Giter Club home page Giter Club logo

ansible-misc's Introduction

Miscellaneous Ansible playbooks

This is a small collection of playbooks for basic administration and audit of Ubuntu and Redhat based Linux distributions.

Some of the tasks include:

Create/remove users
Create/remove groups
Check patching status
Install patches
Check firewall/DNS/NTP settings

Requirements

  1. Linux or Mac Operating System.

  2. ansible:
    pip3 install ansible

  3. jinja2 template:
    pip3 install jinja2

  4. sshpass:
    sudo apt install sshpass
    ** Limit use of sshpass for early setup only, due to potential security issues. Deploy ssh keys to target hosts as early as possible. **

Summary of current configuration of ansible configuration (ansible.cfg). Edit as required.

Set inventory file as "inventory" (ini format)
Set default display of output for better readability
Set ansible.log in root directory of playbook
Set default interpreter as python3
Set some optimizations
Set host key checking to ignore

Edit inventory file as required. Eg:

inventory

[py3hosts]
localhost
192.168.2.3
my-vmware-cloud
my-file-server

Playbook Usage:

ansible-playbook tasks/adduser.yml -b -k -K

where:

-b, --become run operations with become (does not imply password prompting)
-K, --ask-become-pass ask for privilege escalation password
-k, --ask-pass ask for connection password

-k, --ask-pass is not required if using SSH keys

adduser-ansible-sudo.yml

This playbook creates a sudo user on newly provisioned VM(s) with SSH key deployed. Requires the play executed from the context of the new user on from the ansible "push" server (host machine).\

Example:

Create the user "ansible-user" as a sudo user to all the newly provisioned VM's. All commands to be executed on the host or local machine.

  1. Create ansible-user:
    sudo adduser ansible-user

  2. Switch or log on as the ansible-user:
    su - ansible-user

  3. Generate an SSH keypair
    ssh-keygen -b 4096 -t rsa

  4. Edit inventory file to include the VM's to have this user deployed to.

  5. From the roote of the git repo, execute the play to create the ansible-user on the new VM's:
    ansible-playbook tasks/initial-ansible-user.yml -bkK -u <root user or sudo user>

  6. Test the user was created with an SSH key on the new VM(s):
    ssh ansible-user@<IP-of-new-vm>

Roles

Brief note, if the ansible-role-nginx-tls is used, be aware that deployment of TLS private key certificate should not be provisioned this way. This is implemented here as a quick and simple example of how it could be done. Primarily for the purposes of being to able to view/test TLS certificates via gui, instead via openssl.

For test/development/temporary TLS certificate creation via HashiCorp Vault, see this repo: HashiCorp Vault TLS Certificates with raft backend

Misc Ad-hoc Command examples

Ping all the assets in inventory file

ansible all -m ping -b -k -K

Gather facts (information) from assets in inventory file

ansible all -m setup -b -k -K

Random command execution; alternative to writing a dedicated playbook

ansible all -a "cat /etc/passwd" -b -k -K

where:

-m MODULE_NAME, --module-name MODULE_NAME module name to execute (default=command)
-a MODULE_ARGS, --args MODULE_ARGS module arguments
-b, --become run operations with become (does not imply password prompting)
-K, --ask-become-pass ask for privilege escalation password
-k, --ask-pass ask for connection password

-k, --ask-pass is not required if using SSH keys

ansible-misc's People

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.