Ansible Intro
How to run a basic Ansible Setup from your Desktop or Laptop.
Ansible, my favourite tool for automating a Development Proxmox Cluster if simple script can't do the thing, or we have too many servers to manage. We are to use the community.general.proxmox
module, see this link.
For Production clusters, I like Terraform better.
Prerequisites
As we are going to use OpenSSH and Git. Ansible uses OpenSSH to communicating with our servers. OpenSSH is usually installed on desktops by default. Server installations may have OpenSSH as an option, please check it. If not, do sudo apt install openssh-server
.
For this first Lab, we use our Laptop as the Manager.
For our dev lab, we use an SSH-key called ansible
.
It is considered a security risk to use only one key.
If this key were to become lost or compromised,
it would result in the compromise of all servers.
- We need SSH-keys for security and ease of use
- Please create one per server connection (use a passphrase)
- One called Ansible (no passphrase)
- Copy the SSH-key to the servers
- Test your connection using the key
- Please set up Git
- Create an account on GitLab/GitHub …
- Create a new Repository (Private or Public)
Make a file called READ.me or License so we can have something to download.
Hit the Code
button and choose the Clone with SSH data. Create and go to your Ansible folder and paste it git clone [email protected]:username/ansible.git
The setup
On each of the servers, we have a user <username> with sudo rights, where <username> can be anything you like.
sudo usermod -aG sudo <username>
SSH notes
Generate an ssh key
ssh-keygen -t ed25519 -C "my basic key"
Copy the basic ssh key to a server
ssh-copy-id -i ~/.ssh/id_ed25519.pub <IP Adderss or FQDN>
Generate an ssh key for Ansible
This key is specifically going to be used by Ansible.
ssh-keygen -t ed25519 -C "ansible" -f "~/.ssh/ansible"
Copy the ssh key to a server
ssh-copy-id -i ~/.ssh/ansible.pub
Use an SSH key to connect to a server
ssh -i .ssh/<key_name> <IP Address or FQDN>
To cache a passphrase
To cache the passphrase for our session, we use the ssh agent
eval $(ssh-agent)
ssh-add
Here are some of my alias's
You can put in your .zshrc or .zshrc-personal
or .bashrc or bashrc-personal
files, to simplify your work.
alias ssha='eval $(ssh-agent) && ssh-add'
alias sshc='ssh-copy-id -i ~/.ssh/"${1}".pub
alias newkey='ssh-keygen -t ed25519 -C "${1}" -f "${2}"'
alias remkey='ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "${1}"'
# ssh-keys
# Adds your keyphrase to the ssh/agent for this session
alias ssha='eval $(ssh-agent) && ssh-add'
# Copy a SSH/key to a server
alias sshc='ssh-copy-id -i ~/.ssh/"$1".pub'
# newkey -C = Your comment -f = your filname
# Use: newkey "your_comment_here" "path_to_key_file"
newkey() {
ssh-keygen -t ed25519 -C "$1" -f "$2"
}
alias remkey='ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "$1"'
# Use: addkey "file" "server"
addkey() {
ssh-copy-id -i ~/.ssh/$1.pub $2
}
Use of .ssh/config
Sample of a .ssh/Config
file. Use as ssh node
to connect to a server in the file.
# My example file
AddKeysToAgent yes
Host pve-1
HostName 10.0.0.41
User root
Host pve-2
HostName 10.0.0.42
User root
# Switches
Host L3S
HostName 10.0.100.10
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-rsa
Ciphers +aes128-cbc
User boss
# github section
Host github.com-MyAnsible
HostName github.com
User <username>
IdentityFile ~/.ssh/ansible
Host alpine-100-01
ForwardAgent no
HostName 10.100.100.251
RemoteCommand ssh [email protected]
User boss
RequestTTY yes
Git Notes
Install git
sudo apt update && sudo apt install git
Generate an ssh key for GitLab
This key is specifically going to be used by your Git repository, GitLab/GitHub …
ssh-keygen -t ed25519 -C "GitLab" -f "~/.ssh/gitlab"
Create the user config for git
git config --global user.name "whatever name"
git config --global user.email "[email protected]"
Check the status
git status
Stage the README.md
Create or edit a README.md file.
Stage the README.md file to be included in the next git commit
git add README.md
Set up the README.md file to be included in a commit
git commit -m "Updated readme file, initial commit"
Send the commit
to GitLab
git push origin main
References
Ansible [1] Git [2] Open-SSH [3]
ssh-agent [4] ssh-copy-id [5] ssh-keygen [6] ed25519 [7]