Rocky Linux

Automating Initial Server Setup with Ansible on Rocky Linux 9

HomeRocky LinuxAutomating Initial Server Setup with Ansible on Rocky Linux 9

1. Introduction

Server automation has become crucial in modern systems administration, particularly due to the disposable nature of application environments. Configuration management tools like Ansible have gained popularity for their ability to streamline the process of automating server setup, reducing human error associated with manual configurations. Ansible, with its simple architecture and robust features, offers an efficient solution for automating server setups.

In this guide, we will explore how to use Ansible to automate the initial server setup for Rocky Linux 9. By following the steps outlined in this guide, you will be able to create a playbook that automates the process of setting up new servers based on the Initial Server Setup Guide for Rocky Linux 9.

2. Prerequisites

Before getting started with Ansible, ensure that you have the following:

  • Ansible control node: A Rocky Linux 9 machine with Ansible installed and configured to connect to your Ansible hosts using SSH keys. Make sure the control node has a regular user with sudo permissions and a firewall enabled.
  • Remote server: A clean install of Rocky Linux 9 with SSH access from the Ansible control node. If you don’t have SSH access, refer to the tutorial on How to Set Up SSH Keys.

3. What Does this Playbook Do?

The Ansible playbook we will create automates the steps outlined in the Initial Server Setup Guide for Rocky Linux 9. Instead of manually going through the setup process each time you boot up a server, you can set up the playbook once and use it for every server thereafter.

When you run this playbook on your Ansible hosts, it will perform the following actions:

  • Create a new sudo user with passwordless sudo access.
  • Copy a local SSH public key and add it to the authorized_keys file for the new user (if you were previously using a password for SSH).
  • Disable password-based authentication for the root user.
  • Install system packages necessary for your server setup.

Once the playbook finishes running, you will have a new user that you can use to log in to the server.

4. Step 1: Preparing your Ansible Control Node

To start using Ansible, you need to add your Ansible host remote server’s IP to your Ansible inventory file on the control node. Open the Ansible inventory file using your preferred text editor:

sudo vi /etc/ansible/hosts

Within the file, add your Ansible host remote server’s IP to the [servers] block:

[servers]
server1 ansible_host=your_remote_server_ip

Save and close the file.

Next, test and authenticate the SSH connection between the Ansible control node and the remote server:

ssh root@your_remote_server_ip

Accept the authentication request and enter your password if prompted. Once the SSH connection is verified, close the connection and return to your control node by pressing CTRL+D.

5. Step 2: Preparing your Playbook

Now it’s time to create the playbook file. The playbook.yml file is where you define all the tasks to be automated. Open the file using your preferred text editor:

vi playbook.yml

Start by adding the following declarations to the playbook:

----
hosts: all
become: true
vars:
created_username: sammy

In this example, “sammy” is the username used. You can replace it with a username of your choice. These declarations specify the servers the playbook will target and whether commands will be executed with escalated root privileges. The “vars” section allows you to store data in variables for future use.

6. Step 3: Adding Sudo User Setup Tasks to your Playbook

To automate the creation of a user with sudo privileges, add the following tasks to your playbook:

tasks:
- name: Setup passwordless sudo
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
- name: Create a new regular user with sudo privileges
user:
name: "{{ created_username }}"
state: present
groups: wheel
append: true
create_home: true

These tasks use the lineinfile module to target and replace a specific line in the sudoers file, allowing passwordless use of sudo. The visudo command is used to validate the changes to prevent any issues.

The user module is then used to create a new user with sudo privileges, ensuring that the user belongs to the wheel (admin) group and a home directory is created.

Remember to replace “sammy” with the username defined in the “created_username” variable.

7. Step 4: Adding SSH Key Setup and Disabling Root Password Tasks to your Playbook

To automate the SSH key setup and disable password authentication for the root user, add the following tasks to your playbook:

- name: Set authorized key for remote user
ansible.posix.authorized_key:
user: "{{ created_username }}"
state: present
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
- name: Disable password authentication for root
lineinfile:
path: /etc/ssh/sshd_config
state: present
regexp: '^#?PermitRootLogin'
line: 'PermitRootLogin prohibit-password'

The authorizedkey module is used to add the SSH public key to the authorizedkeys file for the remote user. The lookup function is used to retrieve the path to the SSH public key.

The lineinfile module is used to search and replace a line in the sshd_config file, disabling password authentication for the root user.

8. Step 5: Adding a Package Installation Task to your Playbook

To ensure that certain packages are always installed on your server, add the following task to your playbook:

- name: Update and install required system packages
dnf:
pkg:
- curl
- vim
- git
- firewalld
state: latest
update_cache: true

This task uses the dnf module to install the specified packages (curl, vim, git, firewalld). The state parameter ensures that the packages are updated to the latest version, and update_cache is set to true to update the package cache before installing.

Feel free to add or remove packages as per your requirements.

9. Step 6: Reviewing your Complete Playbook

Your playbook should now contain all the necessary tasks. Here’s a summary of what it should look like:

----
hosts: all
become: true
vars:
created_username: sammy
tasks:
- name: Setup passwordless sudo
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
- name: Create a new regular user with sudo privileges
user:
name: "{{ created_username }}"
state: present
groups: wheel
append: true
create_home: true
- name: Set authorized key for remote user
ansible.posix.authorized_key:
user: "{{ created_username }}"
state: present
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
- name: Disable password authentication for root
lineinfile:
path: /etc/ssh/sshd_config
state: present
regexp: '^#?PermitRootLogin'
line: 'PermitRootLogin prohibit-password'
- name: Update and install required system packages
dnf:
pkg:
- curl
- vim
- git
- firewalld
state: latest
update_cache: true

Make sure to check your playbook for proper indentation, as YAML files are sensitive to indentation structure.

10. Step 7: Running your Playbook for the First Time

You are now ready to run your playbook on your server. To execute the playbook on server1 as the root user, use the following command:

ansible-playbook playbook.yml -l server1 -u root -k

The -l flag specifies the server, the -u flag specifies the user to log into on the remote server (root in this case), and the -k flag is necessary if you are not using passwordless SSH.

The output should indicate the success of the server setup. You can now log in to the server using the newly created user:

ssh sammy@your_remote_server_ip

Remember to replace “sammy” with the username defined in the playbook and “yourremoteserver_ip” with the IP address or hostname of your server.

11. Conclusion

Automating the initial server setup process with Ansible can save you time and ensure consistent configurations across your servers. By following this guide, you have learned how to use Ansible to automate tasks such as creating a non-root user with sudo access, setting up SSH keys, disabling remote password-based root login, and installing system packages.

With Ansible, you can streamline your server setup process and focus on more critical aspects of your infrastructure. By automating these initial tasks, you can improve efficiency, reduce human error, and maintain a standardized server environment.

For more information on running Ansible playbooks and expanding your automation capabilities, refer to our Ansible Cheat Sheet Guide and Configuration Management 101: Writing Ansible Playbooks.

12. Additional Information: Shape.host Services

At Shape.host, we offer reliable and scalable cloud hosting solutions for your business needs. Our Linux SSD VPS provides high-performance virtual servers with SSD storage, ensuring fast and efficient operations.

If you are looking for a trusted hosting provider, visit Shape.host to explore our services and find the perfect cloud hosting solution for your business.

Tags:
Christian Wells

Older Post

Efficient System Optimization: Adding Swap Space on Debian 11

Next Post

How to Configure Nginx Server Blocks on Rocky Linux 9

Related Product

How to Install Focalboard on Rocky Linux 9

How to Deploy CherryPy on Rocky Linux 9