Tuesday, August 25, 2020

Ansible - Prerequisites Configuration

Introduction

In this post, we will be configuring the prerequisites on the ansible control and all the client machines. All the virtual machines in this series are CentOS 7.5. 

The prerequisites for ansible control are:

  1. Packages - Python and ansible
  2. Users - Ansible user with sudo privileges
The prerequisites for Ansible clients are:
  1. Packages - Python
  2. Users - Ansible user with sudo privileges
After the above steps are executed, we need to configure control and client machines for passwordless SSH login. This part is crucial because our objective is not to have manual intervention and enter passwords for each login but to automate as much as possible.

1. Prerequisites Configuration On Ansible Control

Install required packages.
 [root@anscontrol ~]# yum -y install ansible python
Create ansible user 'devops'.
 [root@anscontrol ~]# useradd devops  
 [root@anscontrol ~]# passwd devops  
 Changing password for user devops.  
 New password:   
 Retype new password:   
 passwd: all authentication tokens updated successfully.  

2. Prerequisites Configuration On Ansible Client

Install required package.
 [root@ansapp ~]# yum -y install python
Create ansible user 'devops'.
 [root@ansapp ~]# useradd devops  
 [root@ansapp ~]# passwd devops  
 Changing password for user devops.  
 New password:   
 Retype new password:   
 passwd: all authentication tokens updated successfully.  

3. Configure Passwordless SSH Configuration

Create public/private rsa key pair for 'devops' user on ansible control.
[devops@anscontrol ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/devops/.ssh/id_rsa): 
Created directory '/home/devops/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/devops/.ssh/id_rsa.
Your public key has been saved in /home/devops/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:AWQwdxuvA+ZsQ/Q0Jm24FK44HLIIKeTOndMiW7HIj/s devops@anscontrol
The key's randomart image is:
+---[RSA 2048]----+
| .  ooO+*        |
|o.   *oBo=       |
|=... .=o+ .      |
|B+oo=*.. o       |
|o*+B..= S        |
|  *.o. . .       |
| o .             |
|  .              |
| ..E             |
+----[SHA256]-----+


Now we copy the above created key to the 'ansapp' SSH server's authorized_keys file for passwordless login.
[devops@anscontrol ~]$ ssh-copy-id devops@ansapp
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/devops/.ssh/id_rsa.pub"
The authenticity of host 'ansapp (192.168.200.19)' can't be established.
ECDSA key fingerprint is SHA256:2hMPl7/RsaNC+sCcyA676pJtPTYyFJADUHDxpzX4Ovk.
ECDSA key fingerprint is MD5:38:6b:10:70:c6:77:a9:69:9f:53:96:4e:a4:8f:15:09.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devops@ansapp's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'devops@ansapp'"
and check to make sure that only the key(s) you wanted were added.

Now we can login into 'ansapp' without password.
 [devops@anscontrol ~]$ ssh devops@ansapp  
 Last login: Tue Aug 25 13:12:56 2020 from 192.168.200.13  
 [devops@ansapp ~]$ hostname  
 ansapp  
This configuration needs to be completed for each ansible client.

4. Configure Ansible User As Privileged User

Finally we need to configure the above created 'devops' user as a sudo privileged user. This step needs to be done on ansible control as well as the client machines. Here, we are going to demonstrate it on ansible control.
 [root@anscontrol ~]# visudo  
We type the following text to allow 'devops' user to be allowed access to all sudo privileges and no password will be prompted for all commands.
 # Allowing devops user to be super user  
 devops ALL=(ALL) NOPASSWD: ALL  

Conclusion

So, we have finally completed the prerequistes for ansible automation. In the next post we will configure ansible configuration and inventory files.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.