-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTEMPLATE--ansible.cfg
86 lines (70 loc) · 5.49 KB
/
TEMPLATE--ansible.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
; ansible.cfg - project root
; Create this file by copying TEMPLATE--ansible.cfg ---> ansible.cfg
; See the README.md and comments in this file for instructions on how to configure/customize ansible.cfg
[defaults]
inventory = inventory.yaml
remote_user = ec2-user
; The vpc_subnet_id id is very important. A basic AWS account will get four subnets, each spanning about
; 4000 IP addresses. AnsibleMyEC2 is designed for smaller-scale operations to keep it simple. Pick one of your
; subnets in your account and just always use that subnet id, which is visible in your AWS console under
; Subnets or under your VPC, details.
; Wait until you have a good reason to increase the complexity of your infrastructure by using multiple subnets.
; I would pick the first subnet in the list and/or the one with the lowest range of values or if there are different
; regions, then I would pick the most default region, etc. Then just stick to that one subnet id for AnsibleMyEC2
; use and for all your related EC2 instances (managed nodes).
vpc_subnet_id = XXXXXXXX_YOUR_SUBNET_ID_XXXXXXXX
; PREFERRED SSH AUTHENTICATION METHOD - AWS PRIVATE KEY
ansible_ssh_private_key_file = secrets/aws_account_main_key_pair_pub_key.pem
; Full instructions for ssh key usage can be found at the end of this file.
; ALTERNATE SSH AUTHENTICATION METHOD - LOCAL PUBLIC KEY - (WITH EXTRA MANUAL STEPS ON MANAGED NODES)
;private_key_file = secrets/aws_account_main_key_pair_pub_key.pem
;private_key_file = ~/.ssh/id_rsa.pub
; Stdout/debug output is much more readable as YAML:
stdout_callback = yaml
; Silence warnings to keep output relevant. Occasionally enable warnings and check them to see if they need action.
action_warnings=False
;=====================================================================================================================
; HOW TO CONFIGURE THE ALL-IMPORTANT SSH KEY
;
; You will either be using the private key (.pem file) from your AWS account's main key pair or another AWS key pair
; in your AWS account which you specify when creating resources like EC2 instances, OR .. you will be using a local
; public key which you generated yourself. In this second case, such local keys will have to have been installed on
; each managed node manually. Only AWS account keys, usually your main/default key, can be automatically installed on a
; potential managed node EC2 instance ahead of time (at the time of instance creation); hence why it is the
; preferred method. See below for details.
;---------------------------------------------------------------------------------------------------------------------
;---------------------------------------------------------------------------------------------------------------------
; PREFERRED KEY STRATEGY - AWS MAIN KEY PAIR PRIVATE KEY (.pem file)
;
; The below path for 'ansible_ssh_private_key_file' shows an example placeholder key, illustrating how to use the
; secrets directory in this project. The /secrets/ directory prevents all contents from being added to a git
; repository, thanks to the project .gitignore file.
; A private key from your AWS account, possibly your main private key (.pem file) from your main AWS account Key Pair,
; is a preferred key to use, because when you create resources like EC2 instances, only a private key from your
; AWS account can be assigned to work out of the box for Ansible authentication. Any other key will require
; additional manual steps. This is the simplest scenario to enable authentication to new managed nodes.
;
; #### private_key_file = secrets/aws_account_main_key_pair_private_key.pem
;---------------------------------------------------------------------------------------------------------------------
;---------------------------------------------------------------------------------------------------------------------
; ALTERNATE STRATEGY - LOCALLY-GENERATED, MANUALLY-INSTALLED PUBLIC KEY
;
; The below path for 'private_key_file' shows an example placeholder key, illustrating how to use the secrets
; directory in this project. The /secrets/ directory will prevent all contents from being added to a git repository,
; thanks to the project .gitignore file.
; This might be the public key you generated yourself locally, using the ssk-keygen command. In this scenario, you
; would copy this locally-generated public key from it's default location at ~/.ssh/id_rsa.pub (or similar) to a
; descriptive pathname, living inside the /secrets/ directory.
; NOTE: This key will work on your EC2 hosts exactly like the default AWS account key pair private key. HOWEVER, you
; will have to ssh into the host manually (or using some other automation) and ADD this locally-generated key to
; the EC2's ec2-user authorized_keys file, usually located at ~/.ssh/authorized_keys
;
; #### private_key_file = secrets/ssh_local_pub_key_authorized_on_managed_nodes.pub
;---------------------------------------------------------------------------------------------------------------------
;---------------------------------------------------------------------------------------------------------------------
; ALTERNATE EQUIVALENT
; This is the same as the above strategy, just without copying the key to /secrets/ with a descriptive name.
; If you also authorized your local default pub key on your managed hosts, this should work for most people on
; a macOS or Linux workstation or control node, under the relevant user account:
; #### private_key_file = ~/.ssh/id_rsa.pub
;---------------------------------------------------------------------------------------------------------------------