Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rb:ansible [18/09/2018 16:53]
andrew [Tips]
rb:ansible [16/09/2019 18:11] (current)
andrew [Manipulate login shell]
Line 2: Line 2:
  
 Ansible is an ssh based configuration management system. These notes are primarily for my benefit so don't believe anything here! Ansible is an ssh based configuration management system. These notes are primarily for my benefit so don't believe anything here!
 +
 +Ansible can also be run from within [[rb:​packer|packer]] from HashiCorp as a Provisioner.
 +
 +
 +===== Install pip3 =====
 +
 +  root@client01:​~#​ apt install python3-pip
 +  root@client01:​~#​ which pip3
 +  /​usr/​bin/​pip3
 +
 +===== Installing Ansible =====
 +
 +Ansible is a python package and can be installed with pip:-
 +
 +
 +  /​usr/​bin/​pip3 install ansible
 +
 +Testing if the python-yum module is present:-
 +
 +  python -c \"​import yum; print('​yum python OK'​)\"​
 +
 +
 +
 +===== Running playbook locally on just localhost =====
 +
 +  # ansible-playbook playbook.yml -c local -i localhost, ​
  
 ===== Running a specific section of a playbook ===== ===== Running a specific section of a playbook =====
Line 21: Line 47:
 Running this gives a horrible error:- Running this gives a horrible error:-
  
-<​code ​ansible>+<​code ​yaml>
   - name: 5.3.1 set minimum password length.   - name: 5.3.1 set minimum password length.
     lineinfile:     lineinfile:
Line 38: Line 64:
 From several vague posts, it seems related to the regex handeling, but other very similar blocks of code run just fine:- From several vague posts, it seems related to the regex handeling, but other very similar blocks of code run just fine:-
  
-<​code ​ansible>+<​code ​yaml>
   - name: 5.3.1 require 1 digit in password   - name: 5.3.1 require 1 digit in password
     lineinfile:     lineinfile:
Line 53: Line 79:
  
 This works:- This works:-
-<​code ​ansible>+<​code ​yaml>
 regexp: '​^(#​).(minlen.=)(.*$)'​ regexp: '​^(#​).(minlen.=)(.*$)'​
 line: '\2 8' line: '\2 8'
Line 66: Line 92:
 ===== Debug command ===== ===== Debug command =====
  
-<​code>​+<​code ​yaml>
   - name: Add motd line   - name: Add motd line
     copy:     copy:
Line 83: Line 109:
  
  
-<​code>​+<​code ​json>
 TASK [cisHardening : debug] **************************************************** TASK [cisHardening : debug] ****************************************************
 ok: [amazonlinux02] => { ok: [amazonlinux02] => {
Line 116: Line 142:
 debug: can also show all the suffixes to a variable which can be tested such as ''​changed''​ and the unix ''​rc''​ return code from ''​$?''​ debug: can also show all the suffixes to a variable which can be tested such as ''​changed''​ and the unix ''​rc''​ return code from ''​$?''​
  
-<​code>​+<​code ​yaml>
 # Get users with bash shell, but not root and check /home/$USER exists, throws error if no home dir. $? gives 0 if exists, 2 if no home dir # Get users with bash shell, but not root and check /home/$USER exists, throws error if no home dir. $? gives 0 if exists, 2 if no home dir
   - name: 6.2.7 Ensure all users' home directories exist (Scored)   - name: 6.2.7 Ensure all users' home directories exist (Scored)
Line 166: Line 192:
  
  
 +===== Conditional code =====
 +
 +<code yaml>
 +- name: Create home directory for cwagent (RedHat Linux)
 +  file:
 +    path:  /​home/​cwagent
 +    state: directory
 +    owner: cwagent
 +    group: cwagent
 +    mode:  0750
 +  when: ansible_distribution_file_variety == "​RedHat"​
 +  ​
 +</​code>​
 +
 +===== Manipulate login shell =====
 +
 +<code yaml>
 +- name: change user default shell to no-login
 +  user:
 +    name: cwdeviceuser
 +    shell: /​sbin/​nologin
 +</​code>​
 +
 +
 +
 +
 +
 +====== Examples ======
 +
 +Set up a hosts file for ansible with sections for each group of hosts
 +<​code>​
 +$ cat hosts-ansible.ans ​
 +[webServers]
 +amazonlinux02
 +amazonlinux03
 +
 +[databaseServers]
 +amazonlinux03 ​
 +</​code>​
 +
 +Run ansible directly (without playbook) to run remote command to install package:-
 +<​code>​
 +$ ansible -i hosts-ansible.ans -u ec2-user --sudo --private-key ansible_id_rsa webServers -a "rpm -q postfix"​
 +amazonlinux02 | SUCCESS | rc=0 >>
 +postfix-2.10.1-6.amzn2.0.1.x86_64
 +
 +amazonlinux03 | SUCCESS | rc=0 >>
 +postfix-2.10.1-6.amzn2.0.1.x86_64
 +
 +andrew@puppet:​~/​ansible$ ​
 +</​code>​

rb/ansible.1537286024.txt.gz ยท Last modified: 18/09/2018 16:53 by andrew