58 lines
1.1 KiB
Markdown
58 lines
1.1 KiB
Markdown
# setup_new_server
|
|
|
|
git clone
|
|
|
|
|
|
|
|
add target IP and name to local (ansible machine) /etc/hosts
|
|
USE ONLY THE NAME IN hosts.yml and .ssh/config
|
|
|
|
for root:
|
|
ssh-copy-id to target
|
|
|
|
in hosts.yml be very careful to use:
|
|
|
|
Host new.test.server new1
|
|
|
|
## The new1 is VERY important as it defines the user variables
|
|
|
|
In pass.yml we will have tha variables new1_user_passwd, new1_sudo_passwd and new1_root_passwd
|
|
|
|
ansible-vault create passwd.yml or ansible-vault edit passwd.yml
|
|
|
|
move and edit config to ~.ssh/config
|
|
|
|
|
|
|
|
|
|
|
|
|
|
test connection: ansible -m ping --ask-vault-pass --extra-vars '@passwd.yml' TARGET_IP OR NAME -u root
|
|
|
|
|
|
run playbook: ansible-playbook --ask-vault-pass --extra-vars '@passwd.yml' ubuntu/setup-pb.yml -l TARGET_IP OR NAME -u root
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
On TARGET:
|
|
modify /etc/sysctl.conf, add the line:
|
|
net.ipv4.icmp_echo_ignore_all = 1 #don't respond to pings
|
|
|
|
and then: sudo sysctl -p
|
|
|
|
Change :
|
|
allow root login : PermitRootLogin prohibit-password
|
|
|
|
to
|
|
|
|
allow root login : no
|
|
|
|
copy the content of /home/franv/.ssh/id_rsa.pub to target /home/user_this/.ssh/authorized_keys
|
|
|
|
|
|
Reference: https://www.vultr.com/docs/how-to-configure-a-new-ubuntu-server-with-ansible/
|