Debops host requirements

Although Debops has very few requirements for a host1), it does need a few things:

  1. First, the host must be running a supported version of Debian or Ubuntu.
  2. The host must have python installed 2).
  3. The host must have openssh-server installed and running.
  4. You need to be able to log in to the server with an SSH key.
  5. The login account must be able to elevate to root privileges with sudo without entering a password.
  6. The login account should not have one of these blacklisted names:
    • admin
    • ansible
    • debian
    • root
    • ubuntu
    • user

One easy way to pre-configure your host for use with Debops is with cloud-init. cloud-init is pre-installed in all Ubuntu server images and all official Debian images hosted with cloud and Virtual Private Server providers.

Sample cloud-init config file

#cloud-config
users:
  - name: bob
    gecos: Bob Builder
    groups: sudo,adm,admin
    shell: /bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh-import-id: ssh-rsa AAAAB3NzaC1yc2EAAAABIwA bob@example
disable_root: true
fqdn: server1.example.com
manage_etc_hosts: true
package_upgrade: true
package_reboot_if_required: true
packages:
  - openssh-server
  - python
timezone: America/New_York

Explanation of the sample file

Save the file to your computer and name it something like cloud-init-config.yml .

The first line must contain #cloud-config . This is cloud-init's “shebang”.

On the third and fourth lines, enter your desired username in the name field and full name in the gecos field.

If you don't enter a shell, /bin/sh will be used which is probably not what you want.

The sudo line enables this account to elevate to root privileges without entering the user's password. This is important because ansible's default is to not prompt for a password. Also, this account that we're creating does not even have a password. The only way to log in with this account is with the SSH key.

In the next line, provide your public SSH key. Do not enter your private SSH key here. If you have added your SSH key to your Launchpad account, you can use this shorthand:

ssh-import-id: lp:bobbuilder

Or you can try using the GitHub shorthand:

ssh-import-id: github:bobbuilder

Debops is designed to work with a FQDN. A simple hostname will not work. If manage_etc_hosts is not set to true, cloud-init will only set the hostname and not the fqdn. The next four package lines ensure that python and openssh-server are installed, update all packages to their latest version, and reboot if any of the updates indicate that a reboot is required to fully apply the updates.

If you do not set a timezone, UTC will be used.

You can do much more with cloud-init, but since we're using debops to manage our server, it's probably better to make those changes in your debops project instead.

When to apply the cloud-init file

The cloud-init config file must be present before the first boot since many of the things cloud-init does only happens the first time a machine is started. Below are some instructions for specific providers.

Use cloud-init with DigitalOcean

When you create a Droplet with DigitalOcean, be sure to check the User data box and paste your cloud-init config in the box. To prevent a root password from being emailed to you, you should also associate an SSH key with your account and make sure the box is checked next to that SSH key.

Use cloud-init with DigitalOcean API

You can also use cloud-init if you use the DigitalOcean API. Here's an example of the syntax you could use.

First, apply for an API key. Keep that key secret since it's essentially a username and password to your account. Next, we need to lookup the ID of our SSH key. Replace SECRETAPIKEY with the long string of letters and numbers that is your key. Look for the “id” number that is part of the response you get.

curl -X GET "https://api.digitalocean.com/v2/account/keys" -H Type: "Content-Type: application/json" -H "Authorization: Bearer SECRETAPIKEY" 

Now replace MYSSHIDNUMBER with that number before entering this line:

curl -X POST "https://api.digitalocean.com/v2/droplets" -H "Content-Type: application/json" -H "Authorization: Bearer SECRETAPIKEY" \
-d '{"name":"server1.example.com","region":"nyc3","size":"512mb","image":"ubuntu-16-04-x64","ssh_keys":["MYSSHIDNUMBER"], \
"backups":false,"monitoring":false,"ipv6":true,"user_data":"'"$(cat /home/bob/cloud-init-config.yml)"'"}'

Use cloud-init with Amazon's EC2 Cloud

When you launch an Instance on Amazon's Elastic Compute Cloud (EC2) using the website, be sure to select Configure Instance. On the Configure page, select Advanced Details. Paste your cloud-init config file in the User data box. If you would prefer to upload your file, select As file and then Browse.

Use cloud-init with lxd

If your Ansible Controller3) is running Ubuntu 16.04 LTS or newer, you can use lxd.

Substitute EXAMPLE with your preferred hostname.

sudo apt install lxd
lxc init ubuntu:16.04 EXAMPLE
lxc config set EXAMPLE user.user-data - < /path/to/cloud-init-config.yml
lxc start EXAMPLE

After a few moments, running lxd ls will show you the IP address for your instance.

If you want to use lxc shell to manage your debops host, be sure to set this variable: console_serial: True

Check the status of cloud-init

It will take a few minutes to configure your host. When it is finished, the final line in /var/log/cloud-init-output.log will say finished.

Further reading

1)
The machine you are managing from debops
2)
Ubuntu 16.04 LTS only has python3 pre-installed. While ansible 2.2 has some python3 support, ansible's default and more complete implementation is python
3)
The machine you are running debops from
Print/export