCvvGvDwy0qXUhwsT2tafknCPFDv91bAL5DvWae/Bv/jwhVc/116ICYJOBnxljkD2M6xbnJE92uCkgzSvthuWwBZsT5Oh/ofxHWhpcRISZeWZ70l1/U6jr7nJeBDX8p+uLKpBb+VNywtTmgnFbrS1HSc9MWkWNV7GrrZgXS5DumdKm5uX7IkSKsPNWtKHdC4M7OskqIjK9Fdp1mvI2fOaeJ4/20u45ojaltKy+4Xu7XxqZR3/FCugrlBujyXPRQZQUiYBAqjaWL6KRNxXEBNB8Om2n8+rRv4jKZ6VVbXi+8yJ5Iqp8HWlUNAUfOzBT3O5cV1UUAEke5INJnmiuojsHk9MhWoqwQ71FmcvYTpAAPtT+SdmF2nK1jrC7Nea4ODdFksN799zg4Kfyb8Vuv/F+nL/5wKwmwI5B5NmoCtrt4ZY8PMn/J/tT4cjkSjhQZjbN4KcCFSjf5vKPE70/iUQWB3C9dqz0+bmqx0Q+zTMHkEGHIgVE/jl02CvoXPnCoEd8rVG08Koqh4TDLnr6trEHueKE3FCXK1b3pIjpbzQ6Ytg4Pq4NkbMMOQAlYN0AR7i+rvngQ== ansible@firewall-services.com
-_EOF
-chown -R ansible:ansible ~ansible/.ssh/
-chmod 700 ~ansible/.ssh/
-chmod 600 ~ansible/.ssh/authorized_keys
-cat <<_EOF > /etc/sudoers.d/ansible
-Defaults:ansible !requiretty
-ansible ALL=(ALL) NOPASSWD: ALL
-_EOF
-chmod 600 /etc/sudoers.d/ansible
-</code>
-<note important>Of course, adapt this to your own public SSH key !</note>
-===== Connect a first time =====
-The first time you connect, you have to validate the SSH host key, so, let's do it once, and check everything is OK
-<code bash>
-ansible -m setup -i inventories/fws.ini proxyin.fws.fr
-</code>
-You should be prompted to accept the SSH key (which will be recorded in ssh/known_hosts), and ansible will output some info about your host. Your now ready to play !