DevOps Classroom Series – 17/Dec/2020

Configuring Ansible

  • Create a user or use an existing with admin privileges
  • In this scenario lets create a user called as devops with admin permissions on both ansible control server and node
    • Ensure Password based authentication is enabled. Modify PasswordAuthentication to yes in the file /etc/ssh/sshd_config Preview
    • Create a user called as devops
    sudo adduser devops
    
    Preview
    • Now lets give sudo permissions which donot ask password for user devops
    sudo visudo
    # add entry as shown below and use Ctrl+x
    
    Preview
    • Lets restart sshd service
    sudo service sshd restart
    
    • Login as devops user in to the system Preview
    • Execute any sudo command and it should not ask for password Preview
  • Lets repeat the above steps for the node-1
  • Ensure you are able to login from ansible control server to node-1 Preview
  • Now execute the command
ansible -i inventory -k -m ping all

Preview

  • But when we are automating, is it possible to give password every time.
  • Now lets configure further so that ansible doesnot require password while communicating with nodes. For this we use classical linux approach of key based authentication
  • Login into ansible control server and create a key pair
ssh-keygen

Preview

  • As a result of this command a public and private key will be create in ~/.ssh Preview
  • Now lets try to copy the public key on ansible control server into node-1 so that node-1 doesnt ask password when ansible control server is trying to login as devops user.
ssh-copy-id devops@<node-1-ipaddress>

Preview

  • Now try logging in from ansible control server to node-1 using ipadress Preview
  • Now lets run the ansible command again
ansible -m ping -i inventory all

Preview

  • Overall Summary Preview
  • Exercise: Try to configure centos node to ansible control server Preview Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin