Quick start ================= .. attention:: Always test the playbooks with parameter --check and --diff first. Only remove ``--check`` when you're happy with the changes. General information ------------------- What follows are the three most important tasks for administrators. Deploy Users and SSH Keys ------------------------- To deploy all users along with their ssh-keys to all target-systems and phonehome run: .. code-block:: shell ansible-playbook playbook_update_user_keys.yml --diff --check To deploy ssh-keys to a limited amount of systems run: .. code-block:: shell ansible-playbook playbook_update_user_keys.yml --diff --limit SYSTEM|GROUP --check Deploy Host Keys to Phonehome ----------------------------- The playbook ``update_phonehome_host_keys`` will install SSH keys of hosts using phonehome in the authorized_keys file for pfremote: .. code-block:: shell ansible-playbook playbook_phonehome_update_remote_keys.yml --diff --check Create and Deploy Email Signatures ---------------------------------- The source and single point of truth of mail signatures is the Ansible repository. Have a look at `possible vars` and at Add a host to BackupPC ---------------------- It is strictly recommended that only qualified personal with knowledge in adding a host to BackupPC should work on this sophisticated task. If necessary, contact the responsible person and get permission to do this. Documentation on BackupPC: ``_ ``_ Add host with "vars" (parameters) to ./data/hosts/[DEPARTMENT]/[SSH-HOSTNAME]. Possible vars can be found in :ref:`chapter_possible_vars`. You need at least ``quadrant_backup:``. .. hint:: If the hostname cannot be resolved by pf-backup, you need to add the host to the file ``./roles/quadrant_backup_pc_host_config/tasks/main.yml`` in section 'add clients that cannot be resolved to /etc/hosts' Then let Ansible make the necessary changes to the client configuration: .. code-block:: shell ansible-playbook playbook_quadrant_backuppc_client_config.yml --diff --check Then let Ansible make the necessary changes to the server configuration: .. code-block:: shell ansible-playbook playbook_quadrant_backuppc_server_config.yml --diff --check Confirm the changes and start the command without ``--check`` Now you need to connect manually once and accept the hostkey of the client: .. code-block:: shell su - backuppc ssh NAME_OF_CLIENT Handling missing host key fingerprints -------------------------------------- The SSH prompt which asks you to confirm the fingerprint (the host key verification) cannot be answered during ansible calls, because the keyboard is not available. Ansible hangs in those cases. .. code-block:: none The authenticity of host '[127.0.0.1]: ([127.0.0.1]:)' canĀ“t be established. ECDSA key fingerprint is SHA256:LvTLiGmsVgZJizy34T3chPHdrRtR4SWmUehGbb1soeE. Are you sure you want to continue connecting (yes/no/[fingerprint])? To fix this, cancel ansible, and then SSH to the host in question directly. You can then answer the fingerprint prompt with "yes" and go back to ansible.