Whenever I stand up a new Linux machine, I always find myself doing the same four things:
- Creating my main user account
- Creating an ansible user account
- Configuring sudoers
- Copying over SSH Public Keys.
Definitely, not something that evokes fun. I have tried various automation tools, but ansible has found a very special place in my toolkit.
For readers not familiar with ansible, it is a very powerful agent-less automation tool for all the things. There is a great primer here. This blog post is not a deep dive or an intro to ansible tutorial, I am only demonstrating how I initially provision the systems in my HomeLab (On-Prem) and in the Cloud.
Step 1:
Create a Virtual Machine (VM) or Provision a Virtual Private Server (VPS) with remote SSH access.
Step 2:
Add our host(s) to the inventory file on my control node.
[fakelabs] basil.fakelabs.io bacon.fakelabs.io node6.fakelabs.io [cloud] web.fakelabs.org waf.fakelabs.org dev.fakelabs.org [new_system] elmo.fakelabs.org
Step 3:
Now we just run our playbook and it will provision the new host(s) with our ansible user account and any associated configuration requirements.
user@box(ansible):$ ansible-playbook user-prov-playbook.yml
There are some caveats to the above. If you have remote ssh access enabled for root then just pass the following parameters:
--extra-vars 'ansible_user=root' -k
If however you are using an admin user with sudo privileges, in the case where you have existing systems then add the following parameters:
--extra-vars 'ansible_user=admin_user_name' -k -K
The -k option tells ansible to prompt for a password. If you are using public keys then omit that option.
The -K option is for privilege escalation (sudo) which you will only need for a non root user.
The contents of the playbook are below:
# user-prov-playbook.yml --- - hosts: - new_system become: yes tasks: - name: create user group group: name: "{{ username }}" state: present - name: create user "{{ username }}" user: name: "{{ username }}" comment: Automation group: "{{ username }}" state: present groups: - "{{ userGroup }}" - "{{ sudoGroup }}" - name: set authorized key authorized_key: user: "{{ username }}" key: "{{ lookup('file', './ssh/ansible.id_rsa.pub') }}" comment: 'ansible automation' state: present - name: deploy sudoers.d file template: src: sudoers.j2 dest: /etc/sudoers.d/{{ username }} validate: 'visudo -cf %s' mode: 0440 vars: username: naruto sudoer: "{{ username }}" userGroup: "{{ username }}" sudoGroup: "{{ 'sudo' if ansible_distribution == 'Ubuntu' else 'wheel' }}"
That is all there is to it. Thanks for reading.