To derive SSH keys from a hardware security key like a YubiKey, I needed to have the libfido2-dev package installed on my system. I started researching better alternatives and remembered that I had a couple of hardware security keys lying around that could be a perfect solution. However, there was a problem with that option - if someone gets their hands on those keys, they could easily access everything on the machine. This approach was neither efficient nor secure, and I knew that SSH keys were the preferred method for accessing the machine. I realized that each time I needed to run an ansible playbook, I had to provide the VM credentials. Establishing a secure way to access the machine Once I was confident in the playbook's effectiveness, I ran it against a group of machines.įor reference you can watch the following video: Safely Limit Ansible Playbooks Execution to a Single Machine. This triggers the playbook to run and automates the tasks I mentioned earlier, ie: ansible-playbook -e "HOSTS=ubuntu-vm" setup-vm.yaml -kKĪnsible-playbook -e "HOSTS=ubuntu-vm" install-docker.yaml -kKĭuring my experiments, I limited the ansible-playbook command to a single machine to ensure the automation worked as intended. To run the Ansible playbook I created to configure new VM's, I simply open a terminal and execute the command.
After reading the documentation and becoming familiar with the tool, I created a straightforward playbook that automates all of these tasks. To simplify this process, I turned to Ansible. Most importantly, I always need to install and configure Docker.
If the VM has a display manager, I like to configure it to bypass the login screen.
When deploying a new VM, I often need to perform several tasks, such as configuring the timezone, updating and upgrading packages, and installing additional tools. In this blog post, I'll explain how I tackled these tasks using a combination of Ansible, Yubikey's (hardware authentication device), and 1Password.
0 kommentar(er)
