104 lines
2.7 KiB
Markdown
104 lines
2.7 KiB
Markdown
|
|
# Server SetUp for Ansible
|
|
## Create ssh key ed25519
|
|
```bash
|
|
ssh-keygen -t ed25519 -C "any-name"
|
|
```
|
|
|
|
## Copy ssh key to server
|
|
```bash
|
|
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@hostIP
|
|
```
|
|
|
|
## Create Server on Hetzner [details]
|
|
1. Machine was created CX21 with SSH Private and Public Key Ed25519 by OnePassword
|
|
2. Get private key from OnePassword and save it to ~/.ssh/id_ed25519
|
|
3. Get public key from OnePassword and save it to ~/.ssh/id_ed25519.pub
|
|
4. Add private key to ~/.ssh/config [Optional]
|
|
|
|
## Disabling Password Authentication on our Server
|
|
1. Open the SSH configuration file
|
|
```bash
|
|
sudo nano /etc/ssh/sshd_config
|
|
```
|
|
2. Find the line that specifies PasswordAuthentication, uncomment it and set its value to no
|
|
```bash
|
|
PasswordAuthentication no
|
|
```
|
|
3. Save and close the file
|
|
4. Restart the SSH service
|
|
```bash
|
|
sudo systemctl restart ssh
|
|
```
|
|
|
|
## Given Permission to use SSH Key
|
|
Change the permissions to 700:
|
|
The keys need to be read-writable by the owner only:
|
|
```bash
|
|
chmod 700 ~/.ssh/[KEY_NAME]
|
|
```
|
|
|
|
## Accesing the server with SSH Key Specifiing the ley Path Directly=
|
|
```bash
|
|
ssh -i ~/.ssh/[KEY_NAME] [USER]@[HOST]
|
|
```
|
|
|
|
## Check logs in the Server
|
|
- For ssh logs
|
|
```bash
|
|
sudo journalctl -u ssh
|
|
```
|
|
- For general logs
|
|
```bash
|
|
sudo journalctl
|
|
```
|
|
- For since until logs
|
|
```bash
|
|
sudo journalctl --since "2021-09-01 00:00:00" --until "2021-09-01 23:59:59"
|
|
journalctl --since "2015-01-10" --until "2015-01-11 03:00"
|
|
journalctl --since "2015-01-10 17:15:00"
|
|
journalctl --since 09:00 --until "1 hour ago"
|
|
journalctl --since yesterday
|
|
```
|
|
- For TimeZone logs
|
|
```bash
|
|
timedatectl list-timezones
|
|
```
|
|
-For Set TimeZone
|
|
```bash
|
|
sudo timedatectl set-timezone America/Los_Angeles
|
|
```
|
|
- For Status TimeZone
|
|
```bash
|
|
timedatectl status
|
|
```
|
|
|
|
## Helpfull Links
|
|
- [How to Create SSH Keys with Ed25519](https://phoenixnap.com/kb/ssh-with-key)
|
|
- [How To Configure SSH Key-Based Authentication on a Linux Server](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server)
|
|
- [How To Use Journalctl to View and Manipulate Systemd Logs](https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs)
|
|
|
|
# Ansible
|
|
|
|
## Ansible Steps
|
|
1. Create Inventory
|
|
2. Create Playbook
|
|
3. Create Roles
|
|
4. Create Tasks
|
|
5. Create Handlers
|
|
6. Create Templates
|
|
7. Create Vars
|
|
|
|
## Inventory
|
|
- Invetory is a file that contains a list of hosts that we want to manage with Ansible
|
|
|
|
## Playbook
|
|
- Playbook is a file that contains a list of plays
|
|
- Play is a file that contains a list of tasks
|
|
- Task is a file that contains a list of modules
|
|
- Module is a file that contains a list of commands
|
|
|
|
## Roles
|
|
- Roles is a folder that contains a list of tasks, handlers, templates, vars, defaults, files, meta, and tests
|
|
|