Skip to content
Snippets Groups Projects
Select Git revision
  • 842f02dad1d2357a5b3c1f1f4e1d2ae1ee347145
  • master default protected
  • leonard/prometheus-exporters
  • multiple-primary
  • multiple-primary-orig-are
  • nrb/ssh-key-reorg
  • nrb/inventory-restructure
  • nrb/backbone-bgp
  • revproxy-port8080-support
  • nrb/bb-babel
10 results

ansible

  • Clone with SSH
  • Clone with HTTPS
  • nrb's avatar
    Nico authored
    842f02da
    History

    Freifunk Stuttgart Ansible

    Setup

    Install ansible

    Install ansible from your distribution or use a virtualenv and install from pip:

    1. Create virtualenv: python3 -m venv my-venv-directory
    2. Enter virtualenv: source my-venv-directory/bin/activate
    3. Install ansible: pip install ansible

    SSH Aliases

    Some hosts are only reachable through a jumphost, e.g. Containers or VMs on a proxmox. To access them, this playbook assumes you have configured an SSH alias in your ssh_config (~/.ssh/config) like so:

    Host *.ffs03
        User root
        ProxyCommand ssh ffs03 -W 10.0.3.$(( $(echo %n | sed -e 's/.ffs03//') - 3000 )):22

    Usage

    To deploy everything everywhere:

    ansible-playbook -v -i inventory/ all.yml

    To deploy everything on a single host

    ansible-playbook -v -i inventory/test --limit example.com all.yml

    where example.com denotes the hostname as defined in the inventory directory.

    Roles

    Users

    Deploys user accounts on systems and deploys public keys.

    The user database

    The idea is to maintain a global user database in group_vars/all. For each user, we store the UID and a list of public keys there. Example entry for a user named johndoe with UID 1234 and a public key:

    user_database:
      johndoe:
        uid: 1234
        pubkeys:
          - "ssh-rsa ... john@doe"

    Creating user accounts

    Note that this doesn't create the user anywhere. To do so, define a variable users e.g. in host_vars. For example adding this somewhere in host_vars/example.com/:

    users:
      - johndoe

    will deploy the johndoe user as defined in the user_database above on example.com.

    Deploying pubkeys for the root user

    Pubkeys defined in the user_database can also be deployed for the root user. This is achieved by adding a user's name to the users_root list. For example:

    users_root:
      - johndoe

    will deploy all pubkeys defined in the user_database for johndoe in the root account.