Learn how to write your first playbook with Ansible. This tutorial shows you how to bootstrap your server for future Ansible runs as well as adding some security.

PLEASE NOTE: This tutorial comes from my course called Discover Ansible and assumes you installed Ansible and configured it to use a hosts file in a specific location.

# Create certificates folder and copy SSH public key cd ~/apps/ansible mkdir certificates cp ~/.ssh/id_rsa.pub certificates # Create crypted password # If you are using an environment different from your server (e.g., a Mac), # run this command on your server instead mkpasswd --method=SHA-512 -S # if needed to run mkpasswd sudo apt-get install whois

Create ansible/bootstrap.yml

--- - name: Bootstrap server for future ansible runs hosts: all remote_user: root vars: user_name: creston user_pass: $6$gGF67h7gg6$gHpPcLliXbq4wGX8SywQ4BLf/iUaRYNzlN6IBsN1YXI.o/ITmqfeirKcYTenyTo67csjdUTRHTsGVtE0zd9sZ1 tasks: - name: Update apt cache apt: update_cache=yes - name: Safe aptitude upgrade apt: upgrade=safe async: 600 poll: 5 - name: Add my user user: > name={{ user_name }} password={{ user_pass }} shell=/bin/bash groups=sudo append=yes generate_ssh_key=yes ssh_key_bits=2048 state=present - name: Add my workstation user's public key to the new user authorized_key: user: "{{ user_name }}" key: "{{ lookup('file', 'certificates/id_rsa.pub') }}" state: present # notify: restart ssh - name: Change SSH port lineinfile: dest: /etc/ssh/sshd_config regexp: "^Port" line: "Port 30000" state: present # notify: restart ssh - name: Remove root SSH access lineinfile: dest: /etc/ssh/sshd_config regexp: "^PermitRootLogin" line: "PermitRootLogin no" state: present # notify: restart ssh - name: Remove password SSH access lineinfile: dest: /etc/ssh/sshd_config regexp: "^PasswordAuthentication" line: "PasswordAuthentication no" state: present - name: Reboot the server command: /sbin/reboot handlers: - name: restart ssh service: name=ssh state=restarted

Run your bootstrap playbook from ~/apps/ansible

ansible-playbook bootstrap.yml

Please go ahead and leave a comment below if you have any questions about this tutorial.