Ansible Intro

How to run a basic Ansible Setup from your Desktop or Laptop.

Ansible Intro
Photo by Lenny Kuhne / Unsplash

Ansible, my favourite tool for automating a Development Proxmox Cluster if simple script can't do the thing, or we have too many servers to manage. We are to use the community.general.proxmox module, see this link.
For Production clusters, I like Terraform better.

Prerequisites

As we are going to use OpenSSH and Git. Ansible uses OpenSSH to communicating with our servers. OpenSSH is usually installed on desktops by default. Server installations may have OpenSSH as an option, please check it. If not, do sudo apt install openssh-server.

For this first Lab, we use our Laptop as the Manager.
For our dev lab, we use an SSH-key called ansible.

It is considered a security risk to use only one key.
If this key were to become lost or compromised,
it would result in the compromise of all servers.
☠️
Using only password authentication is a security risk
  • We need SSH-keys for security and ease of use
    • Please create one per server connection (use a passphrase)
    • One called Ansible (no passphrase)
    • Copy the SSH-key to the servers
    • Test your connection using the key
  • Please set up Git
    • Create an account on GitLab/GitHub …
    • Create a new Repository (Private or Public)

Make a file called READ.me or License so we can have something to download.

Hit the Code button and choose the Clone with SSH data. Create and go to your Ansible folder and paste it git clone [email protected]:username/ansible.git


The setup

On each of the servers, we have a user <username> with sudo rights, where <username> can be anything you like.

sudo usermod -aG sudo <username>

SSH notes

Generate an ssh key

ssh-keygen -t ed25519 -C "my basic key"

Copy the basic ssh key to a server

ssh-copy-id -i ~/.ssh/id_ed25519.pub <IP Adderss or FQDN>

Generate an ssh key for Ansible

This key is specifically going to be used by Ansible.

ssh-keygen -t ed25519 -C "ansible" -f "~/.ssh/ansible"

Copy the ssh key to a server

ssh-copy-id -i ~/.ssh/ansible.pub

Use an SSH key to connect to a server

ssh -i .ssh/<key_name> <IP Address or FQDN>

To cache a passphrase

To cache the passphrase for our session, we use the ssh agent

eval $(ssh-agent)
ssh-add

Here are some of my alias's

You can put in your .zshrc or .zshrc-personal or .bashrc or bashrc-personal files, to simplify your work.

alias ssha='eval $(ssh-agent) && ssh-add'
alias sshc='ssh-copy-id -i ~/.ssh/"${1}".pub
alias newkey='ssh-keygen -t ed25519 -C "${1}" -f "${2}"'
alias remkey='ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "${1}"'

# ssh-keys
# Adds your keyphrase to the ssh/agent for this session
alias ssha='eval $(ssh-agent) && ssh-add'
# Copy a SSH/key to a server
alias sshc='ssh-copy-id -i ~/.ssh/"$1".pub'
# newkey -C = Your comment -f = your filname
# Use: newkey "your_comment_here" "path_to_key_file"
newkey() { 
  ssh-keygen -t ed25519 -C "$1" -f "$2"
}
alias remkey='ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "$1"'
# Use: addkey "file" "server"
addkey() {
  ssh-copy-id -i ~/.ssh/$1.pub $2
}

Use of .ssh/config

Sample of a .ssh/Config file. Use as ssh node to connect to a server in the file.

# My example file
AddKeysToAgent yes
Host pve-1
  HostName 10.0.0.41
  User root
Host pve-2
  HostName 10.0.0.42
  User root

# Switches  
Host L3S
  HostName 10.0.100.10
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-rsa
  Ciphers +aes128-cbc
  User boss

# github section
Host github.com-MyAnsible
  HostName github.com
  User <username>
  IdentityFile ~/.ssh/ansible

Host alpine-100-01
  ForwardAgent no
  HostName 10.100.100.251
  RemoteCommand ssh [email protected]
  User boss
  RequestTTY yes  

Git Notes

Install git

sudo apt update && sudo apt install git

Generate an ssh key for GitLab

This key is specifically going to be used by your Git repository, GitLab/GitHub …

ssh-keygen -t ed25519 -C "GitLab" -f "~/.ssh/gitlab"

Create the user config for git

git config --global user.name "whatever name"
git config --global user.email "[email protected]"

Check the status

git status

Stage the README.md

Create or edit a README.md file.

Stage the README.md file to be included in the next git commit

git add README.md

Set up the README.md file to be included in a commit

git commit -m "Updated readme file, initial commit"

Send the commit to GitLab

git push origin main

References

Ansible [1] Git [2] Open-SSH [3]
ssh-agent [4] ssh-copy-id [5] ssh-keygen [6] ed25519 [7]


  1. Ansible homepage, getting started GitHub ↩︎

  2. Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. homepage, wikipedia ↩︎

  3. Open-SSH homepage Basic overview of SSH Keys ↩︎

  4. ssh-agent man page, OpenBSD ↩︎

  5. ssh-copy-id man page ↩︎

  6. ssh-keygen man page ↩︎

  7. ed25519 on wikipedia ↩︎