source: main/waeup-ansible/README.rst @ 13892

Last change on this file since 13892 was 13843, checked in by uli, 9 years ago

Tell about what we learned.

File size: 4.2 KB
RevLine 
[13823]1=============================================
2 Playbooks for administrating WAeUP servers.
3=============================================
[13821]4
5These are materials to use with our servers.
[13823]6
7For starters: the tutorial given on
8
9  https://github.com/leucos/ansible-tuto
10
11is a really nice hands-on intro to `ansible`. Please read it!
12
13Vagrant
14=======
15
16In `Vagrantfile` we set up a vagrant environment which provides three
17hosts as virtualbox:
18
19  ``vh5.sample.org``, ``vh6.sample.org``, ``vh7.sample.org``
20
21running Ubuntu 14.04. ``vh5`` represents "virtual host 5" and should
22reflect h5.waeup.org. The same holds for ``vh6`` and ``vh7``
23accordingly.
24
25The three virtual hosts are for testing any upcoming ansible
26playbooks. They should be used before running playbooks on the real
27hosts!
28
29
30Initialize Vagrant Env
31----------------------
32
33You must have `vagrant` installed, if possible in a fairly recent
34version. I (uli) use `vagrant 1.8.1` (latest as time of writing).  As
35Ubuntu 14.04 is pretty outdated in that respect, I had to grab a .deb
36package from
37
38  https://www.vagrantup.com/downloads.html
39
40that could be installed with::
41
42 $ sudo dpkg -i vagrant_1.8.1_x86_64.deb
43
44
45When everything is in place, change into this directory and run::
46
47  $ vagrant up
48  Bringing machine 'vh5' up with 'virtualbox' provider...
49  Bringing machine 'vh6' up with 'virtualbox' provider...
50  Bringing machine 'vh7' up with 'virtualbox' provider...
51  ==> vh5: Importing base box 'ubuntu/trusty32'...
52  ...
53
54This will fetch Vagrant virtualbox images for trusty32, i.e. Ubuntu
5514.04 images, 32bit version (plays nice also on 64bit hosts).
56
[13837]57When hosts are being supplied by Hetzner or another hosting provider,
58then we normally get access as `root` user only. Therefore, After base
59init the root accounts of all hosts are enabled with password
60``vagrant``. This is done by the ansible playbook in
61``vagrant-provision.yml``.
62
[13823]63All three hosts provide ssh access via::
64
65  $ vagrant ssh vh0
66
67or equivalent commands. They have a user 'vagrant' installed, which
68can sudo without password.
69
[13837]70After install all three hosts can also be accessed as `root` using
71password `vagrant` (for example vh5):
72
73  $ ssh -l root 192.168.36.10
74
75See ``Vagrantfile`` for the IP addresses set.
76
[13823]77You can halt (all) the virtual hosts with::
78
79  $ vagrant halt
[13832]80
81
[13837]82
[13832]83Ansible Environment
84===================
85
86The ansible environment should provide ansible roles and playbooks for
87WAeUP related server administration.
88
89The general file-layout and naming should follow
90
91  https://docs.ansible.com/ansible/playbooks_best_practices.html#directory-layout
92
[13839]93
94Bootstrapping - Freshmechs
95--------------------------
96
97We call those nachines "freshmech" that are freshly delivered from the
98hosting provider or that were freshly provisioned by `vagrant` (see
99above).
100
101These machines are expected to have only a single root account and
102normally a (security-wise) poor SSH configuration.
103
104Bootstrapping these machines means we secure SSH, restart the SSH
105daemon and then add important accounts: "uli", "henrik", "ansible".
106
[13843]107To make sure, the connection to a "freshmech" works, you should at
108least one time login via SSH before proceeding with ansible and all
109bells and whistles::
110
111  ssh -l root 192.168.36.10
112
113(with the real IP of the machine you want to reach, of course).
114
[13839]115Any host you want to "bootstrap" must be entered in a local hosts
116file, normally ``hosts-virtual``, with a line like this:
117
118  [yet-untouched]
119  vh5.sample.org ansible_host=192.168.36.10 ansible_user=root
120
121in the "yet-untouched" section.
122
123Afterwards try:
124
125  $ ansible-playbook -i hosts-virtual --ask-pass bootstrap.yml
126
127The ``ask-pass`` parameter is needed to enter the password given by
128the provider on the commandline. For the local `vagrant` machines this
129will be `vagrant`.
[13843]130
131If run on local virtual machines, you might want to make sure that
132your local `known_hosts` file does not contain an old ssh host
133fingerprint. Otherwise you have to remove entries for::
134
135  192.168.36.10
136  192.168.36.11
137  192.168.36.12
138
139respectively before running `bootstrap.yml`.
140
141Alternatively you can run everything with the
142`ANSIBLE_HOST_KEY_CHECKING` environment variable set to ``False``::
143
144  $ ANSIBLE_HOST_KEY_CHECKING=False  ansible-playbook -i hosts-virtual --ask-pass bootstrap.yml
145
146This will suppress host fingerprint checking.
Note: See TracBrowser for help on using the repository browser.