This example configures a target host to use PrivX. It configures OpenSSH to accept PrivX CA certificates and sends information about the host identity to PrivX server. The example deploys a single Ubuntu host, please modify the scripts according to your needs.

Requirements for the example

  • Ansible 1.2 or compatible
  • Target host with Python 2.7 (modify the scripts to install Python if not available yet)
  • PrivX server configured with web-developers role.
  • Deployment script downloaded from PrivX UI as deploy.py
  • https port open between target host and PrivX endpoint

Deploying PrivX hosts with Ansible

  1. Install PrivX server and create a new role called web-developers and assign some users to the role.

  2. Go to https://[YOUR_SERVER]/privx/deployment/trusted-clients and add new Trusted Client.
  3. Download deploy.py for the trusted client and copy it to this directory.

  4. Modify privx_hosts file to contain your hosts.
  5. Copy your target host private key to privx_test.pem or change the filename in privx_hosts file.
  6. Run Ansible as specified below

ansible-playbook -b -i privx_hosts privx_hosts.yml

Note

Because deploy.py makes changes to OpenSSH configuration, it requires sudo access (-b flag).

After running the script, you should see the following:

dhcp-10-1-1-1:ansible user$ ansible-playbook -b -i privx_hosts privx_site.yml

PLAY [Deploy PrivX hosts]
****************************************

TASK [Gathering Facts]
****************************************
ok: [ubuntu1]

TASK [common : Copy deploy.py script to target host]
****************************************
ok: [ubuntu1]

TASK [common : Run deployment script]
****************************************
changed: [ubuntu1]

PLAY RECAP
****************************************
ubuntu1: ok=3    changed=2    unreachable=0    failed=0

Note

By default the deployment script works only once. If you want to be able to rerun the script for the same host, please edit the host in PrivX UI hosts list and check DeployableAllow deployment scripts to overwrite host.

Please download the Ansible deployment archive below.