====== Run automated config tasks with Ansible ======

  * **ssh** to ansible.socs and copy //.ssh/rsa_id.pub// to new vm //.ssh/authorized_keys// (append if exists already)
  * Add sysadmin account on new to local sudo group (via **visudo**, sudo must be installed)
  * Run **scripts/dhcp-free-addresses.py** to find a free 48.x ip (or 49.x if 48 exhausted). Student stuff can go directly on 49.x.
  * In **ldapvi** find the sOARecord for socs.uoguelph.ca (see **492 relativeDomainName=@** and increment the first int in the line (this is picked up by an hourly cron on fluffy that will trigger bind dns to update).
    * Also do the same for ldap record 512 (49.x ip's) or 514 (48.x)
  * On the ansible server, add name/ip of new machine to provision group in **/etc/ansible/** hosts, run **$ ansible -m ping provision**
  * Run **ansible-playbook playbook/role.yml** (Make sure role.yml includes //ldap2//)

FIXME remove the host setup stuff and only keep things related to ansible

====== Final steps ======

  * Restart autofs on new machine and confirm that ldap home dirs can be mounted. A system reboot may be required before dirs will mount.
  * Unless other groups need ssh access, append //simple_allow_groups = sysadmin// to ///etc/sssd/sssd.conf//
  * In ///etc/ssh/sshd_config// uncomment //GSSAPIAuthentication// and //GSSAPICleanupCredentials// and set both to 'yes'. If you want to make sure only a specific group can access ssh, append AllowGroups sysadmin to the file.