Skip to content

artslob/vps-setup

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
 
 
 
 
 
 
 
 

Repository files navigation

vps-setup

Project for automatic server setup using ansible.

Tested on Ubuntu Server 18.04.2 LTS and ansible 2.8.0.

Launch

1. Ansible setup

  1. Create config file ~/.ansible.cfg:

    [defaults]
    inventory = ~/.ansible.hosts
    vault_password_file = ~/.ansible.vault.pass
    
    [ssh_connection]
    ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
    pipelining = True
    

    Few notes:

    • Pipelining can make significant performance improvement when enabled, but have incompatibility with requiretty in /etc/sudoers.
    • We will use ssh-agent and agent forwarding to exploit ssh keys from local machine on remotes. So don't forget to run ssh-add before running scripts.
  2. Create hosts file ~/.ansible.hosts.
    For example:

  3. Create file ~/.ansible.vault.pass with password for ansible vault.
    For example:

    somesecretpassformyvault
    

2. Project setup

  1. Download project:

    git clone https://github.com/artslob/vps-setup
    cd vps-setup
    
  2. Create file secrets.yml in project root directory with this template:

    vault_user_password: somepass
    vault_user_salt: somesalt
    vault_cf_key: deadbeaf01010101010101010101010101fff
    vault_cf_email: [email protected]
    

    This file contains secrets for user creation, cloudflare tokens for ssl setup (acme).

  3. Encrypt it:

    ansible-vault encrypt secrets.yml
    

    Contents of secrets file should be something like this (run cat secrets.yml):

    $ANSIBLE_VAULT;1.1;AES256
    31643131623866643738666533313633366533633133353534633461626355366230623339616437
    ...
    

3. Run playbooks

  1. Run playbook to create user on your server:

    ansible-playbook 01-create-user.yml -e "host_env=ec2 root_user=ubuntu"
    

    Flag -e (or --extra-vars) provides additional environment variables, which override default values in playbook.
    Contents of encrypted secrets.yml parsed by ansible automatically.

    Few notes:

    • This playbook will not create ssh keys on remote machine. Reason for this is because you should use SSH agent forwarding to exploit your keys from local machine on remotes.
    • Playbook setup switching to sudo mode without password for default user.
    • Also setup for all sudoers preserving of SSH_AUTH_SOCK environment variable to exploit SSH agent forwarding in sudo mode.

Useful links

  1. Ansible vault tutorial
  2. Create user with password
  3. Create user accounts and setup ssh keys

About

Ansible powered automated server setup

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published