Friday, March 15, 2019

Ansible

Ansible installation

go to the root and check:

sudo yum repolist
sudo yum install -y ansible

https://docs.ansible.com/ansible/latest/user_guide/vault.html

noble ALL=(ALL) NOPASSWD:ALL

ssh copy-id noble@10.142.0.6


permission for
ssh folder - 700
authorized_keys-- 600
sudoers --- 755



ansible node -m copy -a 'src=/etc/ansible/noble6ansi.txt dest=/home/noble1'

ansible node -m file -a  'dest=/home/noble1/noble6ansi.txt mode=777'



After anisble is installed

under root go to /etc/ansible
and change the ownership from root to the noble(user):
chown noble:noble /etc/ansible


After, putting server and nodes in etc/hosts file, check if ansible reaches out the server and hosts

ansible server -m ping
ansible node -m ping




This is the default ansible 'hosts' file.Connected, host fingerprint: ssh-rsa 0 4C:7C:0B:94:DD:30:37:3D:CE:E9:EB:D4:21:D4:FA:AE:75:27:AA:22:D1:F1:95:4B:C1:56:9C:49:59:F1:F5:4ELast login: Fri Mar 15 05:35:17 2019 from 173.194.102.16[kafleashok1@devopstrial ~]$ su noble[noble@devopstrial kafleashok1]$ cdHello this is a test for ansible[noble@devopstrial ~]$ ssh noble@devopstrialLast login: Fri Mar 15 15:28:44 2019[noble@devopstrial ~]$ cd /etc/ansible[noble@devopstrial ansible]$ Connected, host fingerprint: ssh-rsa 0 4C:7C:0B:94:DD:30:37:3D:CE:E9:EB:D4:21:D4:FA:AE:75:27:AA:22:D1:F1:95:4B:C1:56:9C:49:59:F1:F5:4ELast login: Fri Mar 15 15:28:06 2019 from 173.194.102.9[kafleashok1@devopstrial ~]$ su noble[noble@devopstrial kafleashok1]$ ls -ltrls: cannot open directory .: Permission denied[noble@devopstrial kafleashok1]$ cd[noble@devopstrial ~]$ ls -ltrtotal 0-rw-rw-r--. 1 noble noble 0 Mar 15 02:12 authorized_keys[noble@devopstrial ~]$ vi authorized_keys [noble@devopstrial ~]$ rm authorized_keys [noble@devopstrial ~]$ ls -ltrtotal 0[noble@devopstrial ~]$ cd /etc/hostsbash: cd: /etc/hosts: Not a directory[noble@devopstrial ~]$ cd /etc/ansible[noble@devopstrial ansible]$ ls -ltrtotal 24drwxr-xr-x. 2 noble noble 6 Feb 21 23:04 roles-rw-r--r--. 1 noble noble 1016 Feb 21 23:04 hosts-rw-r--r--. 1 noble noble 20277 Feb 21 23:04 ansible.cfg[noble@devopstrial ansible]$ vi hosts[noble@devopstrial ansible]$ ansible server -m ping10.142.0.6 | SUCCESS => { "changed": false, "ping": "pong"}[noble@devopstrial ansible]$ ansible -m server pingHello this is a test for ansible [WARNING]: Could not match supplied host pattern, ignoring: ping [WARNING]: No hosts matched, nothing to do


noble@devopstrial ansible]$ ansible node -m ping10.142.0.2 | SUCCESS => { "changed": false, "ping": "pong"}[noble@devopstrial ansible]$ touch noble1.txt[noble@devopstrial ansible]$ vi noble1.txt [noble@devopstrial ansible]$ ansible node -m copy -a 'src=/etc/ansible/noble1.txt dest =/home/noble'ERROR! this task 'copy' has extra params, which is only allowed in the following modules: shell, win_shell, include_vars, add_host, raw, include_role, meta, set_fact, include, import_tasks, script, import_role, include_tasks, group_by, command, win_command[noble@devopstrial ansible]$ ansible node -m copy -a 'src=/etc/ansible/noble1.txt dest=/home/noble'10.142.0.2 | CHANGED => { "changed": true, "checksum": "73b0c1ba7659a1f6a366d3bc6a29f027c429136c", "dest": "/home/noble/noble1.txt", "gid": 1003, "group": "noble", "md5sum": "5d756118278361c3aa9d2aa1396631cc", "mode": "0664", "owner": "noble", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 34, "src": "/home/noble/.ansible/tmp/ansible-tmp-1552666208.98-214978604854310/source", "state": "file", "uid": 1002}[noble@devopstrial ansible]$ ssh noble@instance_1ssh: Could not resolve hostname instance_1: Name or service not known[noble@devopstrial ansible]$ ssh noble@10.142.0.2Last login: Fri Mar 15 16:10:10 2019 from devopstrial.c.adept-tangent-207418.internal[noble@instance-1 ~]$ ls -ltrtotal 4-rw-rw-r--. 1 noble noble 34 Mar 15 16:10 noble1.txt[noble@instance-1 ~]$ vi noble1.txt[noble@instance-1 ~]$ exit


logoutConnection to 10.142.0.2 closed.[noble@devopstrial ansible]$ ansible -m copy -a 'src=/etc/ansible/noble1.txt mode=777'Usage: ansible <host-pattern> [options]Define and run a single task 'playbook' against a set of hostsOptions: -a MODULE_ARGS, --args=MODULE_ARGS module arguments --ask-vault-pass ask for vault password -B SECONDS, --background=SECONDS run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some of the changes that may occur -D, --diff when changing (small) files and templates, show the differences in those files; works great with --check -e EXTRA_VARS, --extra-vars=EXTRA_VARS set additional variables as key=value or YAML/JSON, if filename prepend with @ -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY specify inventory host path or comma separated host list. --inventory-file is deprecated -l SUBSET, --limit=SUBSET further limit selected hosts to an additional pattern --list-hosts outputs a list of matching hosts; does not execute anything else -m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) -M MODULE_PATH, --module-path=MODULE_PATH prepend colon-separated path(s) to module library (default=[u'/home/noble/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']) -o, --one-line condense output --playbook-dir=BASEDIR
-P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15) --syntax-check perform a syntax check on the playbook, but do not execute it -t TREE, --tree=TREE log output to this directory --vault-id=VAULT_IDS the vault identity to use --vault-password-file=VAULT_PASSWORD_FILES vault password file -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit Connection Options: control as whom and how to connect to hosts -k, --ask-pass ask for connection password --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE use this file to authenticate the connection -u REMOTE_USER, --user=REMOTE_USER connect as this user (default=None) -c CONNECTION, --connection=CONNECTION connection type to use (default=smart) -T TIMEOUT, --timeout=TIMEOUT override the connection timeout in seconds (default=10) --ssh-common-args=SSH_COMMON_ARGS specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand) --sftp-extra-args=SFTP_EXTRA_ARGS specify extra arguments to pass to sftp only (e.g. -f, -l) --scp-extra-args=SCP_EXTRA_ARGS specify extra arguments to pass to scp only (e.g. -l) --ssh-extra-args=SSH_EXTRA_ARGS specify extra arguments to pass to ssh only (e.g. -R) Privilege Escalation Options:
control how and which user you become as on target hosts -s, --sudo run operations with sudo (nopasswd) (deprecated, use become) -U SUDO_USER, --sudo-user=SUDO_USER desired sudo user (default=root) (deprecated, use become) -S, --su run operations with su (deprecated, use become) -R SU_USER, --su-user=SU_USER run operations with su as this user (default=None) (deprecated, use become) -b, --become run operations with become (does not imply password prompting) --become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable | machinectl ] --become-user=BECOME_USER run operations as this user (default=root) --ask-sudo-pass ask for sudo password (deprecated, use become) --ask-su-pass ask for su password (deprecated, use become) -K, --ask-become-pass ask for privilege escalation passwordSome modules do not make sense in Ad-Hoc (include, meta, etc)ERROR! Missing target hosts[noble@devopstrial ansible]$ ansible -m file -a 'dest=/home/noble1.txt mode=777' Usage: ansible <host-pattern> [options]Define and run a single task 'playbook' against a set of hostsOptions: -a MODULE_ARGS, --args=MODULE_ARGS module arguments --ask-vault-pass ask for vault password -B SECONDS, --background=SECONDS run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some of the changes that may occur
-D, --diff when changing (small) files and templates, show the differences in those files; works great with --check -e EXTRA_VARS, --extra-vars=EXTRA_VARS set additional variables as key=value or YAML/JSON, if filename prepend with @ -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY specify inventory host path or comma separated host list. --inventory-file is deprecated -l SUBSET, --limit=SUBSET further limit selected hosts to an additional pattern --list-hosts outputs a list of matching hosts; does not execute anything else -m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) -M MODULE_PATH, --module-path=MODULE_PATH prepend colon-separated path(s) to module library (default=[u'/home/noble/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']) -o, --one-line condense output --playbook-dir=BASEDIR Since this tool does not use playbooks, use this as a subsitute playbook directory.This sets the relative path for many features including roles/ group_vars/ etc.

-P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15) --syntax-check perform a syntax check on the playbook, but do not execute it -t TREE, --tree=TREE log output to this directory --vault-id=VAULT_IDS the vault identity to use --vault-password-file=VAULT_PASSWORD_FILES vault password file -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program's version number and exit Connection Options: control as whom and how to connect to hosts -k, --ask-pass ask for connection password --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE use this file to authenticate the connection -u REMOTE_USER, --user=REMOTE_USER connect as this user (default=None) -c CONNECTION, --connection=CONNECTION connection type to use (default=smart) -T TIMEOUT, --timeout=TIMEOUT override the connection timeout in seconds (default=10) --ssh-common-args=SSH_COMMON_ARGS specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand) --sftp-extra-args=SFTP_EXTRA_ARGS specify extra arguments to pass to sftp only (e.g. -f, -l) --scp-extra-args=SCP_EXTRA_ARGS specify extra arguments to pass to scp only (e.g. -l) --ssh-extra-args=SSH_EXTRA_ARGS specify extra arguments to pass to ssh only (e.g. -R) Privilege Escalation Options: control how and which user you become as on target hosts -s, --sudo run operations with sudo (nopasswd) (deprecated, use become)



-U SUDO_USER, --sudo-user=SUDO_USER desired sudo user (default=root) (deprecated, use become) -S, --su run operations with su (deprecated, use become) -R SU_USER, --su-user=SU_USER run operations with su as this user (default=None) (deprecated, use become) -b, --become run operations with become (does not imply password prompting) --become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable | machinectl ] --become-user=BECOME_USER run operations as this user (default=root) --ask-sudo-pass ask for sudo password (deprecated, use become) --ask-su-pass ask for su password (deprecated, use become) -K, --ask-become-pass ask for privilege escalation passwordSome modules do not make sense in Ad-Hoc (include, meta, etc)ERROR! Missing target hosts[noble@devopstrial ansible]$ ansible node -m file -a 'dest=/home/noble1.txt mode=777'10.142.0.2 | FAILED! => { "changed": false, "msg": "file (/home/noble1.txt) is absent, cannot continue", "path": "/home/noble1.txt", "state": "absent"}[noble@devopstrial ansible]$ ansible node -m file -a 'dest=/home/noble/noble1.txt mode=777'10.142.0.2 | CHANGED => { "changed": true, "gid": 1003, "group": "noble", "mode": "0777", "owner": "noble", "path": "/home/noble/noble1.txt", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 34,
"state": "file", "uid": 1002}[noble@devopstrial ansible]$ ssh noble@10.142.0.2Last login: Fri Mar 15 16:13:33 2019 from devopstrial.c.adept-tangent-207418.internal[noble@instance-1 ~]$ ls -ltrtotal 4-rwxrwxrwx. 1 noble noble 34 Mar 15 16:11 noble1.txt[noble@instance-1 ~]$




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)