Difference between revisions of "Ansible Howto"

From Cactus Howto
Jump to navigationJump to search
Line 23: Line 23:
using user tim for ssh sessions, setting user up for sudo, ssh pub key auth
using user tim for ssh sessions, setting user up for sudo, ssh pub key auth


as root user
useradd -m tim -s /bin/bash
useradd -m tim -s /bin/bash
passwd tim
passwd tim
add user to sudo group
grep sudo /etc/group
grep sudo /etc/group
sudo:x:<id>:tim
sudo:x:<id>:tim
allow sudo group to use all commands via sudo
grep sudo /etc/sudoers
grep sudo /etc/sudoers
%sudo ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL

from here in user context
su - tim
su - tim
mkdir /home/tim/.ssh
mkdir /home/tim/.ssh

Revision as of 12:11, 17 November 2018

ansible first steps

documentation

installation

on ubuntu >= 18.04

sudo apt install ansible

on ubuntu older than 18.04 and debian (up to 9/stretch)

These systems ship with ansible versions older than 2.4. For apt module to work smoothly (e.g. autoremove) we really should have ansible 2.4 or above.

sudo echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" >> /etc/apt/sources.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt update
sudo apt upgrade
sudo apt install ansible

prepare a client for ansible usage

using user tim for ssh sessions, setting user up for sudo, ssh pub key auth

as root user

useradd -m tim -s /bin/bash
passwd tim

add user to sudo group

grep sudo /etc/group
sudo:x:<id>:tim

allow sudo group to use all commands via sudo

grep sudo  /etc/sudoers
%sudo	ALL=(ALL:ALL) ALL

from here in user context

su - tim
mkdir /home/tim/.ssh
chmod 700 /home/tim/.ssh
echo "<ssh-public-key>" >> /home/tim/.ssh/authorized_keys
chmod 600 /home/tim/.ssh/authorized_keys

initial ansible serverconfig

Edit /etc/ansible/hosts

ansible advanced topics

use cases debian/ubuntu sys management using apt

This only works for ansible >=2.4.

tim@spike-vm:~/ansi$ ansible-playbook -l puppet apt-autoremove.yml -K
tim@spike-vm:~/ansi$ cat apt-autoremove.yml 
---

- hosts: all
  become: yes
  tasks:
     - name: Autoremove unused packages
       apt:
         autoremove: yes
       when: >
        ansible_distribution == 'Debian'
        or
        ansible_distribution == 'Ubuntu'

use case install apt package

tim@spike-vm:~/ansi$ ansible-playbook -l puppet apt-install.yml -K -e "package=apache2"
SUDO password: 

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [puppet]

TASK [install package "apache2"] ***********************************************
ok: [puppet]

PLAY RECAP *********************************************************************
puppet                     : ok=2    changed=0    unreachable=0    failed=0   
tim@spike-vm:~/ansi$ cat apt-install.yml 
---

- hosts: all
 become: yes
 tasks:
    - name: install package "Template:Package"
      apt:
       name: apache2
      when: >
       ansible_distribution == 'Debian'
       or
       ansible_distribution == 'Ubuntu'

use case change passwords for linux systems

use case add firewall rule

iptables

check point R80 API