Ansible Notes - rharmonson/richtech GitHub Wiki
[DRAFT]Ansible Notes
This post is just notes to be placed in a larger article at a later time. If it is MIA, search wiki for "ansible" to locate the resulting article.
Ansible Host
I use a CentOS 7 Gnome Workstation virtual machine for administrator tasks including Ansible.
Create User
useradd ansuser
passwd ansuser
Create Keys
Either su or logon on as the new user.
ssh-keygen
Backup the keys to a safe location.
Managed Host
Connect to the host to be managed by Ansible.
Create User
useradd ansuser
passwd ansuser
Copy Key
From the Ansible host, using ssh-copy-id to create or update ~/.ssh/authorized with the public key on the host to be managed by Ansible.
ssh-copy-id 192.168.1.2
Edit sshd_config
Return to the managed host to update sshd_config.
vi /etc/ssh/sshd_config
Update the following values, but update PasswordAuthentication to permit or deny authentication as desired. Setting all items below with a value of no, password authentication will not be permitted.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPAuthentication no
Note the values below are the defaults so no action need be taken.
#Protocol 2
#RSAAuthentication yes
#PubkeyAuthentication yes
Adding Managed Hosts
ssh-keyscan server1.example.com >> ~/.ssh/known_hosts
for i in $(cat hostnames.txt)
do
ssh-keyscan $i >> ~/.ssh/known_hosts
done
SUDO
su visudo
Find root and a new line with
ansuser ALL=(ALL) NOPASSWD: ALL
Disable requiretty and enable visiblepw to permit ansible pipelines in CentOS 7 or earlier. Disabled by default in Fedora.
su visudo
Update the requiretty entry to either
Defaults !requiretty
..
Defaults visiblepw
or
Defaults:ansuser !requiretty
..
Defaults:ansuser visiblepw
Warning!
When using ssh-copy-id, it will create .ssh and authorized_hosts. The resulting directory and file will have the correct permissions. If you create them yourself using mkdir and touch, the permissions will permit read and, apparently, sshd checks. The result is the ominous and confusing 'authentication failure.' Correct permissions are:
- .ssh = 700
- authorized_hosts = 600
Compiling Ansible for Raspberry PI (ARM7)
Install compile requirements.
[root@osh ~]# yum install make git make gcc python-devel libffi-devel openssl-devel epel-release python-sphinx which libyaml libyaml-devel
Results
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
gcc armv7hl 4.8.5-16.el7 base 12 M
git armv7hl 1.8.3.1-12.el7 updates 4.1 M
libffi-devel armv7hl 3.0.13-18.el7 base 22 k
make armv7hl 1:3.82-23.el7 base 409 k
openssl-devel armv7hl 1:1.0.2k-8.el7 base 1.5 M
python-devel armv7hl 2.7.5-58.el7 base 395 k
python-sphinx noarch 1.1.3-11.el7 base 1.1 M
Installing for dependencies:
cpp armv7hl 4.8.5-16.el7 base 4.3 M
freetype armv7hl 2.4.11-15.el7 base 346 k
glibc-devel armv7hl 2.17-196.el7 base 1.1 M
glibc-headers armv7hl 2.17-196.el7 base 659 k
jbigkit-libs armv7hl 2.0-11.el7 base 44 k
kernel-headers armv7hl 4.4.26-201.el7 base 1.0 M
keyutils-libs-devel armv7hl 1.5.8-3.el7 base 37 k
krb5-devel armv7hl 1.15.1-8.el7 base 265 k
libatomic armv7hl 4.8.5-16.el7 base 44 k
libcom_err-devel armv7hl 1.42.9-10.el7 base 30 k
libgnome-keyring armv7hl 3.12.0-1.el7 base 104 k
libgomp armv7hl 4.8.5-16.el7 base 151 k
libjpeg-turbo armv7hl 1.2.90-5.el7 base 115 k
libkadm5 armv7hl 1.15.1-8.el7 base 165 k
libmpc armv7hl 1.0.1-3.el7 base 42 k
libselinux-devel armv7hl 2.5-11.el7 base 186 k
libsepol-devel armv7hl 2.5-6.el7 base 74 k
libtiff armv7hl 4.0.3-27.el7 base 158 k
libverto-devel armv7hl 0.2.5-4.el7 base 11 k
libwebp armv7hl 0.3.0-7.el7 base 150 k
mpfr armv7hl 3.1.1-4.el7 base 189 k
pcre-devel armv7hl 8.32-17.el7 base 479 k
perl armv7hl 4:5.16.3-292.el7 base 7.9 M
perl-Carp noarch 1.26-244.el7 base 19 k
perl-Encode armv7hl 2.51-7.el7 base 1.1 M
perl-Error noarch 1:0.17020-2.el7 base 31 k
perl-Exporter noarch 5.68-3.el7 base 28 k
perl-File-Path noarch 2.09-2.el7 base 26 k
perl-File-Temp noarch 0.23.01-3.el7 base 56 k
perl-Filter armv7hl 1.49-3.el7 base 75 k
perl-Getopt-Long noarch 2.40-2.el7 base 55 k
perl-Git noarch 1.8.3.1-12.el7 updates 53 k
perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k
perl-PathTools armv7hl 3.40-5.el7 base 82 k
perl-Pod-Escapes noarch 1:1.04-292.el7 base 50 k
perl-Pod-Perldoc noarch 3.20-4.el7 base 86 k
perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k
perl-Pod-Usage noarch 1.63-3.el7 base 26 k
perl-Scalar-List-Utils armv7hl 1.27-248.el7 base 34 k
perl-Socket armv7hl 2.010-4.el7 base 47 k
perl-Storable armv7hl 2.45-3.el7 base 72 k
perl-TermReadKey armv7hl 2.30-20.el7 base 29 k
perl-Text-ParseWords noarch 3.29-4.el7 base 13 k
perl-Time-HiRes armv7hl 4:1.9725-3.el7 base 44 k
perl-Time-Local noarch 1.2300-2.el7 base 24 k
perl-constant noarch 1.27-2.el7 base 18 k
perl-libs armv7hl 4:5.16.3-292.el7 base 596 k
perl-macros armv7hl 4:5.16.3-292.el7 base 43 k
perl-parent noarch 1:0.225-244.el7 base 12 k
perl-podlators noarch 2.5.1-3.el7 base 111 k
perl-threads armv7hl 1.87-4.el7 base 48 k
perl-threads-shared armv7hl 1.43-6.el7 base 37 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-docutils noarch 0.11-0.2.20130715svn7687.el7 base 1.5 M
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-markupsafe armv7hl 0.11-10.el7 base 25 k
python-pillow armv7hl 2.0.0-19.gitd1c6db8.el7 base 419 k
python-pygments noarch 1.4-10.el7 base 599 k
rsync armv7hl 3.0.9-18.el7 base 354 k
zlib-devel armv7hl 1.2.7-17.el7 base 49 k
Transaction Summary
================================================================================
Install 7 Packages (+60 Dependent packages)
Total download size: 45 M
Installed size: 133 M
Is this ok [y/d/N]:
Clone Ansible & Make
$ git clone git://github.com/ansible/ansible.git
$ cd ansible
$ make
# make install
Note
You may need to update pip and/or setuptools.
[root@osh ~]# pip install --upgrade pip
Requirement already up-to-date: pip in /usr/lib/python2.7/site-packages/pip-9.0.1-py2.7.egg
[root@osh ~]# pip install --upgrade setuptools
Collecting setuptools
Downloading setuptools-38.2.3-py2.py3-none-any.whl (489kB)
100% |################################| 491kB 252kB/s
Installing collected packages: setuptools
Found existing installation: setuptools 38.2.1
Uninstalling setuptools-38.2.1:
Successfully uninstalled setuptools-38.2.1
Successfully installed setuptools-38.2.3