Ansible contd
How Operations Team work on multiple servers
- Organizations will have lot of servers and lot of admins
- Creating individual logins on each server for every admin is not a feasible solution.
- An effective way is organization creates a service account for the admins to login and perform administration.
- For the lab activities our service account’s name would be
devops - Having username and password is not a sensible option then how to solve this problem
How to setup key pair based authentication in linux machines
- Key pair is combination of two keys public and private using alortihms, we will be using RSA
- Create a key pair
ssh-keygen
- Copy the public key to linux machine
ssh-copy-id username@ipaddress
- connect to the machine using private key
ssh -i <path-to-private key> username@ipaddress - Generally private keys created will have extension of .pem
- i.e we create a Service account public and private key. Copy the service account public key to all the servers. disable password based authentication
Setting up sudo permissions
- We need to add devops user to the sudoers group (Wheel)
- Execute
sudo visudo
Environment
- We need atleast two linux machines
- one is Ansible control node
- others is/are nodes
- We will be creating a service account called as
devopsin all machines - We will be creating a key pair in Ansible control node
- Copy the public key into the nodes
- Optional: Disable password based authentication
Mac
- Softwares
- Git
brew install git - Visual Studio Code
brew install --cask visual-studio-code - AWS CLI/Azure CLI
brew install awscliorbrew install azure-cli
- Git
- Package manager: Homebrew
https://brew.sh/
