README.md 1.89 KB
Newer Older
Moises Sacal's avatar
Moises Sacal committed
1
2
3
4
5
6
7
8
## Ansible Notes

### Bootstraping Ansible

To run ansible you need a couple of things.

Control Node: Any machine with Ansible installed. You can run commands and playbooks

Moises Sacal's avatar
Moises Sacal committed
9
Managed Node: The network devices (and/or servers) you manage with Ansible
Moises Sacal's avatar
Moises Sacal committed
10

Moises Sacal's avatar
Moises Sacal committed
11
#### Step 1. Managed Node: Modify visudo 
Moises Sacal's avatar
Moises Sacal committed
12
13
14
15
16

Ansible needs to run commands as sudo without password

`sudo visudo`

Moises Sacal's avatar
Moises Sacal committed
17
18
19
20
21
22
23
24
25
26
27
Find and uncomment the next line:

`#%wheel ALL=(ALL) ALL`

to:

`%wheel ALL=(ALL) ALL`

And

`#%wheel  ALL=(ALL)       NOPASSWD: ALL`
Moises Sacal's avatar
Moises Sacal committed
28
29
30

to:

Moises Sacal's avatar
Moises Sacal committed
31
`%wheel  ALL=(ALL)       NOPASSWD: ALL`
Moises Sacal's avatar
Moises Sacal committed
32
33


Moises Sacal's avatar
Moises Sacal committed
34
#### Step 2. Control Node: ansible.cfg
Moises Sacal's avatar
Moises Sacal committed
35
36
37
38
39
40
41

```
[defaults]
inventory = ./hosts.live
remote_user = <THE USERNAME THAT IS GOING TO RUN Ansible Scripts>
```

Moises Sacal's avatar
Moises Sacal committed
42
#### Step 3. Managed Node: (SKIP if you already have one) Create an ssh key and ansible user
Moises Sacal's avatar
Moises Sacal committed
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

Add user ansible
```
sudo useradd ansible -m
#add to wheel
sudo usermod -aG wheel ansible
```

Create Key (this will create a key with no passphrase

```bash
ssh-keygen -t rsa -C "ansible@myremotemachine" -f "$(pwd)/keys/myremotemachine.id_rsa" -P ""
```

Add it to authorized_keys

Moises Sacal's avatar
Moises Sacal committed
59
```
Moises Sacal's avatar
Moises Sacal committed
60
61
62
63
64
65
sudo mkdir /home/ansible/.ssh/
sudo touch /home/ansible/.ssh/authorized_keys
sudo chmod 700 /home/ansible/.ssh
sudo chmod 700 /home/ansible/.ssh/authorized_keys
sudo chown -R ansible:ansible /home/ansible
sudo cat $(pwd)/keys/HOSTNAME.id_rsa.pub >> /home/ansible/.ssh/authorized_keys
Moises Sacal's avatar
Moises Sacal committed
66
```
Moises Sacal's avatar
Moises Sacal committed
67

Moises Sacal's avatar
Moises Sacal committed
68
#### Step 4. Control Node: Add this key to host.live (Defined in ansible.cfg)
Moises Sacal's avatar
Moises Sacal committed
69
70
71
72
73
74
75
76
77

```
[myremotemachine]
123.x.x.x

[myremotemachine:vars]
`ansible_ssh_private_key_file=keys/myremotemachine.id_rsa`
```

Moises Sacal's avatar
Moises Sacal committed
78
#### Step 5. Managed Node: Install Ansible 
Moises Sacal's avatar
Moises Sacal committed
79
80
81
82
83
84
85

```
wget --output-document /tmp/get-pip.py https://bootstrap.pypa.io/get-pip.py
sudo python /tmp/get-pip.py
sudo pip install ansible
```

Moises Sacal's avatar
Moises Sacal committed
86
#### Step 6. Control Node: Verify this by running ansible all -m ping 
Moises Sacal's avatar
Moises Sacal committed
87
88
89
90
91
92
93
94

$ `ansible all -m ping`
```bash
myremotemachine | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
```