![]() ![]() sudo accessįor security hardening, servers running on Alibaba Cloud should only accept password-less logins. This lab will utilize and illustrates this concept. In general, we deal with three sets of users: Managing users in the cloud environment such as Alibaba Cloud is often a security and infrastructure requirement. Update the /etc/sudoers.d and add the ansible user $ visudoĪnsible ALL=(ALL) NOPASSWD: ALL Operations Perspective Now try logging into the machine, with: "ssh check to make sure that only the key(s) you wanted were added. bin/ssh-copy-id: INFO: 1 key(s) remain to be installed - if you are prompted now it is to install the new password: bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote ~]$ ssh-copy-id INFO: attempting to log in with the new key(s), to filter out any that are already installed Ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEApeDUYGwaMfHd7/Zo0nzHA69uF/f99BYktwp82qA8+osph1LdJ/NpDIxcx3yMzWJHK0eg2yapHyeMpKuRlzxHHnmc99lO4tHrgpoSoyFF0ZGzDqgtj8IHS8/6bz4t5qcs0aphyBJK5qUYPhUqAL2Sojn+jLnLlLvLFwnv5CwSYeHYzLPHU7VWJgkoahyAlkdQm2XsFpa+ZpWEWTiSL5nrJh5aA3bgGHGJU2iVDxj2vfgPHQWQTiNrxbaSfZxdfYQx/VxIERZvc5vkfycBHVwanFD4vMn728ht8cE4VjVrGyTVznzrM7XC2iMsQkvmeYTIO2q2u/8x4dS/hBkBdVG/fjgqb78EpEUP11eKYM4JFCK7B0/zNaS56KFUPksZaSofokonFeGilr8wxLmpT2X1Ub9VwbZV/ppb2LoCkgG6RnDZCf7pUA+CjOYYV4RWXO6SaV12lSxrg7kvVYXHOMHQuAp8ZHjejh2/4Q4jNnweciuG3EkLOTiECBB0HgMSeKO4RMzFioMwavlyn5q7z4S82d/yRzsOS39qwkaEPRHTCg9F6pbZAAVCvGXP4nlyrqk26KG7S3Eoz3LZjcyt9xqGLzt2frvd+jLMpgvnlXTFgGA1ITExOHRb+FirmQZgnoiFbvpeIFj65d0vRIuY6VneIJ6EFcLGPpzeus0yLoDN1v8= ansibleĪlternatively from the Ansible Controller run the following command for each target node ~]$ ssh-copy-id INFO: attempting to log in with the new key(s), to filter out any that are already installed adduser su - ansibleĬopy the SSH public key from the ansible_controller node and add it to all the VM which is $ cat authorized_keys ssh directory and change its file permissions to 600 (only the owner can read or write to the file). Update the /etc/sudoers.d and add the ansible user to manage controller node itself $ visudoĪnsible ALL=(ALL) NOPASSWD: ALL Ansible User Setup on Target NodeĬreate user Ansible and create a file named authorized_keys in the. Ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEApeDUYGwaMfHd7/Zo0nzHA69uF/f99BYktwp82qA8+osph1LdJ/NpDIxcx3yMzWJHK0eg2yapHyeMpKuRlzxHHnmc99lO4tHrgpoSoyFF0ZGzDqgtj8IHS8/6bz4t5qcs0aphyBJK5qUYPhUqAL2Sojn+jLnLlLvLFwnv5CwSYeHYzLPHU7VWJgkoahyAlkdQm2XsFpa+ZpWEWTiSL5nrJh5aA3bgGHGJU2iVDxj2vfgPHQWQTiNrxbaSfZxdfYQx/VxIERZvc5vkfycBHVwanFD4vMn728ht8cE4VjVrGyTVznzrM7XC2iMsQkvmeYTIO2q2u/8x4dS/hBkBdVG/fjgqb78EpEUP11eKYM4JFCK7B0/zNaS56KFUPksZaSofokonFeGilr8wxLmpT2X1Ub9VwbZV/ppb2LoCkgG6RnDZCf7pUA+CjOYYV4RWXO6SaV12lSxrg7kvVYXHOMHQuAp8ZHjejh2/4Q4jNnweciuG3EkLOTiECBB0HgMSeKO4RMzFioMwavlyn5q7z4S82d/yRzsOS39qwkaEPRHTCg9F6pbZAAVCvGXP4nlyrqk26KG7S3Eoz3LZjcyt9xqGLzt2frvd+jLMpgvnlXTFgGA1ITExOHRb+FirmQZgnoiFbvpeIFj65d0vRIuY6VneIJ6EFcLGPpzeus0yLoDN1v8= $ $ exit Note down the public key and copy it over onto other machines. ![]() ![]() Generate the SSH-keyPair for ansible -t rsa -b 4096 -C "ansible"Ĭopy the id_rsa.pub file, to the target node Ansible /home/ansible.ssh/home directory. This user should have appropriate sudo privileges. Ansible User Setup in Controller NodeĬreate ansible remote user to manage the installation from Ansible Controller node. Here is a quick guide of creating and setting up ansible user in controller and target nodes. If you are not sure how to launch an ECS instance in Alibaba Cloud, refer to this documentation. To follow this tutorial, you will need to have Alibaba Cloud Elastic Compute Service (ECS) instances. Extending this diagram, we are going to create playbooks that will manage different users with their sudoers privilege in the target node. The diagram shows an Ansible controller node managing various nodes using SSH protocol. We will start by defining the architecture, as shown in the diagram below. In this article, we will learn how to manage users using Ansible in an Alibaba Cloud environment. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community. By Anish, Alibaba Cloud Tech Share Author. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |