Skip to content

Rapid host configuration via Ansible - settings stored in playbook config file to allow easy creation of multiple configurations for different hosts and roles.

License

Notifications You must be signed in to change notification settings

robertpeteuil/auto-host-config

Repository files navigation

Auto Host Config - Remote Host Version

Rapid application of settings, configuration, updates and app installations on remote Linux hosts

lang status


This is an automated process to rapidly configure Linux hosts - this is the Remote Host Version. There are two versions, each with their own git branch. Make sure you download the correct one:

  • Remote: for configuring a host from a separate control computer. ex: configure a notebook from your desktop.
  • Local: for configuring a host directly. ex: configure a notebook directly from that notebook.

This process supports across a variety of device types, including: notebooks, desktops, servers, cloud hosts, and embedded devices.  The initial release supports the configuration of Ubuntu-based hosts, with Redhat/Centos and Windows support planned.

This is implemented using a free, open-source utility called Ansible which runs on Windows, Mac and Linux. Use of this process does not require previous knowledge of Ansible.

Requirements

The requirements are minimal:

  • The "remote-host" to be configured (referred to as "target host" below)
    • SSH server installed and running (instructions below)
    • A user account that allows SSH access and sudo capabilities
  • A second computer to use as the "control computer"
    • If you want to configure it directly, switch to the "local" branch of this repo.
    • Ansible and the repo files are installed on the "control computer"
      • Ansible version 2.4.0.0 or later is required.

Setup

Ensure SSH is installed on target (if required)

  • If you're installing Linux on a local machine or notebook, you may need to install it.
    • Typing the following command into the terminal on the target will install it: sudo apt-get install openssh-server
  • On cloud instances/VMs, SSH is installed & running by default.

Install Ansible on the main computer

Install Ansible via pip, package manager, or git

  • If you have Python and pip installed you can type pip install ansible
  • on linux, type sudo apt-get install ansible
  • on a mac with brew installed, type brew install ansible

Clone this repo to your main computer

Create a directory, download the repo into it and cd to it with the following commands:

mkdir host-config
git clone https://github.com/robertpeteuil/auto-host-config host-config
cd host-config

Note: you can replace host-config with a different folder-name, just make sure to use the same name in all three commands.

Rename example Inventory & Config files Create copies of the inventory and configuration files without the ".example" suffix

  • The included script does this for you: ./rename-examples.sh
  • The files can also be copied or renamed manually

Adjust "inventory" file Open the inventory file with your editor

  • replace hostname.local with the IP address or hostname of the target host
  • if the username on the target host is different than your main computer
    • add the parameter ansible_user=username after the target hostname / IP address
    • change username to match the username for the target host

Adjust settings in "config.yml" open the config.yml file with your editor.

  • ssh_pub_key_path specifies the public ssh-key that can be added as an authorized_user on the target host, review, edit, change or delete as necessary
    • you can disable this by commenting-out or deleting the line
  • Review and adjust options for reboot_after_fixes, set_pwless_sudo and ssh_disable_pw_logon to your liking
    • By default, all options except reboot_after_fixes are set to False
  • Any of the package lists below may be commented out as necessary
  • System package lists:
    • install_packages - specifies packages to install via the package manager
    • remove_packages - specifies packages to remove
  • Python package lists
    • python_upgrade_user - libraries to upgrade to the latest version in the user directory
    • python_install_user - libraries to install in the user context directory
    • python_install_sys - libraries to install for the entire system
    • python_upgrade_sys - libraries to upgrade to the latest version for the entire system

Select and run a playbook to configure target host(s)

  • Run the primary playbook (you will be prompted for the password):
    • ./main.yml
  • Run an alternate playbook if you have certificate-authentication and passwordless sudo configured (this runs without a password prompt):
    • ./main-sudo.yml
  • Run a playbook that applies only the notebook and mac related hardware fixes (you will be prompted for a password):
    • ./mac-fixes-only.yml

Playbooks, Roles and Settings

Playbooks

  • main.yml - the primary method of execution. It prompts for the target host password and executes all three roles (described below).
  • main-sudo.yml - this is only for users who have configured the host for Ansible use (by running main.yml with ssh_pub_key_path pointing to their SSH certificate, and set_pwless_sudo set to True).
  • mac-fixes-only.yml - for users who only want to apply the hardware adjustments for Linux on a notebook or Mac.

Roles

  • config-linux-hw: current HW adjustments are for linux installs on notebooks and macs
  • config-linux-base: installs/removes apt packages and installs/updates python modules
  • config-linux-sys: configure SSH security, enable no-spoof, install fail2ban and (optionally) set user account for Ansible use

Settings

  • The host inventory file is the file named inventory
  • Configuration settings are consolidated in the file config.yml
  • Settings also exist in the default folder for each role
    • Advanced Ansible users can use settings files within each role by removing the vars_files section from each playbooks

Acknowledgments

This playbook includes the mountopts module by Uberspace in the library directory. It's only used if the target computer is a notebook and the primary drive is an SSD.