Freifunk Stuttgart Ansible
Setup
Install ansible
Install ansible from your distribution or use a virtualenv and install from pip:
- Create virtualenv:
python3 -m venv my-venv-directory
- Enter virtualenv:
source my-venv-directory/bin/activate
- Install ansible:
pip install ansible
SSH Aliases
Some hosts are only reachable through a jumphost, e.g. Containers or VMs on a
proxmox. To access them, this playbook assumes you have configured an SSH alias
in your ssh_config (~/.ssh/config
) like so:
Host *.ffs03
User root
ProxyCommand ssh ffs03 -W 10.0.3.$(( $(echo %n | sed -e 's/.ffs03//') - 3000 )):22
Usage
To deploy everything everywhere:
ansible-playbook -v -i inventory/ all.yml
To deploy everything on a single host
ansible-playbook -v -i inventory/test --limit example.com all.yml
where example.com
denotes the hostname as defined in the inventory directory.
Roles
Users
Deploys user accounts on systems and deploys public keys.
The user database
The idea is to maintain a global user database in group_vars/all
. For each
user, we store the UID and a list of public keys there. Example entry for a
user named johndoe
with UID 1234
and a public key:
user_database:
johndoe:
uid: 1234
pubkeys:
- "ssh-rsa ... john@doe"
Creating user accounts
Note that this doesn't create the user anywhere. To do so, define a variable
users
e.g. in host_vars
. For example adding this somewhere in
host_vars/example.com/
:
users:
- johndoe
will deploy the johndoe user as defined in the user_database
above on
example.com
.
Deploying pubkeys for the root user
Pubkeys defined in the user_database
can also be deployed for the root user.
This is achieved by adding a user's name to the users_root
list. For example:
users_root:
- johndoe
will deploy all pubkeys defined in the user_database
for johndoe in the root
account.