Skip to content

artslob/vps-setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
roles
roles
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
setup-ec2.yml
setup-ec2.yml
 
 

Repository files navigation

vps-setup

Project for automatic server setup using ansible.

Tested on Ubuntu Server 18.04.2 LTS and ansible 2.8.0.

Launch

1. Ansible setup

  1. Create config file ~/.ansible.cfg:

    [defaults]
inventory = ~/.ansible.hosts
vault_password_file = ~/.ansible.vault.pass

[ssh_connection]
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
pipelining = True

    Few notes:

    • Pipelining can make significant performance improvement when enabled, but have incompatibility with requiretty in /etc/sudoers.
    • We will use ssh-agent and agent forwarding to exploit ssh keys from local machine on remotes. So don't forget to run ssh-add before running scripts.

  2. Create hosts file ~/.ansible.hosts.
    For example:

    [web]
user@1.1.1.1

  3. Create file ~/.ansible.vault.pass with password for ansible vault.
    For example:

    somesecretpassformyvault

2. Project setup

  1. Download project:

    git clone https://github.com/artslob/vps-setup
cd vps-setup

  2. Create file secrets.yml in project root directory with this template:

    vault_user_password: somepass
vault_user_salt: somesalt
vault_cf_key: deadbeaf01010101010101010101010101fff
vault_cf_email: user@example.com

    This file contains secrets for user creation, cloudflare tokens for ssl setup (acme).

  3. Encrypt it:

    ansible-vault encrypt secrets.yml

    Contents of secrets file should be something like this (run cat secrets.yml):

    $ANSIBLE_VAULT;1.1;AES256
31643131623866643738666533313633366533633133353534633461626355366230623339616437
...

3. Run playbooks

  1. Run playbook to create user on your server:

    ansible-playbook 01-create-user.yml -e "host_env=ec2 root_user=ubuntu"

    Flag -e (or --extra-vars) provides additional environment variables, which override default values in playbook.
    Contents of encrypted secrets.yml parsed by ansible automatically.

    Few notes:

    • This playbook will not create ssh keys on remote machine. Reason for this is because you should use SSH agent forwarding to exploit your keys from local machine on remotes.
    • Playbook setup switching to sudo mode without password for default user.
    • Also setup for all sudoers preserving of SSH_AUTH_SOCK environment variable to exploit SSH agent forwarding in sudo mode.

Useful links

  1. Ansible vault tutorial
  2. Create user with password
  3. Create user accounts and setup ssh keys

About

Ansible powered automated server setup

Topics

ansible ansible-playbook automation

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published