Ansible
Ansible handles configuration management for the bastion host and load balancer. All playbooks and inventory live in infra/ansible/.
| Field | Value |
|---|---|
| Playbooks | infra/ansible/playbooks/ |
| Inventory | infra/ansible/inventory/moh.yaml |
| SSH keys | infra/ansible/playbooks/files/keys/ (~20 team member keys) |
Playbooks
| Playbook | Purpose |
|---|---|
bastion.yaml | Bastion host setup — installs tools, configures sshd_config, deploys team SSH keys |
bastion-del-user.yaml | Remove a user’s SSH access from the bastion |
load-balancer.yaml | Load balancer setup — renders and deploys nginx.conf.j2 template |
SSH key management
Team member public keys are stored as individual files in playbooks/files/keys/. Running the bastion playbook deploys the full set of keys to the host’s authorized_keys. There are currently ~20 keys managed this way.
Adding a user
Add the public key file
Place the new team member’s public key at:
infra/ansible/playbooks/files/keys/<username>.pubRun the bastion playbook
ansible-playbook playbooks/bastion.yaml -i inventory/moh.yamlThe playbook will deploy all keys in the keys/ directory, including the new one.
Removing a user
Last updated on