That is pretty close to what I am doing. The only thing I want to do differently, is that I want to lock the automation account, so that it's only accepted from a specific host. ( ie. the ansible control node)
--jp On Tue, Jul 21, 2020 at 9:23 PM Ed Wong <arcus...@gmail.com> wrote: > Hi, > > I've played with Ansible before but hadn't really done much in terms of > maintaining a whole infrastructure. I'm hoping to restart my foray into it > in hopes to migrate off of the old way of standing up systems. I wish to > migrate to using Ansible to manage the whole infrastructure. That said, > I'm starting off simple. I'm not touching the existing systems. I have a > basic control node and just set up a minimal CentOS 7 system. > > Here is where i"m a tad bit confused in what I need to do and if someone > can clarify things, I'd be appreciated. > > Is the following process correct? > > 1) Log on to Alpha and create a new user, say automation. > 2) create ssh keys for automation. > 3) allow automation to have sudo access w/ no password. > 4) copy ssh credentials to control node. > > Is this the very first thing one does for every new system? (Granted, I > won't need to create new ssh-keys as I just need to copy the original ones > to the new system). > My understanding of this process is that in order to manage any system, I > need a user that can have access to said system. Once I have that user > set up properly, > I won't need to even log in manually to do things. > > Thanks for the clarifications. > > Ed > > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/a03a88cf-d05a-42b9-81ff-e594085d3b0bo%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/a03a88cf-d05a-42b9-81ff-e594085d3b0bo%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob-LE-5ji_kYSbMrSfn7o%3DSg9j-OSvqBFYvn9vXXMMxEAQ%40mail.gmail.com.
