• ssh to ansible.socs and copy .ssh/rsa_id.pub to new vm .ssh/authorized_keys (append if exists already)
• Add sysadmin account on new to local sudo group (via visudo, sudo must be installed)
• Run scripts/dhcp-free-addresses.py to find a free 48.x ip (or 49.x if 48 exhausted). Student stuff can go directly on 49.x.
• In ldapvi find the sOARecord for socs.uoguelph.ca (see 492 relativeDomainName=@ and increment the first int in the line (this is picked up by an hourly cron on fluffy that will trigger bind dns to update).
  • Also do the same for ldap record 512 (49.x ip's) or 514 (48.x)
• On the ansible server, add name/ip of new machine to provision group in /etc/ansible/ hosts, run $ ansible -m ping provision
• Run ansible-playbook playbook/role.yml (Make sure role.yml includes ldap2)

remove the host setup stuff and only keep things related to ansible

• Restart autofs on new machine and confirm that ldap home dirs can be mounted. A system reboot may be required before dirs will mount.
• Unless other groups need ssh access, append simple_allow_groups = sysadmin to /etc/sssd/sssd.conf
• In /etc/ssh/sshd_config uncomment GSSAPIAuthentication and GSSAPICleanupCredentials and set both to 'yes'. If you want to make sure only a specific group can access ssh, append AllowGroups sysadmin to the file.