...
4.2. (Optional) Update Inputs & Re-run
| Tip |
|---|
Well-developed Items Ansible Playbooks are idempotent and allow replay; subsequent runs apply only the changes that are needed, and bring the configuration into a desired state despite prior failed runs (caused due to transient errors like connection loss, out-of-memory issues, etc.). |
As is the case for other Items open-sourced by the EWC, you can change the inputs of the SSH Bastion Flavour at any point in time, by simply re-running with the new values.
Imagine for example that you decide later on to apply Fail2Ban on all IP addresses, regardless of whether they are internal or not. To achieve this, simply run:
| Code Block | ||
|---|---|---|
| ||
$ ansible-playbook -i inventory.yml -e '{"whitelisted_ip_ranges": ""}' ssh-bastion-flavour.yml |
This will trigger the reconfiguration of your target VM, to remove all IP addresses from the Fail2Ban whitelist.
Conclusion
That is all! With a working environment such as the one we've setup together in this step-by-step, you should be ready to configure you VMs to run any of the software stack shared on the Community Hub 🎊
Best Practices
If unsure, leave
whitelisted_ip_rangesunset, or add only trusted networks.- Test on a staging VM before production rollout.
- Dry run before applying changes:
...