Use Ansible to prep your serverJanuary 9, 2023 | Stack
As time goes by, you may forget small features and settings you apply to your servers to make them fit you need. There is a tendency not to document every thing you do when you try out different solutions and suddenly everything works and you forget about the documentation. That's where Ansible comes into play.
Small playbooks to update all your servers or larger ones to install different libraries, comes in handy and will make life easier over time.
I have another article about Ansible Vault, so I don't wanna spend to much time on that. But, any time your work with secret data, it is good practis to opfuscate it. There are several tools to do that, but natively Ansible has Vault.
Now, this is probably not the optimal way of going around this issue. But I'll just make a temporary vault file for this, as It'll only be used for login the first time on any new server. Ideally you would make this vault file follow the host in inventory/host_vars/* . But, my experience in doing so is a bit messy so to keep things simple, the following is done first.
in your base ansible folder ../my-ansible-scripts/
create a new directory to save your vault files (the name isn't important):
We will try to keep our secrets organized here, create a new vault (you will be prompted for a master password to unlock the vault)
ansible-vault create --vault-id @prompt vault/my_site1.yml
in the unencrypted file you can now add your keys and values ex.:
if you want to edit the vault file later use the edit command:
ansible-vault edit vault/my_site1.yml
Now, to not complicate stuff to much, if you get a new server with a root user and password, you might just wan to start by logging in to you SSH account. To either remove old "known_hosts" or to at the public key to known hosts.
This playbook: setup-server.yml
Will generate a new user with sudoer privileges and disable root login via SSH. This tends to be the first thing I do when i get a new server.