filviu.hetzner_installimage

Panoramica Versioni Approfondimenti

Ansible Role: Hetzner Installimage

Set up a Hetzner Dedicated Server with your chosen operating system and optional full disk encryption.

CI

Stand With Ukraine

Warnings

All data on the server will be deleted.

Requirements

  • You need to know the server's IP address.
  • The server must be rebooted into rescue mode. If it’s a new server, order it with rescue mode.
  • When setting up rescue mode, select all the SSH keys you want to use for logging into the boot environment to enter the encryption password.

Role Variables

Check defaults/main.yml for the settings:

hetzner_installimage_cryptpassword: "password"

hetzner_installimage_disks:
  - "/dev/nvme0n1"
  - "/dev/nvme1n1"

# Create EFI partition
# Newer machines like EX-53 require this
hetzner_installimage_esp: true

hetzner_installimage_swraid: 1
hetzner_installimage_swraidlevel: 1

hetzner_installimage_hostname: "custom"

hetzner_installimage_image: "/root/images/Debian-1010-buster-64-minimal.tar.gz"

# List of public SSH keys to log into the BusyBox environment to enter the encryption password and boot the server.
# If not provided, the keys used when setting up the rescue environment will be used.
#
#hetzner_installimage_sshkeys: 
#  - "key1"

Example Playbook

# hetzner-installimage.yml
---
- hosts: all

  roles:
    - role: filviu.hetzner_installimage
      hetzner_installimage_image: "/root/images/Debian-1010-buster-64-minimal.tar.gz"

If you're okay with the default settings or have added them to your playbook hetzner-installimage.yml, you can run a command like this:

ansible-playbook -i "1.2.3.4," -u root -e "hetzner_installimage_cryptpassword=MY_SECURE_PASS" hetzner-installimage.yml

This avoids storing your encryption password (remember to clear your bash history) and adding the machine to your inventory. You can also add the password encrypted in the playbook.

If you only occasionally need to set up machines with SATA disks instead of NVMe (the default), you can override the disk list in the command line:

ansible-playbook -i "1.2.3.4," -u root -e "hetzner_installimage_cryptpassword=MY_SECURE_PASS" -e '{"hetzner_installimage_disks":["/dev/sda","/dev/sdb"]}' hetzner-installimage.yml

Important Notes

  • Make sure you know how to unlock your server after a reboot (e.g., you will need to allow SSH access through the firewall if using a minimal environment).
  • You don’t need to add the server to your Ansible inventory.
  • Define the SSH keys variable or comment it out. If you define it and it’s empty, the role will fail, and you won’t be able to log in to boot the server.
  • No hand-holding! Keep your password safe, use the correct SSH keys, ensure the server is in rescue mode, and don’t lose any data you need.
  • This setup has only been tested with Debian versions 10 and 11 but should also work with Ubuntu.
  • Debian 10 does not support ED25519 keys!

License

MIT / BSD

Author Information

This role was created by Silviu Vulcan to meet his own needs.

Informazioni sul progetto

Hetzner Installimage Setup. Encryption supported.

role encryption hetzner server
Installa
ansible-galaxy install filviu.hetzner_installimage
GitHub repository
4 stelle
2 fork
1 problemi aperti
Licenza
Unknown
Download
17.2k
Proprietario
Silviu Vulcan
Sysadmin / DevOPS engineer. Probably doing devops before it was fashionable to be named that.