Sunday, March 17, 2019
New York
The city looks so ceremonious although she has homed countless grievances for years. She is rigid and southern storm hasn't shaken her either. Many scorchingly hot Marchs came and gone by, so did the freezing Decembers.But there she is, tall and strong like a mother overseeing her numerous children.
Her children, they are so close yet so far to her. She has been both loved and hated, seen both opulence and poverty; kindness and misanthropy, witnessed both unseparable friendship and fierce enmity, she has seen it all.
Sadly, nobody saw or even tried to see her until today.Today, when i gazed this magnificent city for one last time before i depart back to DC, the city which i call home at least for now, I saw the darkness in her. She figured out i caught her unarmed; she could no longer equivocate her melancholy. Then she lowered and slowly whispered "Help Me Please".
I was both astounded and shaken at the same time. It felt like Dumbledore asking me to help him protect Hogwarts from Lord Voldemort. I replied "I dont even belong here, how can i help you?" and then she said, "You can at least write about me" .
Friday, March 15, 2019
Ansible
Ansible installation
go to the root and check:
sudo yum repolist
sudo yum install -y ansible
https://docs.ansible.com/ansible/latest/user_guide/vault.html
noble ALL=(ALL) NOPASSWD:ALL
ssh copy-id noble@10.142.0.6
permission for
ssh folder - 700
authorized_keys-- 600
sudoers --- 755
ansible node -m copy -a 'src=/etc/ansible/noble6ansi.txt dest=/home/noble1'
ansible node -m file -a 'dest=/home/noble1/noble6ansi.txt mode=777'
After anisble is installed
under root go to /etc/ansible
and change the ownership from root to the noble(user):
chown noble:noble /etc/ansible
After, putting server and nodes in etc/hosts file, check if ansible reaches out the server and hosts
ansible server -m ping
ansible node -m ping
This is the default ansible 'hosts' file. Connected, host fingerprint: ssh-rsa 0 4C:7C:0B:94:DD:30:37:3D:CE:E9:EB:D4:21:D4 :FA:AE:75:27:AA:22:D1:F1:95:4B:C1:56:9C:49:59:F1:F5:4E Last login: Fri Mar 15 05:35:17 2019 from 173.194.102.16 [kafleashok1@devopstrial ~]$ su noble [noble@devopstrial kafleashok1]$ cd Hello this is a test for ansible [noble@devopstrial ~]$ ssh noble@devopstrial Last login: Fri Mar 15 15:28:44 2019 [noble@devopstrial ~]$ cd /etc/ansible [noble@devopstrial ansible]$ Connected, host fingerprint: ssh-rsa 0 4C:7C:0B:94:D D:30:37:3D:CE:E9:EB:D4:21:D4:FA:AE:75:27:AA:22:D1:F1:95:4B:C1:56:9C:49:59:F1:F5:4 E Last login: Fri Mar 15 15:28:06 2019 from 173.194.102.9 [kafleashok1@devopstrial ~]$ su noble [noble@devopstrial kafleashok1]$ ls -ltr ls: cannot open directory .: Permission denied [noble@devopstrial kafleashok1]$ cd [noble@devopstrial ~]$ ls -ltr total 0 -rw-rw-r--. 1 noble noble 0 Mar 15 02:12 authorized_keys [noble@devopstrial ~]$ vi authorized_keys [noble@devopstrial ~]$ rm authorized_keys [noble@devopstrial ~]$ ls -ltr total 0 [noble@devopstrial ~]$ cd /etc/hosts bash: cd: /etc/hosts: Not a directory [noble@devopstrial ~]$ cd /etc/ansible [noble@devopstrial ansible]$ ls -ltr total 24 drwxr-xr-x. 2 noble noble 6 Feb 21 23:04 roles -rw-r--r--. 1 noble noble 1016 Feb 21 23:04 hosts -rw-r--r--. 1 noble noble 20277 Feb 21 23:04 ansible.cfg [noble@devopstrial ansible]$ vi hosts [noble@devopstrial ansible]$ ansible server -m ping 10.142.0.6 | SUCCESS => { "changed": false, "ping": "pong" } [noble@devopstrial ansible]$ ansible -m server ping Hello this is a test for ansible [WARNING]: Could not match supplied host pattern, ignoring: ping [WARNING]: No hosts matched, nothing to do
noble@devopstrial ansible]$ ansible node -m ping 10.142.0.2 | SUCCESS => { "changed": false, "ping": "pong" } [noble@devopstrial ansible]$ touch noble1.txt [noble@devopstrial ansible]$ vi noble1.txt [noble@devopstrial ansible]$ ansible node -m copy -a 'src=/etc/ansible/noble1.txt dest =/home/noble' ERROR! this task 'copy' has extra params, which is only allowed in the following modules: shell, win_shell, include_vars, add_host, raw, include_role, meta, set_f act, include, import_tasks, script, import_role, include_tasks, group_by, command , win_command [noble@devopstrial ansible]$ ansible node -m copy -a 'src=/etc/ansible/noble1.txt dest=/home/noble' 10.142.0.2 | CHANGED => { "changed": true, "checksum": "73b0c1ba7659a1f6a366d3bc6a29f027c429136c", "dest": "/home/noble/noble1.txt", "gid": 1003, "group": "noble", "md5sum": "5d756118278361c3aa9d2aa1396631cc", "mode": "0664", "owner": "noble", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 34, "src": "/home/noble/.ansible/tmp/ansible-tmp-1552666208.98-214978604854310/so urce", "state": "file", "uid": 1002 } [noble@devopstrial ansible]$ ssh noble@instance_1 ssh: Could not resolve hostname instance_1: Name or service not known [noble@devopstrial ansible]$ ssh noble@10.142.0.2 Last login: Fri Mar 15 16:10:10 2019 from devopstrial.c.adept-tangent-207418.inte rnal [noble@instance-1 ~]$ ls -ltr total 4 -rw-rw-r--. 1 noble noble 34 Mar 15 16:10 noble1.txt [noble@instance-1 ~]$ vi noble1.txt [noble@instance-1 ~]$ exit
logout Connection to 10.142.0.2 closed. [noble@devopstrial ansible]$ ansible -m copy -a 'src=/etc/ansible/noble1.txt mode =777' Usage: ansible <host-pattern> [options] Define and run a single task 'playbook' against a set of hosts Options: -a MODULE_ARGS, --args=MODULE_ARGS module arguments --ask-vault-pass ask for vault password -B SECONDS, --background=SECONDS run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some of the changes that may occur -D, --diff when changing (small) files and templates, show the differences in those files; works great with --check -e EXTRA_VARS, --extra-vars=EXTRA_VARS set additional variables as key=value or YAML/JSON, if filename prepend with @ -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY specify inventory host path or comma separated host list. --inventory-file is deprecated -l SUBSET, --limit=SUBSET further limit selected hosts to an additional pattern --list-hosts outputs a list of matching hosts; does not execute anything else -m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) -M MODULE_PATH, --module-path=MODULE_PATH prepend colon-separated path(s) to module library (default=[u'/home/noble/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']) -o, --one-line condense output --playbook-dir=BASEDIR
-P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15) --syntax-check perform a syntax check on the playbook, but do not execute it -t TREE, --tree=TREE log output to this directory --vault-id=VAULT_IDS the vault identity to use --vault-password-file=VAULT_PASSWORD_FILES vault password file -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit Connection Options: control as whom and how to connect to hosts -k, --ask-pass ask for connection password --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE use this file to authenticate the connection -u REMOTE_USER, --user=REMOTE_USER connect as this user (default=None) -c CONNECTION, --connection=CONNECTION connection type to use (default=smart) -T TIMEOUT, --timeout=TIMEOUT override the connection timeout in seconds (default=10) --ssh-common-args=SSH_COMMON_ARGS specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand) --sftp-extra-args=SFTP_EXTRA_ARGS specify extra arguments to pass to sftp only (e.g. -f, -l) --scp-extra-args=SCP_EXTRA_ARGS specify extra arguments to pass to scp only (e.g. -l) --ssh-extra-args=SSH_EXTRA_ARGS specify extra arguments to pass to ssh only (e.g. -R) Privilege Escalation Options:
control how and which user you become as on target hosts -s, --sudo run operations with sudo (nopasswd) (deprecated, use become) -U SUDO_USER, --sudo-user=SUDO_USER desired sudo user (default=root) (deprecated, use become) -S, --su run operations with su (deprecated, use become) -R SU_USER, --su-user=SU_USER run operations with su as this user (default=None) (deprecated, use become) -b, --become run operations with become (does not imply password prompting) --become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable | machinectl ] --become-user=BECOME_USER run operations as this user (default=root) --ask-sudo-pass ask for sudo password (deprecated, use become) --ask-su-pass ask for su password (deprecated, use become) -K, --ask-become-pass ask for privilege escalation password Some modules do not make sense in Ad-Hoc (include, meta, etc) ERROR! Missing target hosts [noble@devopstrial ansible]$ ansible -m file -a 'dest=/home/noble1.txt mode=777' Usage: ansible <host-pattern> [options] Define and run a single task 'playbook' against a set of hosts Options: -a MODULE_ARGS, --args=MODULE_ARGS module arguments --ask-vault-pass ask for vault password -B SECONDS, --background=SECONDS run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some of the changes that may occur
-D, --diff when changing (small) files and templates, show the differences in those files; works great with --check -e EXTRA_VARS, --extra-vars=EXTRA_VARS set additional variables as key=value or YAML/JSON, if filename prepend with @ -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY specify inventory host path or comma separated host list. --inventory-file is deprecated -l SUBSET, --limit=SUBSET further limit selected hosts to an additional pattern --list-hosts outputs a list of matching hosts; does not execute anything else -m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) -M MODULE_PATH, --module-path=MODULE_PATH prepend colon-separated path(s) to module library (default=[u'/home/noble/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']) -o, --one-line condense output --playbook-dir=BASEDIR Since this tool does not use playbooks, use this as a subsitute playbook directory.This sets the relative path for many features including roles/ group_vars/ etc.
-P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15) --syntax-check perform a syntax check on the playbook, but do not execute it -t TREE, --tree=TREE log output to this directory --vault-id=VAULT_IDS the vault identity to use --vault-password-file=VAULT_PASSWORD_FILES vault password file -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit Connection Options: control as whom and how to connect to hosts -k, --ask-pass ask for connection password --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE use this file to authenticate the connection -u REMOTE_USER, --user=REMOTE_USER connect as this user (default=None) -c CONNECTION, --connection=CONNECTION connection type to use (default=smart) -T TIMEOUT, --timeout=TIMEOUT override the connection timeout in seconds (default=10) --ssh-common-args=SSH_COMMON_ARGS specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand) --sftp-extra-args=SFTP_EXTRA_ARGS specify extra arguments to pass to sftp only (e.g. -f, -l) --scp-extra-args=SCP_EXTRA_ARGS specify extra arguments to pass to scp only (e.g. -l) --ssh-extra-args=SSH_EXTRA_ARGS specify extra arguments to pass to ssh only (e.g. -R) Privilege Escalation Options: control how and which user you become as on target hosts -s, --sudo run operations with sudo (nopasswd) (deprecated, use become)
-U SUDO_USER, --sudo-user=SUDO_USER desired sudo user (default=root) (deprecated, use become) -S, --su run operations with su (deprecated, use become) -R SU_USER, --su-user=SU_USER run operations with su as this user (default=None) (deprecated, use become) -b, --become run operations with become (does not imply password prompting) --become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable | machinectl ] --become-user=BECOME_USER run operations as this user (default=root) --ask-sudo-pass ask for sudo password (deprecated, use become) --ask-su-pass ask for su password (deprecated, use become) -K, --ask-become-pass ask for privilege escalation password Some modules do not make sense in Ad-Hoc (include, meta, etc) ERROR! Missing target hosts [noble@devopstrial ansible]$ ansible node -m file -a 'dest=/home/noble1.txt mod e=777' 10.142.0.2 | FAILED! => { "changed": false, "msg": "file (/home/noble1.txt) is absent, cannot continue", "path": "/home/noble1.txt", "state": "absent" } [noble@devopstrial ansible]$ ansible node -m file -a 'dest=/home/noble/noble1.tx t mode=777' 10.142.0.2 | CHANGED => { "changed": true, "gid": 1003, "group": "noble", "mode": "0777", "owner": "noble", "path": "/home/noble/noble1.txt", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 34,
"state": "file", "uid": 1002 } [noble@devopstrial ansible]$ ssh noble@10.142.0.2 Last login: Fri Mar 15 16:13:33 2019 from devopstrial.c.adept-tangent-207418.inte rnal [noble@instance-1 ~]$ ls -ltr total 4 -rwxrwxrwx. 1 noble noble 34 Mar 15 16:11 noble1.txt [noble@instance-1 ~]$
go to the root and check:
sudo yum repolist
sudo yum install -y ansible
https://docs.ansible.com/ansible/latest/user_guide/vault.html
noble ALL=(ALL) NOPASSWD:ALL
ssh copy-id noble@10.142.0.6
permission for
ssh folder - 700
authorized_keys-- 600
sudoers --- 755
ansible node -m copy -a 'src=/etc/ansible/noble6ansi.txt dest=/home/noble1'
ansible node -m file -a 'dest=/home/noble1/noble6ansi.txt mode=777'
After anisble is installed
under root go to /etc/ansible
and change the ownership from root to the noble(user):
chown noble:noble /etc/ansible
After, putting server and nodes in etc/hosts file, check if ansible reaches out the server and hosts
ansible server -m ping
ansible node -m ping
Subscribe to:
Comments (Atom)