Skip to Content

Ansible

Ansible handles configuration management for the bastion host and load balancer. All playbooks and inventory live in infra/ansible/.

FieldValue
Playbooksinfra/ansible/playbooks/
Inventoryinfra/ansible/inventory/moh.yaml
SSH keysinfra/ansible/playbooks/files/keys/ (~20 team member keys)

Playbooks

PlaybookPurpose
bastion.yamlBastion host setup — installs tools, configures sshd_config, deploys team SSH keys
bastion-del-user.yamlRemove a user’s SSH access from the bastion
load-balancer.yamlLoad balancer setup — renders and deploys nginx.conf.j2 template

SSH key management

Team member public keys are stored as individual files in playbooks/files/keys/. Running the bastion playbook deploys the full set of keys to the host’s authorized_keys. There are currently ~20 keys managed this way.

Adding a user

Add the public key file

Place the new team member’s public key at:

infra/ansible/playbooks/files/keys/<username>.pub

Run the bastion playbook

ansible-playbook playbooks/bastion.yaml -i inventory/moh.yaml

The playbook will deploy all keys in the keys/ directory, including the new one.

Removing a user

Run the removal playbook

ansible-playbook playbooks/bastion-del-user.yaml -i inventory/moh.yaml -e "username=<name>"

Remove the key file

Delete infra/ansible/playbooks/files/keys/<username>.pub from the repository so the key is not re-added on future bastion runs.

Last updated on