Friday, March 16, 2018

No chicken or egg with Ansible!!!

With Ansible being agentless we don't have a what came first, chicken or the egg, issue with it. What I mean by this is, in most automation/configuration tools which require an agent to be installed, you would have to first install the agent on the host that you are going to manage.

In the case of Ansible you don't have to install anything on the host that you wish to manage. As long as you can ssh onto the host, you are good to go.

So consider a brand you RHEL server or VM that you created, and that you can ssh onto it as root. Here are the steps that you would need to do to run Ansible playbooks as user 'mango', or any other fruit of your choice.


  1. Get the root password of the managed host.
  2. Check to see if you can ssh to the managed host using root password.
  3. Create ssh key using ssh-keygen on the control host for root.
  4. Copy the ssh key to the managed host using ssh-copy-id
  5. If you want to run the Ansible playbooks as user 'mango' then create a user 'mango' on the remote host using Ansible playbook shown below.
  6. Make can entry for that user under /etc/sudoers.d so that the user can run commands that need root priviliges.

The Ansible playbook below would do exactly that for you:

---
- name: Adding a new user
  hosts: all

  tasks:
    - name: Create user mango
      user: 
        name: mango 
        append: yes 
        state: present
        createhome: yes

    - name: Add file mango to the sudoers.d directory
      copy:
        content: "mango ALL=(ALL) NOPASSWD: ALL"
        dest: /etc/sudoers.d/mango

    - name: Set up authorized keys for the mango user
      authorized_key: 
        user=mango 
        key="{{ item }}"
      with_file:
        - /home/devops/.ssh/id_rsa.pub
...




No comments: