You can lock yourself out of being able to ssh into your server with v0.7.3
nickjj opened this issue · comments
If you don't want to do these steps then I recommend using v0.7.2
if you still want the ansible functionality, otherwise just use v0.8.0
.
The generated inventory will lock you out of your server because it never writes the rule to allow ssh connections from your IP (don't worry this is dynamically obtained at the start of every ansible run).
To get around this for now you need to do:
- cd into your inventory directory
touch group_vars/app.yml
- cd into your playbook directory
- edit
site.yml
In site.yml
at line 25:
ferm_input_list:
- type: "dport_accept"
dport: ["http", "https"]
- Change
ferm_input_list
toferm_input_group_list
- Copy those 3 lines.
- Delete lines 23-27 (there should be no trace of ferm in your app play)
- Go back to your inventory directory
- Edit
group_vars/app.yml
and paste in those 3 lines
Your app.yml
should now look like this:
---
ferm_input_group_list:
- type: "dport_accept"
dport: ["http", "https"]
- Login to your provider's control panel and gain access to your server
- On your server...
sudo nano /etc/ferm/filter-input.d/10_ansible_controller.conf
Edit 10_ansible_controller.conf
to look like this:
# replace X.X.X.X with your work station's IP address.
protocol tcp dport ssh saddr X.X.X.X ACCEPT;
- Save that file and
sudo service ferm reload
You should now be able to perform an ansible playbook run, do a run with --tags common
and you will be good to go.