README.md 1.7 KB
Newer Older
1
# bootstrap a linux VM to setup a  test  ces server - just the initial setup
root's avatar
REAMDE    
root committed
2

Heinrich Rainer Billich's avatar
Heinrich Rainer Billich committed
3
## what you get
Heinrich Rainer Billich's avatar
Heinrich Rainer Billich committed
4
just do what's needed to allow to run ansible playbooks from nas99. And give direct root access to admins. And prevent us to modify the VM master image, modify snapshots only.
Heinrich Rainer Billich's avatar
Heinrich Rainer Billich committed
5

Heinrich Rainer Billich's avatar
Heinrich Rainer Billich committed
6
7
- install smartmontools - required to detect if we run on a VM snapshot
- deny non-root logins if we don't run on a VM snapshot: Don't modify the master. Service no-login-without-snapshot.
root's avatar
REAMDE    
root committed
8

Heinrich Rainer Billich's avatar
Heinrich Rainer Billich committed
9
10
11
12
13
14
15
16
17
18
19
- install, enable, start vmtoolsd

- create ansible local account
- add ssh public keys to ansible's authorized_keys file: ansible, achrist, hbi4ea
- give ansible via group wheel full password-less sudo access

- add public keys for root's authorized_keys file: hbi4ea, ansible, achrist
- deny ssh password login for root
- set root password

- set LANG and LC_TYPE
root's avatar
REAMDE    
root committed
20
21
22
23

## download ansible playbook

login as root
root's avatar
REAMDE    
root committed
24
```terminal
25
26
# cd /home
#  git clone  https://gitlab.ethz.ch/scaleadmin-ansible-for-ces/vm-initial-setup.git
root's avatar
root committed
27
28
```
 or
root's avatar
REAMDE    
root committed
29
```terminal
30
31
32
33
# cd /home
# git clone git@gitlab.ethz.ch:scaleadmin-ansible-for-ces/vm-initial-setup.git


root's avatar
root committed
34
35
```

root's avatar
REAMDE    
root committed
36
37
## get ansible.posix

root's avatar
REAMDE    
root committed
38
```terminal
root's avatar
root committed
39
40
41
42
43
#  https_proxy='https://proxy.ethz.ch:3128' ansible-galaxy collection install ansible.posix
Process install dependency map
Starting collection install process
Installing 'ansible.posix:1.2.0' to '/root/.ansible/collections/ansible_collections/ansible/posix'
```
root's avatar
REAMDE    
root committed
44
45
46

## run playbook

root's avatar
REAMDE    
root committed
47
```terminal
48
# cd /home/vm-initial-setup
root's avatar
REAMDE    
root committed
49
50
# ./run-setup.sh
```
root's avatar
root committed
51

root's avatar
REAMDE    
root committed
52
or just
root's avatar
root committed
53
54

```terminal
55
# cd /home/vm-initial-setup
root's avatar
root committed
56
57
58
# ansible-playbook -c localhost ./setup.yml
```

root's avatar
root committed
59
60
61
62
63
64
65
66
67
68
please ignore
```
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
```

example output
```

```