Introduction
In this post, we will be configuring the prerequisites on the ansible control and all the client machines. All the virtual machines in this series are CentOS 7.5.
The prerequisites for ansible control are:
- Packages - Python and ansible
- Users - Ansible user with sudo privileges
The prerequisites for Ansible clients are:
- Packages - Python
- Users - Ansible user with sudo privileges
After the above steps are executed, we need to configure control and client machines for passwordless SSH login. This part is crucial because our objective is not to have manual intervention and enter passwords for each login but to automate as much as possible.
1. Prerequisites Configuration On Ansible Control
Install required packages.
[root@anscontrol ~]# yum -y install ansible python
Create ansible user 'devops'.
[root@anscontrol ~]# useradd devops
[root@anscontrol ~]# passwd devops
Changing password for user devops.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
2. Prerequisites Configuration On Ansible Client
Install required package. [root@ansapp ~]# yum -y install python
Create ansible user 'devops'.
[root@ansapp ~]# useradd devops
[root@ansapp ~]# passwd devops
Changing password for user devops.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
3. Configure Passwordless SSH Configuration
Create public/private rsa key pair for 'devops' user on ansible control.[devops@anscontrol ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/devops/.ssh/id_rsa):
Created directory '/home/devops/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/devops/.ssh/id_rsa.
Your public key has been saved in /home/devops/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:AWQwdxuvA+ZsQ/Q0Jm24FK44HLIIKeTOndMiW7HIj/s devops@anscontrol
The key's randomart image is:
+---[RSA 2048]----+
| . ooO+* |
|o. *oBo= |
|=... .=o+ . |
|B+oo=*.. o |
|o*+B..= S |
| *.o. . . |
| o . |
| . |
| ..E |
+----[SHA256]-----+
[devops@anscontrol ~]$ ssh-copy-id devops@ansapp
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/devops/.ssh/id_rsa.pub"
The authenticity of host 'ansapp (192.168.200.19)' can't be established.
ECDSA key fingerprint is SHA256:2hMPl7/RsaNC+sCcyA676pJtPTYyFJADUHDxpzX4Ovk.
ECDSA key fingerprint is MD5:38:6b:10:70:c6:77:a9:69:9f:53:96:4e:a4:8f:15:09.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devops@ansapp's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'devops@ansapp'"
and check to make sure that only the key(s) you wanted were added.
[devops@anscontrol ~]$ ssh devops@ansapp
Last login: Tue Aug 25 13:12:56 2020 from 192.168.200.13
[devops@ansapp ~]$ hostname
ansapp
This configuration needs to be completed for each ansible client.
4. Configure Ansible User As Privileged User
Finally we need to configure the above created 'devops' user as a sudo privileged user. This step needs to be done on ansible control as well as the client machines. Here, we are going to demonstrate it on ansible control.
[root@anscontrol ~]# visudo
# Allowing devops user to be super user
devops ALL=(ALL) NOPASSWD: ALL
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.