Ansible Bootstrapping

The configurations and adjustments to the Operating System that are necessary for Managed RHEL are configured with Ansible. In the background, Ansible Tower is used for managing the Ansible tasks. Ansible requires the local user sa-esc-ansible on the Swisscom RHEL VM with elevated privileges. Bootstrapping refers to the initial configuration on the Swisscom RHEL VM to make the VM ready for the remote execution of Ansible playbooks.

Bootstrapping VM

The bootstrapping of a VM will be executed, when the Prepare for Extensions checkbox is selected while ordering a new VM.

The Prepare for Extensions checkbox will trigger a script during the VM provisioning which executes the following steps:

• Create the local user sa-esc-ansible
• Configure the public key in the authorized key file, for the SSH public/private key authentication
• Create the sudo configuration for the local user sa-esc-ansible

When you accidentally have deleted or changed the existing configurations for the sa-esc-ansible user, you can bootstrap your VM again. Select the VM in the portal and execute the Manage Extension action again.

This is an information message

Warning

Note that this action will also reapply the CIS Hardening settings and patch and reboot the VM!

Public / Private Key Authentication

Ansible uses the local user sa-esc-ansible with sudo privileges to execute the playbooks on the Swisscom RHEL VMs. The access works with SSH public/private key authentication. For security reasons, the private key is stored encrypted in Ansible Tower and cannot be displayed in the Ansible Tower management interface. In addition, the private key is protected with a strong passphrase.