Main Lab

Overview

This lab serves as a gateway into automation.

Objectives

• Configure three new VMS - clone01, clone02, & clone03.
• Familiarize myself with PSSH
• Configure SSH keys & adjust to not require a password every time
• Disable a password for sudo
• Familiarize myself with Ansible

---

Part 01 - Configuration

We started this lab with three new Linux VMs in our environment, each had to be configured. I began by wiring Clone01-03 through LAN, and logging into the root account. After this I used the command nmtui on each of them. I then set their hostnames appropriately, and configured their ethernet connections to use an IP address of 10.0.5.70/24-10.0.5.72, a gateway of 10.0.5.2, a DNS server of 10.0.5.6, and a domain of isaiah.local.

After this I had to set up an admin account for each account, each with the same name and password so that automation can be possible with them further in the lab. I went to each computer and use the command useradd isaiah and then set the password with passwd isaiah. I then used usermod -aG wheel isaiah to set these accounts as administrator accounts.

I then logged into ad02 and added A and PTR records for these newly created computers.

After this I rebooted each of my new VMs, and opened PowerShell on ad02. I began by using the command whoami; hostname followed by an ssh into isaiah@clone01-isaiah. I then used the command whoami; hostname; hostname -i; nslookup ad02-isaiah | grep -i name; ping -c1 ad02-isaiah | grep "packets transmitted", and then SSHd into clone02, and repeated the process for each of the clone VMs.

Part 02 - Setting up PSSH & SSH Key

After this I exited back out to clone01 and installed the epel-release package with the command sudo yum install epel-release, and then the pssh package with sudo yum install pssh

After this I used the command ssh-keygen to generate an SSH key, setting a password and leaving it with the default keynames.

I then used the command ls -l .ssh/ to view the file permissions of the content of the hidden ssh folder. After this I used the command ssh-copy-id isaiah@clone02-isaiah to copy my created SSH key to clone02.

Part 03 - SSH-Agent

I then went to set up my SSH key to allow it to not need a password for at least an hour. I did this by using the command eval ssh-agent`` and then the command ssh-add -t 1h to set the lifetime for the key to an hour. I then tried SSH into clone02-isaiah & clone03-isaiah to see that I did not require a password.

Part 04 - /etc/sudoers

I exited out of my SSH connection, and pulled up clone02-isaiah and clone03-isaiah's VM manually, and after elevating my command prompt, used vi /etc/sudoers, and towards the bottom uncommented this line below and saved and quit Vi.

After this I SSH'd into clone02-isaiah, where I ran sudo -i showing that it no longer needed a password for members who are part of the wheel group.

After this I created a hostname file with the command touch psshhosts and then inserted clone02-isaiah and clone03-isaiah on two lines. I then used the commands pssh -h psshhosts -i uptime, pssh -h psshhosts -i uname -a, pssh -h psshhosts -i sudo yum -y install tree, pssh -h psshhosts -i tree /etc/yum.repos.d/ screenshotting the successful output from each.

Part 05 - Ansible

I then installed Ansible with the command sudo yum install ansible, after an install I ran the command ansible all -i psshhosts -m ping to ping all hosts in the psshhosts file.

After this I used the command ansible all -i psshhosts -a "tail -n 1 /etc/passwd" to read the last line of the /etc/passwd file (one that is readable by everyone) on clone02 & clone03. After this I ran the command ansible all -i psshhosts -a "tail -n 1 /etc/shadow" to try and read the /etc/shadow file (which is only readable by root). This resulted in a failure as it was not able to read is as a regular user. In order to resolve this I tagged the flag -b making ansible all -b -i psshhosts -a "tail -n 1 /etc/shadow" which tells Ansible that the user associated with the SSH key is a super user.

After this I looked into how to add an arbitrary port to the firewall using Ansible. I first used the command ansible all -b -i psshhosts -a "firewall-cmd --zone=public --add-port=8080/tcp --permanent" to add the port 8080/tcp to each of the hosts on psshhosts, I then used the command ansible all -b -i psshhosts -a "firewall-cmd --reload" to reload the firewall and finally ansible all -b -i psshhosts -a "firewall-cmd --list-all" to show the ports open. I then took a screenshot of this for a deliverable.

Part 06 - The Ansible Playbook

I started this part by creating a directory with mkdir Nginx and then accesing it with cd Nginx and then ran the command wget https://gist.githubusercontent.com/icasimpan/803955c7d43e847ce12ff9422c1cbbc4/raw/c1753594e638590ac4d54e685dd3ae1ee1d9f40a/nginx-centos7.yml to pull a playbook for Ansible.

I then edited the downloaded file with vi nginx-centos7.yml where I made the following modifications:

I then created the file index.html, and ran the command eval ssh-agent, and then the command ssh-add and then finally ran the command ansible-playbook nginx-centos7.yml -i ../psshhosts to run my newly customized playbook.