Deploy DigitalOcean using Ansible with these simple steps in this article. At Bobcares, with our DigitalOcean Managed Services, we can handle your DigitalOcean problems.

Deploy DigitalOcean using Ansible – How to?

We will be using an Ansible playbook to automate the steps for a DigitalOcean server setup. This playbook will install aptitude ( used in Ansible instead of apt package manager ) and system packages. It will create the administrative group wheels and set it up for sudo without a password. Also, set up a fresh sudo user.

The playbook also adds a local SSH public key for the new administrative user on the remote host’s authorized keys file. For the root user, the execution of this playbook disables password-based authentication. It also set the UFW firewall to only permit SSH connections and to reject all other traffic.

Using Ansible Playbook

1. We need to get the Ansible Playbooks do-community repository’s initial server setup playbook and all of its dependencies. A copy of this repository will be there in the local folder in the Ansible control node. If we are doing it for the first time, then we need to clone the repository with the controller node:

cd ~
git clone https://github.com/do-community/ansible-playbooks.git
cd ansible-playbooks

2. If we’ve already cloned this repository, then we must get into the ansible-playbooks, copy it, and run a git pull command to make sure we have the new contents:

cd ~/ansible-playbooks
git pull

3. We need the files inside the setup_ubuntu1804 folder.

setup_ubuntu1804
├── playbook.yml
└── vars
    └── default.yml

4. Now we’ve to modify the playbook’s variable file in order to customize its values. So open the vars/default.yml file by going to setup_ubuntu1804 folder.

cd setup_ubuntu1804
nano vars/default.yml

5. After we open the vars/default.yml file, we need to know about certain fields to make the customization easier. It includes:

create_user: The name of the newly created sudo user.

copy_local_key: The location of a local SSH public key file that needs to be copied to a remote server and inserted as the new sudo user’s authorized key. For the current system user at the Ansible control node, the default value uses the lookup plugin to get the whole path to the default public key.

sys_packages: A list of the packages we want to apply on the hosts as part of the initial server setup, represented as an array.

6. After the changes are made, save the file and close it.

7. Now we can run this playbook on the servers. In order to run this playbook on the server X, connecting as root, we can use the below code:

ansible-playbook playbook.yml -l serverX -u root

8. After the playbook completes its running, we’ll be able to log in to the server with the below code:

ssh bobcares@server_host_or_IP

9. When connecting over SSH as the new user, we must supply an additional parameter describing the location of its private key counterpart if we have modified the copy_local_key variable to point to a custom SSH key. E.g.,

ssh bobcares@server_host_or_IP -i ~/.ssh/ansible_controller_key

10. We can examine the UFW firewall’s active rules after signing in to the server to ensure that it is set up correctly:

sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             

[Looking for a solution to another query? Simply click here to reach us.]

Conclusion

The article provides a 10-step method from our Tech team to use Ansible Playbooks to automate the server deployment in the DigitalOcean platform.