- Operating System: CentOS 7
- Ansible Version: 2.9.10
Before starting, ensure that Ansible is installed and a root SSH key is generated:
yum install epel-release ansible -y
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''- The
hosts.inifile defines the target machines for Ansible operations.- The first machine listed acts as the Ansible server, also referred to as the Fortress Machine Manager.
- The
addnewsection is used for new servers added later.
- A default hosts template is located at
/etc/ansible/inventory/default-hosts.ini. This template is designed for ordinary users and should be modified according to your needs.
- Variables are defined in
group_vars/all.yml. Modify this file as needed to set up custom variables for your environment.
-
Batch synchronization of the root user key:
- Syncs the root SSH key from the bastion machine to target servers for root user management.
-
Batch synchronization of the sudo user key:
- Syncs the sudo user’s SSH key to target servers for the management of ordinary users with sudo privileges.
-
Batch addition of ordinary users:
- Adds multiple ordinary users across the servers using Ansible.
-
Quick setup of a simple bastion host:
- Automatically deploys a basic bastion server setup.
To verify that Ansible can reach all hosts defined in hosts.ini, run the following command:
ansible -i hosts.ini all -m pingIf the command successfully pings the target machines, your hosts.ini configuration is correct.
To run the Ansible playbook, use the following command:
ansible-playbook -i hosts.ini start.yml-
Add the new server under the
addnewsection inhosts.ini. -
Run the following command to apply the configuration to the new server:
ansible-playbook -i hosts.ini -l addnew start.yml -t addmanager