infra/roles/bootstrap

Bootstrap

An ansible role to bootstrap a fresh system to be able to utilize Ansible. It will install all the ansible dependencies, create an ansible user and give it the necessary permissions, install an ssh key and finally setting SSH to only allow logins with an ssh key.

Requirements

• A pre-generated ssh key installed on the local system. (Defaults to ~/.ssh/ansible_rsa.pub, but can be changed by setting the ansible_ssh_key_path variable.
• Add the list of hosts to bootstrap to the [bootstrap] group in the ansible inventory file file. Defaults to hosts in the root of the ansible git repo.
• This role must be run with the option --ask-pass.

NOTE: Debian distros disable SSH root login by default. In order to run this role, you must first enable it by setting PermitRootLogin yes in /etc/ssh/sshd_config and restarting SSH systemctl restart ssh

[bootstrap]
webserver1
webserver2
10.0.0.162

Role Variables

• bootstrap_hosts: DNS hostname(s) or IP address(es) of the host(s) to be bootstrapped. Defaults to the ansible inventory group "bootstrap"

• ansible_ssh_key_path: Local path to the public key ansible will install. Defaults to ~/.ssh/ansible_rsa.pub

• ansible_username: User that ansible will create for connecting over after bootstrapping. Defaults to ansible

• ssh_username: User that ansible will connect over SSH as while doing the initial bootstrap installation. Defaults to root

• os_family: Used to determine which package manager to use. Defaults to redhat. For Debian-style distros change to debian

Example Usage

Bootstrap a new server:

ansible-playbook bootstrap.yml --ask-pass

Bootstrap a server with a different ssh key:

ansible-playbook bootstrap.yml --extra-vars 'ansible_ssh_key_path="~/.ssh/my_other_key.pub"' --ask-pass

Bootstrap a Debian server:

ansible-playbook bootstrap.yml --extra-vars 'os_family=debian' --ask-pass

Note: This role must be run with the option --ask-pass.

License

GPLv3