Ansible is an incredible configuration management and provisioning utility that enables you to automate all the things. In this series, you’ll learn everything you need to know in order to use Ansible for your day-to-day administration duties.
site.yml (added section for creating user)
---
- hosts: all
become: true
pre_tasks:
- name: install updates (CentOS)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution == "CentOS"
- name: install updates (Ubuntu)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Ubuntu"
- hosts: all
become: true
tasks:
- name: create simone user
tags: always
user:
name: simone
groups: root
- hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
- name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: 0755
owner: root
group: root
- hosts: web_servers
become: true
tasks:
- name: install httpd package (CentOS)
tags: apache,centos,httpd
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution == "CentOS"
- name: start and enable httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution == "CentOS"
- name: install apache2 package (Ubuntu)
tags: apache,apache2,ubuntu
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Ubuntu"
- name: change e-mail address for admin
tags: apache,centos,httpd
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin somebody@somewhere.net
when: ansible_distribution == "CentOS"
register: httpd
- name: restart httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: restarted
when: httpd.changed
- name: copy html file for site
tags: apache,apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb server package (CentOS)
tags: centos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution == "CentOS"
- name: install mariadb server
tags: db,mariadb,ubuntu
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- hosts: file_servers
tags: samba
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latestsudoer_simone
simone ALL=(ALL) NOPASSWD: ALLsite.yml (now copies sudoer file)
---
- hosts: all
become: true
pre_tasks:
- name: install updates (CentOS)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution == "CentOS"
- name: install updates (Ubuntu)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Ubuntu"
- hosts: all
become: true
tasks:
- name: create simone user
user:
name: simone
groups: root
- name: add ssh key for simone
tags: always
authorized_key:
user: simone
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7/ofWLNBq3+fRn3UmgAizdicLs9vcS4Oj8VSOD1S/ ansible"
- name: add sudoers file for simone
tags: always
copy:
src: sudoer_simone
dest: /etc/sudoers.d/simone
owner: root
group: root
mode: 0440
- hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
- name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: 0755
owner: root
group: root
- hosts: web_servers
become: true
tasks:
- name: install httpd package (CentOS)
tags: apache,centos,httpd
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution == "CentOS"
- name: start and enable httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution == "CentOS"
- name: install apache2 package (Ubuntu)
tags: apache,apache2,ubuntu
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Ubuntu"
- name: change e-mail address for admin
tags: apache,centos,httpd
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin somebody@somewhere.net
when: ansible_distribution == "CentOS"
register: httpd
- name: restart httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: restarted
when: httpd.changed
- name: copy html file for site
tags: apache,apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb server package (CentOS)
tags: centos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution == "CentOS"
- name: install mariadb server
tags: db,mariadb,ubuntu
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- hosts: file_servers
tags: samba
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latestbootstrap.yml
---
- hosts: all
become: true
pre_tasks:
- name: install updates (CentOS)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution == "CentOS"
- name: install updates (Ubuntu)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Ubuntu"
- hosts: all
become: true
tasks:
- name: create simone user
user:
name: simone
groups: root
- name: add ssh key for simone
authorized_key:
user: simone
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7/ofWLNBq3+fRn3UmgAizdicLs9vcS4Oj8VSOD1S/ ansible"
- name: add sudoers file for simone
copy:
src: sudoer_simone
dest: /etc/sudoers.d/simone
owner: root
group: root
mode: 0440site.yml (final version for this video)
---
- hosts: all
become: true
pre_tasks:
- name: update repository index (CentOS)
tags: always
dnf:
update_cache: yes
changed_when: false
when: ansible_distribution == "CentOS"
- name: update repository index (Ubuntu)
tags: always
apt:
update_cache: yes
changed_when: false
when: ansible_distribution == "Ubuntu"
- hosts: all
become: true
tasks:
- name: add ssh key for simone
authorized_key:
user: simone
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7/ofWLNBq3+fRn3UmgAizdicLs9vcS4Oj8VSOD1S/ ansible"
- hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
- name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: 0755
owner: root
group: root
- hosts: web_servers
become: true
tasks:
- name: install httpd package (CentOS)
tags: apache,centos,httpd
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution == "CentOS"
- name: start and enable httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution == "CentOS"
- name: install apache2 package (Ubuntu)
tags: apache,apache2,ubuntu
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Ubuntu"
- name: change e-mail address for admin
tags: apache,centos,httpd
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin somebody@somewhere.net
when: ansible_distribution == "CentOS"
register: httpd
- name: restart httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: restarted
when: httpd.changed
- name: copy html file for site
tags: apache,apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb server package (CentOS)
tags: centos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution == "CentOS"
- name: install mariadb server
tags: db,mariadb,ubuntu
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- hosts: file_servers
tags: samba
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latest
Hi there!
In this video Jay uses the
authorized_keymodule to send a public ssh key to a managed server automatically. However in the official documentation they are using a slightly different method by picking a file rather than copying the contents of the key:I’m wondering if this is something new and / or preferable? I suppose it is and Jay simply tried to show the simplest method possible (and I’m not complaining).
Now, I have a bit of a question about this because the docs also say, as you can see from that second example, that you can provide a url to that file in case you are storing everything in a repository as shown in this series. However, I’m not sure how to make this work with a private repository as it’s not very clear. Does anyone have any recommendation on how to handle this?
Thank you, great series I’m really learning so much!