Talk:Ansible: Difference between revisions
Content added Content deleted
Line 49: | Line 49: | ||
inventory: Which Inventory files to be used. |
inventory: Which Inventory files to be used. |
||
remote_user: Name of user account on the managed host. Not set by default, so local username is used. |
remote_user: Name of user account on the managed host. Not set by default, so local username is used. |
||
*Privilege Escalation |
|||
Ansible runs tasks on managed host using same user account as local user, so make sure to copy ssh keys. |
|||
Set remote_user in ansible.cfg to specify another user to be used. |
|||
If remote_user is not specified, Privilege Escalation needs to be used |
Revision as of 17:55, 17 July 2019
Features of Ansible
- Ansible is Modular
- 1000+ Modules available.
- Modules written in python.
Running Ansible
- Do not use Root account for ansible
- Create an account with all privileges:
sudo visudo %ansible ALL=(ALL) ALL usermod -aG ansible aman
- Install python on all hosts:
yum install -y python2 epel-release
- Add entry to Hosts file & enable key less SSH access:
ssh-copy-id -i ~/.ssh/id_rsa.pub aman@server2
- Using the same username is convenient but not required.
Inventory file
cd install nano inventory
[all] controller.example.com node1.example.com
[servers] node1.example.com server1.example.com
ansible all -i inventory --list-hosts
Ansible Config File
- Variour ansible.cfg files:
/etc/ansible/ansible.cfg ~/.ansible.cfg ansible.cfg in project directory (takes precedence)
- Contents:
become: Specify how to escalate privileges on the managed host. become_user: Specify which user account to use on remote host. become_ask_pass: Whether or not a password should be asked. inventory: Which Inventory files to be used. remote_user: Name of user account on the managed host. Not set by default, so local username is used.
- Privilege Escalation
Ansible runs tasks on managed host using same user account as local user, so make sure to copy ssh keys. Set remote_user in ansible.cfg to specify another user to be used. If remote_user is not specified, Privilege Escalation needs to be used