/ansible-role-server-bootstrap

Ansible role-ificiation for TU Libraries Server Bootstrap playbook. Because testing & dev environments.

Primary LanguageJinja

TU Libraries Server Bootstrap Ansible Role

This is the role run for applying TU Libraries specific baselines on any new Linode servers. These baselines include things like adding core users, firewall defaults, updating required Centos 7 packages, etc.

Requirements

Use Pipenv and .python-version files to know the required libraries to run this role.

Role Variables

The primary variables needed are the authorized public keys of all the users to be added to the new server for authentication purposes.

ssh_port The port on which sshd should listen. Defaults to 9229. Override to 2222 for vagrant inventories to allow vagrant ssh to continue to work.

Dependencies

  • jeffwidman.yum-cron is required for adding cron updates for security packages managed by yum on the new servers.
  • geerlingguy.repo-epel is required for running EPEL (extra packages for enterprise linux) updates on the new servers.

Managing SSH Private Keys

This role can help manage SSH users via adding authorized users and deploying user private keys. Use the system_users_private_keys array for adding private keys (encrypted), users, groups, and locations on remote systems. Use the service_users_private_keys array for adding private keys similarly, but to be run later in a playbook when the tag service-level specifically is called. These keys will default to mode 0600.

Developing this role

When you make changes, you should run the tests locally. To do so:

  • Run pipenv install to install dependencies.
  • Run pipenv run molecule test to run all tests, including linting, test build, in a local docker environment.

If you want to try just running the role without running all tests, you can run pipenv run molecule converge

Unit tests are defined in molecule/default/tests/test_default.py.

License

BSD