Ubuntu/Bespin/Ansible: Difference between revisions
From charlesreid1
(Created page with "Note that it is easiest and safest to perform these steps on a local network (e.g., a wifi router network) that has internet connectivity but that won't expose the Ubuntu serv...") |
No edit summary |
||
| Line 67: | Line 67: | ||
[[Category:Ansible]] | [[Category:Ansible]] | ||
[[Category:Bespin]] | [[Category:Bespin]] | ||
[[Category: | [[Category:Machine]] | ||
Revision as of 02:57, 18 August 2020
Note that it is easiest and safest to perform these steps on a local network (e.g., a wifi router network) that has internet connectivity but that won't expose the Ubuntu server to the public internet.
Now use https://github.com/charlesreid1-com/charlesreid1-ansible to run the provision and base plays against the server. Note that this requires root access via ssh, so you have to edit your ssh config file to include this line:
/etc/ssh/sshd_config
PermitRootLogin yes
Now restart the ssh service:
sudo service ssh restart
and test that you can log in as root without a password:
ssh root@<ip-for-bespin>
ONLY ENABLE THIS WHILE YOU RUN ANSIBLE! DISABLE IT WHEN YOU ARE DONE!
Now run ansible from a different machine:
# run this from a different machine! git clone git@github.com:charlesreid1-com/charlesreid1-ansible.git ansible cd ansible # provision (python3 install) ANSIBLE_CONFIG="local.cfg" ansible-playbook --extra-vars "machine_name=bespin" provision.yml # set up with all the things ANSIBLE_CONFIG="local.cfg" ansible-playbook --extra-vars "machine_name=bespin" --vault-password-file=.vault_secret base.yml
Last, edit your ssh config to disable root login:
/etc/ssh/sshd_config
Remove this line!
PermitRootLogin yes # REMOVE ME
and replace with this one:
PermitRootLogin no
Now restart the ssh service:
sudo service ssh restart