Setting up Ansible - VBychkov-boop/Spring-SYS265-Final-Project GitHub Wiki

Ansible Setup

Preparing user on mgmt02

  • Setting up the admin user, it b1admin had existed but had no home directory and was using /bin/sh instead of bash.

Fix home directory & shell:

sudo mkdir -p /home/b1admin
sudo chown b1admin:b1admin /home/b1admin
sudo chsh -s /bin/bash b1admin

Generate SSH Key on mgmt02

  • Login as b1admin and generate an SSH key:

ssh-keygen -t ed25519

I used -t ed25519 because it is more secure, opposed to the regularly generated RSA key. This generates a Ed25519 key.

Pros of ED25519

  • **More Secure **- based on moderl elliptic curve cryptography

  • **Faster **- performs better during authentication

  • Shorter - the key itself is much smaller but equally or more secure

  • ** More standard in current practrice**

  • Press enter three times to accept default and skip the passphrase.

Issue: Saving key to wrong location

HOME was pointing to / instead of /home/b1admin , the key was initially saved to /.ssh/

To find where the key was saved, i ran:

find / - name "id_ed25529: 2>/dev/null

To fix the $HOME variable:

export HOME=/home/b1admin

  • This command is used to manage the enviornment variable, which defines the path tothe user's home directory.

  • Setting correct perms onto the key:

chmod 700 /home/b1admin/.ssh
chmod 600 /home/b1admin/.ssh/id_ed26619
chmod 644 /home/b1admin/.ssh/id_ed25519.pu

Adding Hosts to /etc/hosts

In mgmt02, navigate to:

sudo nano /etc/hosts

Continue to add all IPs with their computer names:

172.16.1.12   dc01
172.16.1.13   dc02
172.16.1.10   dhcp01
172.16.1.11   dhcp02
172.16.1.15   util
172.16.1.14   mgmt01
172.16.1.126  w1
172.16.1.123  w2
  • If there is a temporary failure in name resolution when using ssh-copy-id, this means that the hostnames in /etc/hosts or it is typed incorrectly.

Copy SSH Key to Linux Nodes

Copy the ssh keys to each Linux node so Ansible can connect with no passsword

sudo ssh-copy-id -i /home/bladmin/.ssh/id_ed25519.pub bladmin@dhcp01
sudo ssh-copy-id -i /home/bladmin/.ssh/id_ed25519.pub bladmin@dhcp02
sudo ssh-copy-id -i /home/bladmin/.ssh/id_ed25519.pub bladmin@util

Install Ansible on mgmt02

sudo apt update
sudo apt install ansible -y
  • Create Ansible directory and inventory
sudo mkdir -p /etc/ansible
sudo nano /etc/ansible/hosts

Making Ansible inventory file

[linux]
dhcp01
dhcp02
util ansible_user=gooperuser

[windows]
dc01
dc02
mgmt01
w1
w2

[windows:vars]
ansible_user=administrator
ansible_password=YourPasswordHere
ansible_connection=winrm
ansible_winrm_transport=basic
ansible_port=5985
ansible_winrm_server_cert_validation=ignore

Fix the Directory permissions

export HOME=/home/bladmin
mkdir -p /home/bladmin/.ansible/tmp
chmod 755 /home/bladmin/.ansible
chmod 755 /home/bladmin/.ansible/tmp

Testing connectivity

ansible linux -m ping -u bladmin

Should get successful ping and pong responses

WinRM Setup for Windows Nodes

On each WIndows Machine, run in powershell

winrm quickconfig -y
Enable-PSRemoting -Force
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

Oh mgmt02, install required Python module

sudo apt install python3-pip -y
pip3 install pywinrm