Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/masasam/ansible-setup-server
Ansible playbook for build a server with one command
https://github.com/masasam/ansible-setup-server
ansible ansible-playbook debian debian-server
Last synced: 3 months ago
JSON representation
Ansible playbook for build a server with one command
- Host: GitHub
- URL: https://github.com/masasam/ansible-setup-server
- Owner: masasam
- License: gpl-3.0
- Created: 2016-11-15T23:39:48.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2023-09-25T03:44:10.000Z (over 1 year ago)
- Last Synced: 2024-04-23T13:36:06.721Z (8 months ago)
- Topics: ansible, ansible-playbook, debian, debian-server
- Language: Jinja
- Homepage: https://solist.work/blog/posts/ansible-handlers/
- Size: 2.6 MB
- Stars: 10
- Watchers: 3
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## Preparing the server you want to provision with ansible
Target OS at the server
- Debian10 buster(Recommended)
- Centos7(Not doing much maintenance)
- Archlinux(-_-;)Perhaps no one will use archlinux at the server(-_-;)
## Synopsis
Create a server from scratch
ansible-playbook --ask-vault-pass main.yml
Update package inside server
ansible-playbook --ask-vault-pass update.yml
Write directory names exist under roles you want to use at main.yml
- hosts: server
user: "{{ username }}"
become: yes
vars:
- include_tasks: vars/server.yml
roles:
- emacs
- git
- nginx
- python
- vim
- zsh
- less
- others
- seleniumThat is all.
## When creating a Debian server
Create user to use with ansible as root
sudo apt-get install python openssh-server zsh bash-completion sudo
sudo useradd -m -G sudo -s /bin/zsh ansible
sudo su - ansible
ssh-keygen -t rsa -b 4096
cd .ssh/
mv id_rsa.pub authorized_keys
chmod 600 authorized_keys
curl https://github.com/masasam.keys >> ~/.ssh/authorized_keys ← Register public key registered with githubReturn to root
sudo systemctl enable ssh
sudo systemctl start sshSet host name
sudo hostname debian
visudo
echo 'ansible ALL=(ALL) ALL' | sudo EDITOR='tee -a' visudo
echo '%wheel ALL=(ALL) ALL' | sudo EDITOR='tee -a' visudo
echo '%wheel ALL=(ALL) NOPASSWD: ALL' | sudo EDITOR='tee -a' visudo## Install ansible on your laptop or desktop
pip install --user ansible
git clone https://github.com/masasam/ansible-setup-server.git## Perform provisioning by ansible
ansible-playbook --ask-vault-pass main.yml
Write variables and passwords in group_vars/server.yml
Encrypt server.yml in advance with the following commandansible-vault encrypt group_vars/server.yml
What is in group_vars/server.yml (Write a password etc. here)
hostname: 'yourhost' ← Linux host name
domain: 'yourdomain' ← Main domain
domain1: 'www1.yourdomain'
domain2: 'www2.yourdomain'
domain3: 'www3.yourdomain'
domain4: 'www4.yourdomain'
username: 'ansible' ← User name ansible ssh
mailroot: 'youremailaddress' ← E-mail address to transfer root's mail
monitalert: 'youremailaddress' ← Destination of alert mail from monit
infopassword: '1e3396a8ecbc77a4cd81145c2c6b'
mariadbrootpassword: 'mariadbrootpassword' ← The password of the mariadb root user
dbname: 'yourdbbame' ← DB name used in mariadb
dbpassword: 'yourdbpassword' ← That password
docroot: '/home/html' ← Main document route for nginx
docroot1: '/home/html1'
docroot2: '/home/html2'
docroot3: '/home/html3'
docroot4: '/home/html4'Infopassword will be the password for the email address of info@yourdomain
How to make infopassworddoveadm pw
Enter new password: yourpassword
Retype new password: yourpasswordWith
{CRAM-MD5}913336a8ecba7764cd81245c2c6b
Because it is
infopassword: '913336a8ecba7764cd81245c2c6b'
#### Update the server only playbook
ansible-playbook --ask-vault-pass update.yml
## When creating a Debian test container at localhost
sudo pacman debootstrap
yaourt -S debian-archive-keyringmkdir debian
sudo debootstrap buster debian http://ftp.jaist.ac.jp/pub/Linux/debian/sudo chroot debian
passwd rootsudo systemd-nspawn -b -D ~/debian
From here debian virtual server
apt-get install python openssh-server zsh bash-completion sudo
useradd -m -G sudo -s /bin/zsh ansible
su - ansible
ssh-keygen -t rsa -b 4096
cd .ssh/
mv id_rsa.pub authorized_keys
chmod 600 authorized_keys
curl https://github.com/masasam.keys >> ~/.ssh/authorized_keys ← Register public key registered with githubReturn to root
systemctl enable ssh
systemctl start sshSet host name
hostname debian
vi /etc/hosts
127.0.0.1 localhost debian
Set up a user (group) that sudo can use
update-alternatives --config editor
visudo
echo 'ansible ALL=(ALL) ALL' | sudo EDITOR='tee -a' visudo
echo '%wheel ALL=(ALL) ALL' | sudo EDITOR='tee -a' visudo
echo '%wheel ALL=(ALL) NOPASSWD: ALL' | sudo EDITOR='tee -a' visudoSet the following in .ssh/config on your laptop or desktop
Host debiantest
HostName localhost
User ansibleWrite at main.yml
- hosts: debiantest
Run playbook
ansible-playbook --ask-vault-pass main.yml
## When creating a centos test container at localhost
yaourt yum
mkdir centossudo vim /etc/yum/repos.d/centos.repo
[centos]
name=centos
baseurl=http://ftp.jaist.ac.jp/pub/Linux/CentOS/7/os/x86_64/
enabled=1sudo yum -y --releasever=7 --installroot=~/centos groupinstall "Base"
sudo chroot centos
passwd rootsudo systemd-nspawn -b -D ~/centos
Create user to use with ansible as root
User name should be ansibleyum install python openssh-server zsh bash-completion sudo
useradd -m -G wheel -s /bin/zsh ansible
su - ansible
ssh-keygen -t rsa -b 4096
cd .ssh/
mv id_rsa.pub authorized_keys
chmod 600 authorized_keys
curl https://github.com/masasam.keys >> ~/.ssh/authorized_keys ← Register public key registered with githubReturn to root
systemctl enable sshd
systemctl start sshdSet host name
hostname centos
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 centos
vi /etc/pam.d/su
# Remove comment out
auth required pam_wheel.so use_uidSet up a user (group) that sudo can use
visudo
#Defaults requiretty(Confirm whether commented out)
echo 'ansible ALL=(ALL) ALL' | sudo EDITOR='tee -a' visudo
echo '%wheel ALL=(ALL) ALL' | sudo EDITOR='tee -a' visudo
echo '%wheel ALL=(ALL) NOPASSWD: ALL' | sudo EDITOR='tee -a' visudoSet the following in .ssh/config on your laptop or desktop
Host centostest
HostName localhost
User ansibleWrite at main.yml
- hosts: centostest
Run playbook
ansible-playbook --ask-vault-pass main.yml