This is a sample playbook that illustrates how to create and provision a DigitalOcean droplet with Ansible; you can spin up and provision a droplet using the command line via this playbook.
This playbook does the following:
- Spins up a DigitalOcean droplet
- Adds the droplet's IP address to the ansible inventory file
- Setup the swap file
- Installs and setup fail2ban
- Setup Uncomplicated firewall
- Setup the timezone
- Adds a new user account with sudo access
- Adds a public ssh key for the new user account
- Disables password authentication to the droplet
- Deny root login to the droplet
- Installs the UnattendedUpgrades package for automatic security updates
- (Optional) Installs the LEMP stack
- (Optional) Installs Docker
Ansible >= 2.4.0.0
- Clone this repo:
git clone https://github.com/jasonheecs/ansible-digitalocean-sample-playbooks.git
cd ansible-digitalocean-sample-playbooks
-
Rename the
group_vars/all/secret.yml.examplefile togroup_vars/all/secret.ymland change the secret variables to your appropriate values. -
Modify the values in
group_vars/all/main.ymlwith your desired values. -
Run the following:
ansible-galaxy install -r requirements.yml
ansible-playbook -i hosts main.yml
Testing is done via Kitchen CI and Kitchen Ansible. Testing of the droplet setup is done via Kitchen Vagrant:
gem install bundler
bundle install
bundle exec kitchen test
Testing of the LEMP stack and Docker installation / setup is done via Kitchen Docker:
gem install bundler
bundle install
KITCHEN_YAML=".kitchen.travis.yml" bundle exec kitchen test
Refer to the travis.yml file and Travis build logs for details on the test build process and expected outputs.
MIT