thingies
This commit is contained in:
Pablo Martin
parent
5f06a966aa
commit
3343de2dc0
12 changed files with 286 additions and 57 deletions
|
|
@ -5,7 +5,11 @@ This describes how to prepare each machine before deploying services on them.
|
|||
## 01.01 First steps
|
||||
|
||||
* Create an ssh key or pick an existing one. We'll refer to it as the `personal_ssh_key`.
|
||||
* The guide assumes the laptop (Lapy) has `ansible` installed. If not, do `sudo apt install -y ansible` and `ansible --version` to check.
|
||||
* Deploy ansible on the laptop (Lapy), which will act as the ansible control node. To do so:
|
||||
* Create a `venv`: `python3 -m venv venv`
|
||||
* Activate it: `source venv/bin/activate`
|
||||
* Install the listed ansible requirements with `pip install -r requirements.txt`
|
||||
* Keep in mind you should activate this `venv` from now on when running `ansible` commands.
|
||||
|
||||
## 01.02 Prepare the VPS (Vipy)
|
||||
|
||||
|
|
@ -20,9 +24,13 @@ This describes how to prepare each machine before deploying services on them.
|
|||
|
||||
### 01.02.02 Prepare Ansible vars
|
||||
|
||||
* You have an example `infra/example.inventory.ini`. Copy it with `cp example.inventory.ini inventory.ini` and fill in with the vars for your VPS.
|
||||
* You have an example `ansible/example.inventory.ini`. Copy it with `cp ansible/example.inventory.ini ansible/inventory.ini` and fill in with the values for your VPS.
|
||||
|
||||
### 01.02.03 First steps with Ansible
|
||||
### 01.02.03 Create user and secure VPS access
|
||||
|
||||
* cd into `infra`
|
||||
* Run `ansible-playbook playbook.yml`
|
||||
* Ansible will create a user on the first playbook `01_basic_vps_setup_playbook.yml`. This is the user that will get used regularly. But, since this user doesn't exist, you obviosuly need to first run this playbook from some other user. We assume your VPS provider has given you a root user, which is what you need to define as the running user in the next command.
|
||||
* cd into `ansible`
|
||||
* Run `ansible-playbook -i inventory.ini infra/01_user_and_access_setup_playbook.yml -e 'ansible_user="your root user here"'
|
||||
* Then, configure firewall access, fail2ban and auditd with `ansible-playbook -i inventory.ini infra/02_firewall_playbook.yml`
|
||||
|
||||
Note that both the root user and the `counterweight` user will use the same SSH pubkey for auth.
|
||||
Loading…
Add table
Add a link
Reference in a new issue