Configuring Ansible
- Create a user or use an existing with admin privileges
- In this scenario lets create a user called as devops with admin permissions on both ansible control server and node
- Ensure Password based authentication is enabled. Modify PasswordAuthentication to yes in the file /etc/ssh/sshd_config
- Create a user called as devops
sudo adduser devops
- Now lets give sudo permissions which donot ask password for user devops
sudo visudo # add entry as shown below and use Ctrl+x
- Lets restart sshd service
sudo service sshd restart- Login as devops user in to the system
- Execute any sudo command and it should not ask for password
- Ensure Password based authentication is enabled. Modify PasswordAuthentication to yes in the file /etc/ssh/sshd_config
- Lets repeat the above steps for the node-1
- Ensure you are able to login from ansible control server to node-1
- Now execute the command
ansible -i inventory -k -m ping all
- But when we are automating, is it possible to give password every time.
- Now lets configure further so that ansible doesnot require password while communicating with nodes. For this we use classical linux approach of key based authentication
- Login into ansible control server and create a key pair
ssh-keygen
- As a result of this command a public and private key will be create in ~/.ssh
- Now lets try to copy the public key on ansible control server into node-1 so that node-1 doesnt ask password when ansible control server is trying to login as devops user.
ssh-copy-id devops@<node-1-ipaddress>
- Now try logging in from ansible control server to node-1 using ipadress
- Now lets run the ansible command again
ansible -m ping -i inventory all
- Overall Summary
- Exercise: Try to configure centos node to ansible control server
