Setup Users with Ansible

From Knowledge Center
Jump to: navigation, search

Introduction

In this tutorial we will provision our nodes to do the following:

  • Setup Users
  • Setup Sudoers
  • Install Packages
  • Setup Passwordless SSH from our Jumpbox

SSH Config

$cat ~/.ssh/config

Host docker-node-1
  Hostname 10.0.138.40
  User root
  IdentityFile ~/.ssh/id_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host glusterfs-node-1
  Hostname 10.0.74.190
  User root
  IdentityFile ~/.ssh/id_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host glusterfs-node-2
  Hostname 10.0.10.98
  User root
  IdentityFile ~/.ssh/id_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host elasticsearch-node-1
  Hostname 10.0.23.82
  User root
  IdentityFile ~/.ssh/id_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host elasticsearch-node-2
  Hostname 10.0.42.23
  User root
  IdentityFile ~/.ssh/id_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Inventory

inventory.ini

[admin]
localhost

[new]
docker-node-1
glusterfs-node-1
glusterfs-node-2
elasticsearch-node-1
elasticsearch-node-2

[admin:vars]
location_country="South Africa"
location_city="Cape Town"

[new:vars]
ansible_python_interpreter=/usr/bin/python3
location=europe

Playbook

provision.yml

---
- name: setup pre-requisites
  hosts: new
  roles:
    - create-sudo-user
    - install-modules
    - configure-hosts-file

- name: setup ruan user on the nodes
  become: yes
  become_user: ruan
  hosts: admin
  roles:
    - configure-admin

- name: copy public key to nodes
  become: yes
  become_user: ruan
  hosts: new
  roles:
    - copy-keys

Roles

- create-sudo-user

$ cat roles/create-sudo-user/files/sudoers
ruan ALL=(ALL) NOPASSWD:ALL
$ cat roles/create-sudo-user/tasks/main.yml
---
- name: Create Sudo User
  user: name=ruan
        groups=sudo
        shell=/bin/bash
        generate_ssh_key=no
        state=present

- name: Set Passwordless SSH Access for ruan user
  copy: src=sudoers
        dest=/etc/sudoers.d
        mode=0440

- install-modules

$ cat roles/install-modules/tasks/main.yml
---
- name: Install Packages
  apt: name={{ item }} state=latest update_cache=yes
  with_items:
    - ntp
    - python
    - tcpdump
    - wget
    - openssl
    - curl

- configure-hosts-file

$ cat roles/configure-hosts-file/tasks/main.yml
---
- name: Configure Hosts File
  lineinfile: path=/etc/hosts regexp='.*{{ item }}$' line="{{ hostvars[item].ansible_default_ipv4.address }} {{item}}" state=present
  when: hostvars[item].ansible_default_ipv4.address is defined
  with_items: "{{ groups['new'] }}"

- configure-admin

$ cat roles/configure-admin/files/ssh_config
Host docker-node-1
  Hostname 10.0.138.40
  User ruan
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host glusterfs-node-1
  Hostname 10.0.74.190
  User ruan
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host glusterfs-node-2
  Hostname 10.0.10.98
  User ruan
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host elasticsearch-node-1
  Hostname 10.0.23.82
  User ruan
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host elasticsearch-node-2
  Hostname 10.0.42.23
  User ruan
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
$ cat roles/configure-admin/tasks/main.yml
---
#- name: Generate SSH keys
#  shell: ssh-keygen -b 2048 -f /home/ruan/.ssh/id_rsa -t rsa -q -N ""
#  args:
#    creates: /home/ruan/.ssh/id_rsa
- name: Copy Public Key Locally
  fetch:
    src: /home/ruan/.ssh/id_rsa.pub
    dest: /tmp/
    flat: yes
- name: Copy SSH Configuration
  copy:
    src: ssh_config
    dest: /home/ruan/.ssh/config
    mode: 0644
- name: empty known_hosts
  file:
    state: absent
    path: ~/.ssh/known_hosts
- name: run ssh-keyscan to add keys to known_hosts
  shell: "ssh-keyscan {{ item }} >> ~/.ssh/known_hosts"
  with_items:
    - "docker-node-1"
    - "glusterfs-node-1"
    - "glusterfs-node-2"
    - "elasticsearch-node-1"
    - "elasticsearch-node-2"

- copy-keys

$ cat roles/copy-keys/tasks/main.yml
---
- name: Copy Publick Key to Other Hosts
  become: true
  become_user: ruan
  copy:
    src: /tmp/id_rsa.pub
    dest: /tmp/id_rsa.pub
    mode: 0644
- name: Append Public key in authorized_keys file
  authorized_key:
    user: ruan
    state: present
    key: "{{ lookup('file', '/tmp/id_rsa.pub') }}"

Running the Playbook

$ ansible-playbook -i inventory.ini provision.yml