Setting Up Your Odroid-C1 Easily with Ansible
I’ve been toying around with a pair of Odroid-C1’s lately, and it’s always a pain to have to go through setting them up. I’m used to the tools I have at work that allow me to provision/configure multiple hosts as once, one of them being a variant of Ansible. So why not take the same approach to home deployments?
I’ll run you through my initial playbook that I’ve run on my Odroids to set them up. Hopefully this will help take the pain out of what you do. And before I go any further, I want to give a shout out to ThorneLabs, whose post was the inspiration for me writing this.
Installing and Setting Up Your Ansible Environment
I’m using OS X as my primary OS at work/home. So from here on out, you may notice OS X-centric commands (e.g., anything using Hombrew). I’ll do my best to point those out when they pop up.
To start, you’ll need to install Ansible. For OS X, simply type:
brew install ansible
For other OS’s (e.g., Linux desktops), you’ll want to use the following:
sudo pip install ansible
Then, you’ll need to get a working directory up and running. Here’s what mine looks like:
1 2 3 4 5 6
tools/ansible - [master] » tree . . ├── inventory │ └── hosts └── playbooks └── odroidSetup.yml
You can do something similar if you’d like. Keep in mind, that this is being done locally and not on your odroid.
Once you’ve set up your working directory, you’ll need to set up your hosts file for Ansible. Keep in mind, this is going to be different than /etc/hosts. Your Ansible hosts file will contain your device(s) and will look something like this:
1 2 3 4 5 6 7 8 9 10 11
ansible/inventory - [master] » cat hosts [odroids-local] od1.example.com ansible_ssh_host=192.168.1.2 od2.example.com ansible_ssh_host=192.168.1.3 [webservers] web1.example.com web2.example.com [dbservers]
One thing to note here, you’ll need an IP (i.e., the ansible_ssh_host line) if your Odroid’s name isn’t resolvable through DNS. Cool, so now that we’ve got our environment set up, you’ll need a playbook.
Writing Your Ansible Playbook
Let’s take a look at the playbook:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
--- - name: Initial Odroid Setup hosts: odroids-local user: root vars: - root_password: 'HASHED ROOT PASSWORD HERE' - <YOUR USER>_password: 'USER PASSSWORD HERE' tasks: - name: Change root password user: name=root password= - name: Add user <YOUR USER> user: name=<YOUR USER> password= comment="<YOUR USER'S REAL NAME>" state=present shell=/bin/bash - name: Add SSH public key to user <YOUR USER> authorized_key: user=<YOUR USER> key="" - name: Add user <YOUR USER> to sudoers lineinfile: "dest=/etc/sudoers regexp='^<YOUR USER> ALL' line='<YOUR USER> ALL=(ALL) NOPASSWD: ALL' state=present" - name: Disallow root SSH access lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present notify: - restart sshd - name: Disallow SSH GSS API authentication lineinfile: dest=/etc/ssh/sshd_config regexp="^GSSAPIAuthentication" line="GSSAPIAuthentication no" state=present notify: - restart sshd - name: Run apt-get update & upgrade apt: update_cache=yes upgrade=dist - name: Install Packages apt: name= state=latest with_items: - vim - git - nginx handlers: - name: restart sshd service: name=sshd state=restarted
Even if you’ve not touched Ansible before, it’s going to be pretty quick to pick up. As a note, Ansible uses YAML for it’s files, and YAML’s a bit particular about spacing. So when you write this, do your best to keep your spacing correct. If you need/want to understand more about spacing, head over to Ansible’s documentation on YAML, which does an excellent job on explaining how to space things out.
Let’s go over a few things you’ll want to change in your version of the playbook:
- Make sure to change the user specification. I know, but I’m not taking anything for granted here.
Make sure that you set up hashed passwords. I can’t stress this enough. If you need to know how, take a gander:
openssl passwd -1 "YOUR/ROOT HASHED PASSWORD"
Once you’ve changed the user and the password hashes, you should be good to go, so let’s run this puppy!
ansible-playbook -i inventory/hosts playbooks/odroidSetup.yml --private-key ~/.ssh/id_rsa
You should then be able to log in with your new user and su to root with the hashed password.
Give it a shot, and let me know if you have any questions!