phred / 5minbootstrap Goto Github PK

View Code? Open in Web Editor NEW

256.0 9.0 42.0 131 KB

Bootstrap and secure your server in 5 minutes flat.

5minbootstrap's Introduction

5minbootstrap

Bootstrap and secure your server in 5 minutes flat. A riff on this excellent post:

http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

There's a blog post that I wrote to go along with this. Check it out!

http://practicalops.com/my-first-5-minutes-on-a-server.html

TL;DR

Step 1: Set the root password

Run:

yourmachine$ ssh root@server

Enter the initial root password from your hosting provider, then run:

root@server# passwd

Step 2: Fetch the bootstrap recipe

https://github.com/phred/5minbootstrap/

yourmachine ~$ git clone https://github.com/phred/5minbootstrap.git
yourmachine ~$ cd 5minbootstrap

Step 3: Edit hosts.ini

Ansible needs to know about the servers you want to manage. There is no fancy central database, just a text file with a list of servers. Oh, it's called an "inventory file."

Edit the hosts.ini that came with the repository. Replace 127.0.0.1 with your IP address, and :2222 with your SSH port.

[newservers]
127.0.0.1:2222

Step 4: Update the SSH public key.

yourmachine ~/5minbootstrap$ cp ~/.ssh/id_dsa.pub ./fred.pub

For simplicity I provided my public key in the repo. Unless you want to grant me login access to your server, you probably want to change that. :-)

Step 5: Run the playbook

This is the needed invocation for Vagrant:

yourmachine ~/5minbootstrap$ ansible-playbook -i hosts.ini bootstrap.yml --ask-pass --sudo

If you are logging into a fresh Linode, or another sytem where you only have the root user, you need to run this command:

yourmachine ~/5minbootstrap$ ansible-playbook -i hosts.ini bootstrap.yml --user root --ask-pass

Step 6: Go get a cup of coffee because you're DONE.

I prefer hand-ground French pressed coffee myself. Tea is also fine.

5minbootstrap's People

Stargazers

Watchers

5minbootstrap's Issues

newbie issue

Hi,

I am pulling this back! Thanks! The playbook is amazing!

unsupported parameter for module: upgrade

TASK: [Update all packages on the system] *********************
failed: [127.0.0.1] => {"failed": true}
msg: unsupported parameter for module: upgrade

FATAL: all hosts have already failed -- aborting

I followed your guide and I get that error when I run it for the first time. I'm running it against a Vagrant box (precise32) using ansible 1.0. It's my first time using ansible so I'm not really sure what it's trying to tell me. upgrade=yes seems to be the correct param?

Update APT package cache fails

Below console output:

{"cmd": "apt-get update && apt-get install python-apt -y -q", "failed": true, "rc": 100}
stderr: W: GPG error: http://archive.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://security.ubuntu.com trusty-security Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.canonical.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
E: There are problems and -y was used without --force-yes

to use the 'ssh' connection type with passwords, you must install the sshpass program

I get this when I run
ansible-playbook -i hosts.ini bootstrap.yml --ask-pass --sudo

Should I update ubuntu_release, logwatch_email, deploy_password?

defined in bootstrap.yml?

ubuntu_release: lucid
logwatch_email: [email protected]
deploy_password:

It is not mentioned in the README, but it seems like I should.

bootstrapping from a root login

I'm trying to do this on a brand new box with only a root login.

It looks like your bootstrap would try to login as yourself (phred, or in my case crucial)

but I tried this in my /etc/ansible/hosts

166.78.1.2 ansible_ssh_user=root

and either way its getting rejected

fatal: [166.78.1.2] => {'msg': 'FAILED: Authentication failed.', 'failed': True}

and I can see the auth.log showing the rejection:

Mar 6 17:11:32 localhost sshd[3712]: Connection closed by 77.12.236.94 [preauth]

do you have any idea what might be going on ? You said you tested it on vagrant.

thanks for posting this !