Whenever I stand up a new Linux machine, I always find myself doing the same four things:
- Creating my main user account
- Creating an ansible user account
- Configuring sudoers
- Copying over SSH Public Keys.
Definitely, not something that evokes fun. I have tried various automation tools, but ansible has found a very special place in my toolkit.
For readers not familiar with ansible, it is a very powerful agent-less automation tool for all the things. There is a great primer here. This blog post is not a deep dive or an intro to ansible tutorial, I am only demonstrating how I initially provision the systems in my HomeLab (On-Prem) and in the Cloud.
Step 1:
Create a Virtual Machine (VM) or Provision a Virtual Private Server (VPS) with remote SSH access.
Step 2:
Add our host(s) to the inventory file on my control node.
[fakelabs] basil.fakelabs.io bacon.fakelabs.io node6.fakelabs.io [cloud] web.fakelabs.org waf.fakelabs.org dev.fakelabs.org [new_system] elmo.fakelabs.org
Step 3:
Now we just run our playbook and it will provision the new host(s) with our ansible user account and any associated configuration requirements.
user@box(ansible):$ ansible-playbook user-prov-playbook.yml
There are some caveats to the above. If you have remote ssh access enabled for root then just pass the following parameters:
--extra-vars 'ansible_user=root' -k
If however you are using an admin user with sudo privileges, in the case where you have existing systems then add the following parameters:
--extra-vars 'ansible_user=admin_user_name' -k -K
The -k option tells ansible to prompt for a password. If you are using public keys then omit that option.
The -K option is for privilege escalation (sudo) which you will only need for a non root user.
The contents of the playbook are below:
# user-prov-playbook.yml
---
- hosts:
- new_system
become: yes
tasks:
- name: create user group
group:
name: "{{ username }}"
state: present
- name: create user "{{ username }}"
user:
name: "{{ username }}"
comment: Automation
group: "{{ username }}"
state: present
groups:
- "{{ userGroup }}"
- "{{ sudoGroup }}"
- name: set authorized key
authorized_key:
user: "{{ username }}"
key: "{{ lookup('file', './ssh/ansible.id_rsa.pub') }}"
comment: 'ansible automation'
state: present
- name: deploy sudoers.d file
template:
src: sudoers.j2
dest: /etc/sudoers.d/{{ username }}
validate: 'visudo -cf %s'
mode: 0440
vars:
username: naruto
sudoer: "{{ username }}"
userGroup: "{{ username }}"
sudoGroup: "{{ 'sudo' if ansible_distribution == 'Ubuntu' else 'wheel' }}"
That is all there is to it. Thanks for reading.