discussion

[pascalandy]

Ansible expert needed to setup/configure Ubuntu 16.04

Hey folks,

YOU CAN HELP: I’m looking for get an ansible playbook to configure:

• Ubuntu 16.04
• Hardening (you tell me the best practice)
• Install few apps like: git Docker curl
• Set the time zone
• and you know all that jazz we want from solid Ubuntu server installation
• It should work in Vultr, DigitalOcean as well.

MY EXPECTATIONS:

• I expect the setup to be as easy as running the OpenVPN project kolargol/openvpn. Find it on Github.
• You work with Git
• I know this is probably exist on Github so I’m really looking for someone experience to guide me thru.
• Most of the work is standard best practice so you have experience. It’s not the time to explore.
• I want you to show me from a new VPS provisionned on DigitalOcean what your work can do. If I like it, from there I’ll will hire you.

IN YOUR ANSWER TELL ME: A) How much time do you expect spend on this task B) If we we agree on a fix fee C) Mention the word KIWI

ABOUT ME: I’m very confortable with Linux and Bash. My provisionning setup need to be better!

Thank you! Pascal

[pascalandy]

Hi Dmitry,

Glad to hear from you again! Can you please explicitly confirm those 3 points. Thank you!

Expectations

1) I expect the setup to be as easy as running the OpenVPN project https://github.com/kolargol/openvpn ansible-playbook -i private_vpn_inventory openvpn.yml

2) Any template to start with? No need to re-invent the wheel. Don’t worry I won’t run away with your input. —> I know this is probably exist on Github so I’m really looking for someone experience to guide me thru.

3) I have credits to use on civo.com. I want you to show me from a new VPS provisionned on DigitalOcean/Civo/Packet.net what your work can do.

Let me know about this:

A) Curious to know you input regarding this: I feel we could re-use this https://github.com/konstruktoid/hardening I tried it but I lock my self down.

B) Observe how I provision my server at the moment: https://github.com/pascalandy/tutorial-do/tree/master/previous

Once the VPS is up, I copy paste _config.sh then copy-paste _runthis-manually.sh. Then everything flows till the moment the Swarm is created.

Cheers! Pascal

[dmitryint]

Hi Pascal,

I expect the setup to be as easy as running the OpenVPN project

:+1:

Any template to start with?

I like to take modules from here: https://docs.debops.org/en/latest/

A) Curious to know you input regarding this: https://github.com/konstruktoid/hardening

There really is a lot of things that superfluous, paranoid and/or not applicable to VPS. I would limit myself to having a ssh with key based authorisation. Here we must always understand that changing default configuration can lead to arise a problems in the future.

[pascalandy]

What about 3) ?

What about B) (my scripts) ? I want to make sure we are aligned on the expectations :)

[dmitryint]

I have credits to use on civo.com. I want you to show me from a new VPS provisionned on DigitalOcean/Civo/Packet.net what your work can do.

np.

https://github.com/pascalandy/tutorial-do/tree/master/previous I saw these scripts. You want to replace them with Ansible, right?

[pascalandy]

You want to replace them with Ansible, right?

Exactly! Maybe there are things that are overkill ?!

[dmitryint]

No, why not? It's looks fine for me.

[pascalandy]

Great then. When can you do the demo.

Show me a basic example where the system clone a git repo and execute few bash commands :)

[pascalandy]

Just invited you to the project

[pascalandy]

One thing that is not right in my setup is the fact that I still use root. I tried to create a user but all keys are getting messed up...

[pascalandy]

Would make sense to use Ansible within a container on my mac (not an hard requirement)

[dmitryint]

Great then. When can you do the demo

ok.

Would make sense to use Ansible within a container on my mac (not an hard requirement)

I usually run directly on my system, but launching in a container is also possible.

[pascalandy]

ok LOL ? I ask when do you want to do a demo :)

[pascalandy]

I see your merge. Don't know what to do from here. I guess we need some real-time work. Let me know :)

[pascalandy]

Please update the README to details more the steps needed.

1) which VARs I must configured once (like all the secret stuff, git repo URL.. ) 2) which VAR i must configure for the new provisioning (i guess this should be only the IP of the server)

step xyz step xyz then ...

docker run --rm -it -v "$(pwd):/app" ansible-env -i test_hosts.ini site.yml

[dmitryint]

1. Configuration parameters are stored there: group_vars/all/config.yaml You can use Ansible Vault to encrypt sensitive data.

2. To add more hosts you should edit test_hosts.ini. Use test-192-168-1-1 as example.

[pascalandy]

Next steps:

• Put the id_rsa as VARs
• Put the id_rsa.pub as VARs
• rename host-example.ini
• rename [example]
• Setup Ansible Vault

Then Pascal to:

• test on DO
• test on Packet