apt install ansible
mkdir /etc/ansible ; cd $_
ansible-config init --disabled > ansible.cfg
ansible-config --version
/etc/ansible missing
Leave a reply
Tag Archives: ansible
ansible create user and upload ssh key
---
- hosts: all_servers
vars:
ansible_python_interpreter: auto_legacy_silent
users:
- "user1"
- "user2"
- "user2"
tasks:
- name: "Ensure group admin exists"
group:
name: admin
state: present
- name: "Create user accounts"
user:
name: "{{ item }}"
groups: "admin"
shell: /bin/bash
with_items: "{{ users }}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item }}"
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
with_items: "{{ users }}"
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%admin"
line: "%admin ALL=(ALL) NOPASSWD: ALL"
Create SSH user keys in files directory:
ssh-keygen -t rsa -f ~/files/user1.pub -C user1
ssh-keygen -t rsa -f ~/files/user2.pub -C user2
ssh-keygen -t rsa -f ~/files/user3.pub -C user3
Run ansible yaml:
ansible-playbook users_create.yaml
That will create 3 users in all_servers group with sudo privileges.
ERROR: package is not a legal parameter in an Ansible task or handler
apt-get install software-properties-common
apt-add-repository ppa:ansible/ansible
apt-get update
apt-get install ansible
ansible fingerprint
vi /etc/ansible/ansible.cfg
[defaults]
host_key_checking = False
ansible ping
ansible -m ping --connection=local 127.0.0.1
127.0.0.1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
linux check password validity and change time
ansible -i inv inv_file -m shell -a “chage -l root”
ansible create empty file
copy: content="" dest=/etc/sample force=no
Example:
ansible -i inv server_group -m copy -a "content="" dest=/root/.ssh/authorized_keys2 owner=root group=root mode=0644"
ansible change root password
ansible change root password command line
pwgen -n 15 -c 1
soo2Echu7SooLao
using new python3:
python3 -c "import crypt; print(crypt.crypt('soo2Echu7SooLao', '\$6\$eyoo3seivengu3cei'))"
$6$eyoo3seivengu3ce$U30IkaHvd9Zmf4PPl1ZVR0G4coP6JZFwW/uxMkiVZV8vL2WjZaYrmsalfJ9snLjGR8rGKhCEyZpX5cRhAIf.R0
using old python2:
python -c 'import crypt; print crypt.crypt("soo2Echu7SooLao", "$6$saltsalt$")'
If you are getting error File "
import crypt; print crypt.crypt
SyntaxError: invalid syntax
use python3
using Perl:
perl -e 'print crypt("soo2Echu7SooLao","\$6\$saltsalt\$") . "\n"'
ansible -i inv xx.xx.xx.xx -m user -a ' name=root password=$6$eyoo3seivengu3ce$U30IkaHvd9Zmf4PPl1ZVR0G4coP6JZFwW/uxMkiVZV8vL2WjZaYrmsalfJ9snLjGR8rGKhCEyZpX5cRhAIf.R0' -k
SSH password:
xx.xx.xx.xx | success >> {
"append": false,
"changed": true,
"comment": "root",
"group": 0,
"home": "/root",
"move_home": false,
"name": "root",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 0
}
ansible add public key
ansible -i inv vit -m authorized_key -a " user=root key='{{ lookup('file', '~/.ssh/id_dsa.pub') }}' " -k
The service nscd is now operational
Error: The service “nscd” appears to be down
ansible hosting -i inv -m shell -a "sed -i -e 's/netgroup\s*yes/netgroup no/g' /etc/nscd.conf"
playbook run on one host
ansible-playbook my-playbook.yml -i inventory_file --extra-vars "target=hostname" --check
vi my-playbook.yml
---
- hosts: '{{ target }}'
remote_user: root
tasks:
- name: Install http on remote server
yum: pkg=httpd state=latest
ansible compare 2 php files
We need playbook.
—
– name: compare files
hosts: hosting
sudo: True
tasks:
– name: whatever
action: copy src=/var/www/html/update.php dest=/usr/local/apache/htdocs/update.php
ansible-playbook diff_php.yml -kK -u admins –limit=HostA –check –diff
ansible install rpm package
ansible webservers -m yum -a "name=httpd state=installed"
about Ansible
Ansible is an open source IT configuration management, deployment, and
orchestration tool. It is unique from other management tools in many respects,
aiming to provide large productivity gains to a wide variety of automation
challenges. While Ansible provides more productive drop-in replacements
for many core capabilities in other automation solutions, it also seeks to solve
other major unsolved IT challenges by unifying configuration, deployment, and
complex IT process orchestration.
One of the most important challenges in this environment is to do all of the
above while providing a robust, easy to manage architecture–a problem that is
frequently not well solved in this application space. A management tool should
not impose additional demands on one’s environment–in fact, one should have
to think about it as little as possible. It should be transparent and maximize
productivity gains. Let’s see how Ansible achieves these gains using a unique
agentless architecture.
Ansible Secure and Agentless
Ansible relies on the most secure remote management system available as its default transport layer: OpenSSH. OpenSSH is available for a wide variety of platforms, is very lightweight, and as security issues in OpenSSH are discovered, they are patched quickly.
Further, Ansible does not require any remote agents. It delivers Ansible modules to remote systems and executes tasks, as needed, to enact the desired configuration. These modules run with user-supplied credentials, including support for sudo and even Kerberos, and clean up after themselves when complete. Ansible does not require root privileges, specific SSH keys, or dedicated users and respects the security model of the system under management.
As a result, Ansible has a very low attack surface area and is quite easy to bootstrap.