Skip to content

Instantly share code, notes, and snippets.

@f9n

f9n/Readme.md

Last active February 2, 2018 22:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save f9n/e64d5dbfe7c5efaecba0bcfd9458e37d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save f9n/e64d5dbfe7c5efaecba0bcfd9458e37d to your computer and use it in GitHub Desktop.
Download ZIP
Vagrant Vms for Ansible
Raw
Readme.md

Vagrant Vms for Ansible

$ ls                                      #(Host)
Vagranfile sshd_config
$ vagrant up                              #(Host)
...
$ vagrant ssh ansible
...
$ ssh-keygen                             #(ansible)
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa): 
/home/vagrant/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
...
$ ssh-copy-id [email protected]          #(ansible)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/vagrant/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

$ ssh [email protected]                   #(ansible)
$ ifconfig                                #(web)
...
... 10.0.0.11
...
Raw
sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Raw
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.define "ansible" do |ansible|
ansible.vm.box = "ubuntu/xenial64"
ansible.vm.hostname = "ansible"
ansible.vm.network "private_network", ip: "10.0.0.10"
ansible.vm.provision "shell" do |sh|
sh.inline = <<-SHELL
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install -y ansible sshpass
SHELL
end
end
config.vm.define "web01" do |web01|
web01.vm.box = "ubuntu/xenial64"
web01.vm.hostname = "web"
web01.vm.network "private_network", ip: "10.0.0.11"
web01.vm.network "forwarded_port", guest: 80, host: 8080
web01.vm.provision "shell" do |sh|
sh.inline = <<-SHELL
sudo apt-get update
sudo apt-get install -y python
sudo cp /vagrant/sshd_config /etc/ssh/sshd_config
sudo systemctl restart ssh
SHELL
end
end
config.vm.define "db01" do |db01|
db01.vm.box = "ubuntu/xenial64"
db01.vm.hostname = "db"
db01.vm.network "private_network", ip: "10.0.0.12"
db01.vm.provision "shell" do |sh|
sh.inline = <<-SHELL
sudo apt-get update
sudo apt-get install -y python
sudo cp /vagrant/sshd_config /etc/ssh/sshd_config
sudo systemctl restart ssh
SHELL
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment