Skip to content

pSciComp/ansibleOneShot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
inventory.ini
inventory.ini
 
 
setup.yml
setup.yml
 
 

Repository files navigation

OneShot Provisionig

The following documentation details the execution of the one-shot provisioning playbook. The objective is to establish a reproducible baseline for new system installations utilizing open-source automation, specifically Ansible. Idempotency is maintained by separating declarative state from runtime variables and secrets.

File Structure

File Purpose
setup.yml Declarative configuration defining system packages, user state, and SSH access.
inventory.toml Target infrastructure definition and initial bootstrap connection parameters.
secrets.yml Encrypted Ansible Vault containing the internal SSH keypair.

Infrastructure Inventory (inventory.toml)

Infrastructure targets and bootstrap authentication parameters are defined utilizing the TOML format. Host resolution is established strictly via IP address, initial connection user, and SSH private key.

[all.hosts.server-01]
ansible_host = "10.0.0.15"
ansible_user = "root"
ansible_ssh_private_key_file = "~/.ssh/id_ed25519"

Secrets Management (secrets.yml)

An encrypted vault file must be generated to securely store the internal SSH keypair utilized by the newly provisioned user.

  1. Initialize the vault:
ansible-vault create secrets.yml
  1. Define the keypair parameters within the encrypted file:
vault_private_key: |
  -----BEGIN OPENSSH PRIVATE KEY-----
  ...
  -----END OPENSSH PRIVATE KEY-----
vault_public_key: "ssh-ed25519 AAAAC3... user@internal"

Execution Protocol

The playbook is executed utilizing the ansible-playbook binary. Runtime variables are injected via external files and command-line arguments. The vault password will be prompted interactively during execution.

ansible-playbook setup.yml \
  -i inventory.toml \
  --ask-vault-pass \
  -e "new_username=sysadmin" \
  -e "public_key_file=~/.ssh/id_ed25519.pub" \
  -e "openstack_rc_file=~/project-openrc.sh"

Parameter Specification

  • -i inventory.toml: Declares the TOML inventory file containing target IP and bootstrap credentials.
  • --ask-vault-pass: Initiates the decryption prompt for secrets.yml.
  • -e "@secrets.yml": Loads the decrypted private and public SSH keys into the runtime context.
  • -e "new_username=...": Overrides the default username defined in the playbook.
  • -e "public_key_file=...": Specifies the local path to the public key authorized for the new user account.
  • -e "openstack_rc_file=...": (Optional) Specifies the local path to the OpenStack credential file to be deployed to the target.

About

A simple one shot config for a development VM - to be extended at will

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors