VM Setup for PAM Deployment Automation

This page provides guidance on how a VM should be setup for Ansible automation. The basic requirement is that Ansible must be able to connect to the VM over SSH with a user that has sudo privileges.

Ansible Connections to Remote Hosts

Ansible supports a variety of connection and authentication methods when managing remote hosts. But for the purposes of this document, the assumed connection and authentication model is:

• All connections use SSH.
• SSH authentication uses username and password credentials.
• The same username and password is used for SSH connections to all remote hosts.

Ansible can support other models but such configurations are out of scope.

Ansible User Account

Best practice is to create a new Linux group and user for Ansible to use. The name ansible is commonly used for both the group and user.

Requirements for the Ansible user account:

• It must have a home directory owned by the Ansible user.
• It must have sudo privileges.

The following script shows an example of how the Ansible user might be created.

ANSIBLE_USER=ansible3
ANSIBLE_GROUP=ansible3
sudo groupadd $ANSIBLE_USER
sudo useradd -g $ANSIBLE_GROUP -m -s /bin/bash $ANSIBLE_USER
sudo echo "$ANSIBLE_USER ALL=(ALL) ALL" > /etc/sudoers.d/$ANSIBLE_USER
sudo passwd $ANSIBLE_USER

The last command (passwd) will prompt for the Ansible user password. Be sure to set the same password on all VMs.