majic-ansible-roles Changeset

Changeset - 61ddc6eab566

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 9 years ago 2015-05-05 01:18:18
branko@majic.rs

MAR-13: Updated documentation for the preseed role (added missin parameter description for ansible_key). Remove the ansible key from list of authorised keys for root user at end of bootstrap process. Updated testsite documentation to be more explicit for bootstrap process.

3 files changed with 22 insertions and 3 deletions:

docs/rolereference.rst

docs/testsite.rst

roles/bootstrap/tasks/main.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -15,6 +15,11 @@ partition. A number of common parameters can be provided. @@
 Parameters
 ~~~~~~~~~~
 **ansible_key** (string, mandatory)
   SSH public key that should be deployed to authorized_keys truststore for
   operating system user ``root``. This is necessary for the bootstrap process
   to work since Debian Jessie does not allow password-based logins for root.
 **preseed_directory** (mandatory)
     Destination directory where the preseed files should be stored.
@@ @@ -146,6 +151,9 @@ The role implements the following: @@
   SSH access).
 * Configures sudo to allow operating system user ``ansible`` to run sudo
   commands without password authentication.
 * Removes the Ansible user's key from the list of authorized keys for user root
   at the end of bootstrap process. This key was necessary only for the bootstrap
   process.
 Parameters

docs/testsite.rst

➞

Show inline comments

 . Install all servers using the generated preseed files.
 . Invoke the ``bootstrap.yml`` playbook in order to set-up some basic
 . Add the SSH host fingerprints to your ``known_hosts`` file (don't forget to
    remove old entries if you are redoing the process). You can easily obtain all
    the necessary fingerprints with command:
    .. code-block:: shell
       ssh-keyscan mail.example.com ldap.example.com xmpp.example.com
 . Invoke the ``bootstrap.yml`` playbook in order to set-up some basic
    environment for Ansible runs on all servers:
   .. code-block:: shell
     ansible-playbook playbooks/bootstrap.yml
-. Finally, apply configuration on all servers:
+. Finally, apply configuration on all servers:
   .. code-block:: shell

roles/bootstrap/tasks/main.yml

➞

Show inline comments

@@ @@ -13,4 +13,7 @@ @@
   authorized_key: user=ansible key="{{ ansible_key }}"
 - name: Set-up password-less sudo for the ansible user
   copy: src=ansible_sudo dest=/etc/sudoers.d/ansible mode=640 owner=root group=root
@@ \ No newline at end of file @@
   copy: src=ansible_sudo dest=/etc/sudoers.d/ansible mode=640 owner=root group=root
 - name: Revoke rights for Ansible user to log-in as root to server via ssh
   authorized_key: user=root key="{{ ansible_key }}" state=absent
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)