majic-ansible-roles Changeset

Changeset - 61ddc6eab566

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 11 years ago 2015-05-05 01:18:18
branko@majic.rs

MAR-13: Updated documentation for the preseed role (added missin parameter description for ansible_key). Remove the ansible key from list of authorised keys for root user at end of bootstrap process. Updated testsite documentation to be more explicit for bootstrap process.

3 files changed with 22 insertions and 3 deletions:

docs/rolereference.rst

docs/testsite.rst

roles/bootstrap/tasks/main.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

 partition. A number of common parameters can be provided.
 Parameters
 ~~~~~~~~~~
 **ansible_key** (string, mandatory)
   SSH public key that should be deployed to authorized_keys truststore for
   operating system user ``root``. This is necessary for the bootstrap process
   to work since Debian Jessie does not allow password-based logins for root.
 **preseed_directory** (mandatory)
     Destination directory where the preseed files should be stored.
 **preseed_servers** (mandatory)
   List of servers for which a preseed file should be created. Each item in
   this list defines options for a single server. The options are as follows:
@@ @@ -143,12 +148,15 @@ The role implements the following: @@
 * Installs sudo package.
 * Creates operating system user and group for Ansible (``ansible``).
 * Sets-up an authorized_key for operating system user ``ansible`` (for remote
   SSH access).
 * Configures sudo to allow operating system user ``ansible`` to run sudo
   commands without password authentication.
 * Removes the Ansible user's key from the list of authorized keys for user root
   at the end of bootstrap process. This key was necessary only for the bootstrap
   process.
 Parameters
 ~~~~~~~~~~
 **ansible_key** (string, mandatory)

docs/testsite.rst

➞

Show inline comments

   .. code-block:: shell
     ansible-playbook playbooks/preseed.yml
 . Install all servers using the generated preseed files.
 . Invoke the ``bootstrap.yml`` playbook in order to set-up some basic
 . Add the SSH host fingerprints to your ``known_hosts`` file (don't forget to
    remove old entries if you are redoing the process). You can easily obtain all
    the necessary fingerprints with command:
    .. code-block:: shell
       ssh-keyscan mail.example.com ldap.example.com xmpp.example.com
 . Invoke the ``bootstrap.yml`` playbook in order to set-up some basic
    environment for Ansible runs on all servers:
   .. code-block:: shell
     ansible-playbook playbooks/bootstrap.yml
-. Finally, apply configuration on all servers:
+. Finally, apply configuration on all servers:
   .. code-block:: shell
     ansible-playbook playbooks/site.yml
 The playbooks and configurations for test site make a couple of assumptions:

roles/bootstrap/tasks/main.yml

➞

Show inline comments

@@ @@ -10,7 +10,10 @@ @@
   user: name=ansible system=yes group=ansible shell=/bin/bash
 - name: Set-up authorized key for the Ansible user
   authorized_key: user=ansible key="{{ ansible_key }}"
 - name: Set-up password-less sudo for the ansible user
   copy: src=ansible_sudo dest=/etc/sudoers.d/ansible mode=640 owner=root group=root
@@ \ No newline at end of file @@
   copy: src=ansible_sudo dest=/etc/sudoers.d/ansible mode=640 owner=root group=root
 - name: Revoke rights for Ansible user to log-in as root to server via ssh
   authorized_key: user=root key="{{ ansible_key }}" state=absent
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)