Need for best security practice
Also, add them to sudoer list
Refer https://sites.google.com/site/jbsakabffoi12449ujkn/home/linux-tools/how-to-create-a-linux-user-with-root-privilege#TOC-Steps-to-create-non-root-user
Needed for Ansible script
Refer: https://www.linuxbabe.com/linux-server/setup-passwordless-ssh-login
Passwordless SSH setup
deepakkumar$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/deepakkumar/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/deepakkumar/.ssh/id_rsa.
Your public key has been saved in /Users/deepakkumar/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dE1rn2us/qwc8zyW3S0UzX2HijhSqx1nJlhkBLf1e1Y
The key's randomart image is:
+---[RSA 4096]----+
| .oo . . |
| .oo + . |
| oo . = +E|
| .o. . ooo*|
| +So ...=.o|
| o * = .+.. |
| + B o.+oo|
| . . . O= +|
| .=+=o |
+----[SHA256]-----+
deepakkumar$ ssh-copy-id neo4jadmin@172.93.50.85
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/deepakkumar/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
neo4jadmin@172.93.50.85's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'neo4jadmin@172.93.50.85'"
and check to make sure that only the key(s) you wanted were added.
apt install docker.io
sudo apt install docker-compose
It is needed for managing docker container
Refer https://askubuntu.com/questions/477551/how-can-i-use-docker-without-sudo
Refer: https://code-maven.com/enable-ansible-passwordless-sudo
Edit sudoers file (sudo visudo)
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
#Added by dpkumar
appadmin ALL=(ALL) NOPASSWD:ALL
neo4jadmin ALL=(ALL) NOPASSWD:ALL
It is needed for changing permission
Refer: https://github.com/georchestra/ansible/issues/55
Install permission
neo4jadmin@sarvatservices:~$ sudo apt install acl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
eatmydata libeatmydata1 python3-importlib-metadata python3-jinja2 python3-json-pointer python3-jsonpatch python3-jsonschema python3-markupsafe python3-more-itertools python3-pyrsistent python3-zipp
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
acl
0 upgraded, 1 newly installed, 0 to remove and 116 not upgraded.
Need to get 37.8 kB of archives.
After this operation, 197 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu focal/main amd64 acl amd64 2.2.53-6 [37.8 kB]
Fetched 37.8 kB in 0s (244 kB/s)
Selecting previously unselected package acl.
(Reading database ... 143828 files and directories currently installed.)
Preparing to unpack .../acl_2.2.53-6_amd64.deb ...
Unpacking acl (2.2.53-6) ...
Setting up acl (2.2.53-6) ...
Processing triggers for man-db (2.9.1-1) ...
neo4jadmin@sarvatservices:~$ setfacl
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
Try `setfacl --help' for more information.
neo4jadmin@sarvatservices:~$ getfacl
Usage: getfacl [-aceEsRLPtpndvh] file ...
Try `getfacl --help' for more information.
neo4jadmin@sarvatservices:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
neo4jadmin@sarvatservices:~$
neo4jadmin@sarvatservices:~$
Error info
deepakkumar$ ansible-playbook -C deploy/deploy_neo4jdb.yml
PLAY [Neo4J DB installation] *******************************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [sarvat.com]
TASK [Pull code from source] *******************************************************************************************************************************************************************************
fatal: [sarvat.com]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1618689586.949128-92626-44678991355172/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1618689586.949128-92626-44678991355172/AnsiballZ_git.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
PLAY RECAP *************************************************************************************************************************************************************************************************
sarvat.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Install Ansible playbook inside virtual environment
Refer: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#from-pip
Ansible playbook in python virtual env
(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$ pip install ansible
Collecting ansible
Using cached ansible-3.2.0-py3-none-any.whl
Collecting ansible-base<2.11,>=2.10.7
Using cached ansible_base-2.10.7-py3-none-any.whl
Collecting cryptography
Downloading cryptography-3.4.7-cp36-abi3-macosx_10_10_x86_64.whl (2.0 MB)
|████████████████████████████████| 2.0 MB 2.5 MB/s
Collecting cffi>=1.12
Downloading cffi-1.14.5-cp38-cp38-macosx_10_9_x86_64.whl (176 kB)
|████████████████████████████████| 176 kB 6.8 MB/s
Collecting jinja2
Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
|████████████████████████████████| 125 kB 5.6 MB/s
Collecting MarkupSafe>=0.23
Downloading MarkupSafe-1.1.1-cp38-cp38-macosx_10_9_x86_64.whl (16 kB)
Collecting packaging
Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
|████████████████████████████████| 40 kB 7.6 MB/s
Collecting pyparsing>=2.0.2
Using cached pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
Collecting pycparser
Using cached pycparser-2.20-py2.py3-none-any.whl (112 kB)
Collecting PyYAML
Downloading PyYAML-5.4.1-cp38-cp38-macosx_10_9_x86_64.whl (253 kB)
|████████████████████████████████| 253 kB 6.6 MB/s
Installing collected packages: pycparser, pyparsing, MarkupSafe, cffi, PyYAML, packaging, jinja2, cryptography, ansible-base, ansible
Successfully installed MarkupSafe-1.1.1 PyYAML-5.4.1 ansible-3.2.0 ansible-base-2.10.7 cffi-1.14.5 cryptography-3.4.7 jinja2-2.11.3 packaging-20.9 pycparser-2.20 pyparsing-2.4.7
WARNING: You are using pip version 20.3.3; however, version 21.0.1 is available.
You should consider upgrading via the '/Users/deepakkumar/Documents/GitHub/ansible-twitter/twittersetupenv/bin/python -m pip install --upgrade pip' command.
(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$
(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$
(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$
(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$ ansible
ansible ansible-connection ansible-doc ansible-inventory ansible-pull ansible-vault
ansible-config ansible-console ansible-galaxy ansible-playbook ansible-test
(twittersetupenv) (base) Shilpis-MacBook-Air:ansible-twitter deepakkumar$ ansible
Check all passwords are strong and change them if needed
neo4jadmin
appadmin
neo4j DB