very cool course thank you so very much. it was cool updating a couple of machines, but things started to stink when i had six. now i push one command and every server is done. what a time and pain saver! thank you again for taking the time to make this and all of your videos. you have taught me so much and i really appreciate it .
I just read you can use the 'content:' argument to directly put sudoers content into the file. Just a one line change and doesn't require an external file. These tutorials are very helpful - thanks!
"0440 because we want to keep it locked down" As we give simone ALL=(ALL) NOPASSWD XD Just thought that was really funny. Thank you so much for putting this series together. It's excellent.
Thanks for great videos! I have ran into a issue with the bootstrap playbook: When in your case the ansible.cfg has "remote_user" set to simone, Ansible will try to use that user when the bootstrap playbook is executed. But in fact the servers default user, such as root, ubuntu or whatever should be used for the bootstrap. This can be solved by adding the argument "-u default_user_on_server" to the ansible-playbook command.
for anybody following along today Ansible changed the way you can add sudoers files - name: Copy a new "sudoers" file into place, after passing validation with visudo copy: src: /mine/sudoers dest: /etc/sudoers validate: /usr/sbin/visudo -csf %s This format is the only way I got it to work for me
This series is super great and extremely helpful! One question from this lesson: is it "safe"/"best practice" to leave the simone user (and their sudoer file) on the systems after we're done running all of our ansible scripts, or should there also be a "teardown" file that we run at the end which removes her?
16:54 I'm not sure what 'update_only/update_cache' really does.. following along I added one centos server vm when you did. everything worked for some time but I started to receive 'unknown error' or something similar. error was gone after 'yum update' directly over centos terminal, centos downloaded 800mb of updates..
what is best only have 1 BIG file with all the servers in (in my case around 140) or more files ... we don't really got any servers with the same packages on ???
thanks for the series, your videos are awesome and very insightful. after concluding this series I keep getting: ERROR! couldn't resolve module/action 'authorized_key'. This often indicates a misspelling, missing collection, or incorrect module path. I have searched and implemented different fixes but they seem not to work. i will appreciate if anyone can help
Thank you for such a great video. I have tried to create users with bash scrip, csv list. It worked well. I wanted to verify the users with a custom module and csv new list of random users against a python ansible module. I have ran into tons of syntaxes issues. I wanted my script give me a printout of users that exist and and others who doesn't exist. How would you do that? Is there a better way to verify large amount of users with custom module?
Hi Jay, I have a question. When I build a Ubuntu VM or server I ofcourse create a linux user and I already pull down the SSH keys from github with the option in the installer. So I dont want to make an other user: simone for example but I want to use my already made user: user_example. Is this possible with the config you made?
No matter what I do I get the following error when running bootstrap.yml: " FAILED! => {"changed": false, "msg": "Unsupported parameters for (apt) module: update Supported parameters include: allow_unauthenticated, autoclean, autoremove, cache_valid_time, deb, default_release, dpkg_options, force, force_apt_get, install_recommends, only_upgrade, package, policy_rc_d, purge, state, update_cache, upgrade"}"
Hi, thanks for the video. I am new to Ansible and following your videos. Silly question - there is no password for the user Simone? Is this done to deny password authentication for user simone?? I can su - simone when logged on as root . Thank you
The bootstrap as explained in this video does not work. The ansible.cfg is looking for whatever amount I set up as the remote user. Commenting that out and trying --ask-become-pass still fails to connect with correct credentials. More time should have been spent on explaining initial bootstrap and initialization files.
If you disable the password in the sudoers group and is set to ALL, then why even bother with creating a second account in the first place? You are basically disabling the whole security purpose in sudo and might as well just use the root account directly because that is what it is at that point, just with a different name.
Hi Jay, after doing this several times, my "simone" user is not able to ssh into the server with no password. It keeps prompting me for the password. I'm running Centos 8. Do you know of any issues that might cause this?
on my Centos Stream 8 i was getting crazy with the following error: ERROR! couldn't resolve module/action 'authorized_key'. This often indicates a misspelling, missing collection, or incorrect module path. It turned out i was missing a collection. Fixed installing it: ansible-galaxy collection install ansible.posix
One of many ways to add key and create sudoers file. - name: Add Auth key to user from file authorized_key: user: neo state: present key: "{{ lookup('file','/home/pravs/.ssh/ansible.pub') }}" - name: Add sudoers file for neo user with content copy: dest: /etc/sudoers.d/neo owner: root group: root mode: 0440 content: | neo ALL=(ALL) NOPASSWD: ALL
very cool course thank you so very much. it was cool updating a couple of machines, but things started to stink when i had six. now i push one command and every server is done. what a time and pain saver! thank you again for taking the time to make this and all of your videos. you have taught me so much and i really appreciate it .
Glad it helped!
Thank you for doing these tutorials, i find them very informative and simple to understand.
This series has been really awesome!
I just read you can use the 'content:' argument to directly put sudoers content into the file. Just a one line change and doesn't require an external file.
These tutorials are very helpful - thanks!
Wow Jay. You did an awesome effort to learn us Ansible. I really appreciate this. Amazing. Thank you so much.
Everything works just fine. Thank you
Thanks for the content, its great.
bottom title at 0:37 says "Part 12 - Managing Services", should be "13- Adding Users & Bootstrapping". :)
Thank you, Jay. This series is really great!
WOW i got to watch that film love your content.........and they way you explain everything......thanks bro
We do love this series!
Hey Jay, your videos are awesome!
I wanted to let you know this video has the title card from Part 12.
... and thank you for movie advice 😉 ,, i will take a look.. and for sure for whole ansible series.. very very cool
"0440 because we want to keep it locked down"
As we give simone ALL=(ALL) NOPASSWD
XD
Just thought that was really funny. Thank you so much for putting this series together. It's excellent.
sudoers files must be 440 and the whole point is to make an ansible account that doesn't need to use a password vov
Thanks for great videos!
I have ran into a issue with the bootstrap playbook: When in your case the ansible.cfg has "remote_user" set to simone, Ansible will try to use that user when the bootstrap playbook is executed. But in fact the servers default user, such as root, ubuntu or whatever should be used for the bootstrap.
This can be solved by adding the argument "-u default_user_on_server" to the ansible-playbook command.
It still gives me a permission denied error.... Any tips?
I just ran the boorstrap playbook before added the "remote_user" to the config file.
My solution is to set the "remote_user" argument at the top of the boostrap.yml file, between "become" and "pre_tasks".
very cool, loved your included sim one
You did a fantastic job! Thank you very much.
You forgot to explain the sudoers file. A little research on visudo helped me understand though.
for anybody following along today Ansible changed the way you can add sudoers files
- name: Copy a new "sudoers" file into place, after passing validation with visudo
copy:
src: /mine/sudoers
dest: /etc/sudoers
validate: /usr/sbin/visudo -csf %s
This format is the only way I got it to work for me
Great series! Thank you
Thanks a lot, that was useful!
This series is super great and extremely helpful! One question from this lesson: is it "safe"/"best practice" to leave the simone user (and their sudoer file) on the systems after we're done running all of our ansible scripts, or should there also be a "teardown" file that we run at the end which removes her?
great lesson
16:54 I'm not sure what 'update_only/update_cache' really does..
following along I added one centos server vm when you did. everything worked for some time but I started to receive 'unknown error' or something similar. error was gone after 'yum update' directly over centos terminal, centos downloaded 800mb of updates..
Great content
thank you
Jay, why are you always saying another play instead of another task?
could you please make a video series on Kubernetes/k8s and Terraform
Is it okay to put into play public key in plain text?
what is best only have 1 BIG file with all the servers in (in my case around 140) or more files ... we don't really got any servers with the same packages on ???
What? If you want someone to try and help you…. Would be best to make your problem clear and understandable. Otw. 🤷♂️
thanks for the series, your videos are awesome and very insightful. after concluding this series I keep getting:
ERROR! couldn't resolve module/action 'authorized_key'. This often indicates a misspelling, missing collection, or incorrect module path.
I have searched and implemented different fixes but they seem not to work.
i will appreciate if anyone can help
Did you get this sorted? I think you were missing the ansible.posix module?
Thank you for such a great video. I have tried to create users with bash scrip, csv list. It worked well. I wanted to verify the users with a custom module and csv new list of random users against a python ansible module. I have ran into tons of syntaxes issues. I wanted my script give me a printout of users that exist and and others who doesn't exist. How would you do that? Is there a better way to verify large amount of users with custom module?
Hi Jay, I have a question. When I build a Ubuntu VM or server I ofcourse create a linux user and I already pull down the SSH keys from github with the option in the installer. So I dont want to make an other user: simone for example but I want to use my already made user: user_example. Is this possible with the config you made?
resolve the error, the error was in the playbook,
No matter what I do I get the following error when running bootstrap.yml:
" FAILED! => {"changed": false, "msg": "Unsupported parameters for (apt) module: update Supported parameters include: allow_unauthenticated, autoclean, autoremove, cache_valid_time, deb, default_release, dpkg_options, force, force_apt_get, install_recommends, only_upgrade, package, policy_rc_d, purge, state, update_cache, upgrade"}"
Hi, thanks for the video. I am new to Ansible and following your videos. Silly question - there is no password for the user Simone? Is this done to deny password authentication for user simone?? I can su - simone when logged on as root . Thank you
ran into same problem, i gave simone a password and then it worked fine
The bootstrap as explained in this video does not work. The ansible.cfg is looking for whatever amount I set up as the remote user. Commenting that out and trying --ask-become-pass still fails to connect with correct credentials. More time should have been spent on explaining initial bootstrap and initialization files.
If you disable the password in the sudoers group and is set to ALL, then why even bother with creating a second account in the first place? You are basically disabling the whole security purpose in sudo and might as well just use the root account directly because that is what it is at that point, just with a different name.
Hi Jay, after doing this several times, my "simone" user is not able to ssh into the server with no password. It keeps prompting me for the password. I'm running Centos 8. Do you know of any issues that might cause this?
had the same problem, "simone ALL=(ALL:ALL) NOPASSWD: ALL" instead of "simone ALL=(AL) NOPASSWD: ALL" did the trick for me
Will you recommend hosting my Django project on linode
Yes
👍🏻👍🏻
this mofo left himself a backdoor, right on video. BLAGOW!
Good content but SOOO ANNOYING!
It's "eS-Ewe(Doers)" - ie SUPER USER DO... - NOT SueDew!!! Uggh!
There's an interview with the creator of sudo here - you can hear his pronunciation of it as well:
ruclips.net/video/LaAwl3HN5ds/видео.html
on my Centos Stream 8 i was getting crazy with the following error:
ERROR! couldn't resolve module/action 'authorized_key'. This often indicates a misspelling, missing collection, or incorrect module path.
It turned out i was missing a collection.
Fixed installing it:
ansible-galaxy collection install ansible.posix
One of many ways to add key and create sudoers file.
- name: Add Auth key to user from file
authorized_key:
user: neo
state: present
key: "{{ lookup('file','/home/pravs/.ssh/ansible.pub') }}"
- name: Add sudoers file for neo user with content
copy:
dest: /etc/sudoers.d/neo
owner: root
group: root
mode: 0440
content: |
neo ALL=(ALL) NOPASSWD: ALL