Automation with Ansible Lab - Zacham17/my-tech-journal GitHub Wiki

Summary

In this lab, I used ansible to practice using playbooks to deploy software on windows and Linux Systems

Initial Configurations

  • Configure 3 VMs:
    • Controller VM
    • Ansible1 VM
    • Ansible2 VM
  • Make sure they are all configured properly and check connectivity using ping and nslookup
  • Make sure there is a sudo user called "deployer" on each system and they all have the same password.

Installing and Configuring Ansible(All done on Controller01 VM)

  • To install ansible along with other features, use the command sudo apt install ansible sshpass python3-paramiko
  • Create a file on all 3 linux systems using the command mkdir /etc/dudoers/sys265
  • Edit the file you just created to contain the following: deployer ALL=(ALL) NOPASSWD: ALL
  • Create an RSA keypair with a passphrase and copy it to the deployer accounts on ansible:
    • Type ssh-keygen to generate the keypair
    • Leave the save file as default by just pressing enter
    • Enter a password
    • Copy the public key to each ansible VM using a command with the syntax ssh-copy-id deployer@ansibleXX-morris
  • Enter the following commands
    • eval $(ssh-agent)
    • ssh-add -t 14400
  • Now you can ssh into the ansible VMs using the ssh command

Using Ansible

  • On the controller VM, make the following directory structure in the deployer home folder: ansible/roles/
  • In the deployer home directory, create an inventory.txt file containing the hostnames of the ansible VMs
  • To test that this worked, use ansible all -m ping -i inventory.txt to ping each ansible VM
  • In the inventory.txt file, you can specify groups by placing [GROUPNAME] above the hosts that you want in that group. You replace GROUPNAME, with whatever you want to name the group

Installing and Running an Ansible Playbook

  • Use the command ansible-galaxy install semuadmin.webmin -p roles/ to download the webmin ansible playbook and configuration
  • Put an Ansible VM in a group called Webmin in the inventory.txt file.
  • create a webmin.yml file within the roles directory
  • Edit the webmin.yml file to reflect the following:
---
- name: webmin SYS265
  hosts: webmin
  become: true
  vars:
    install_utilities: false
    firewalld_enable: true
  roles:
  - semuadmin.webmin

  tasks:
  - name: add firewall rule
    firewalld:
      port: 10000/tcp
      permanent: true
      state: enabled
  • Before Running, in a webmin.yml file in the roles/semuadmin.webmin/tasks directory, change"RedHat" to "Rocky" if ansible2 is a Rocky OS
  • Run the playbook with the command ansible-playbook -i inventory.txt roles/webmin.yml

Loggin into webmin

  • On a browser, navigate to a URL similar to this: ansible02-morris.morris.local:10000
  • You should se a webmin login page. Log in using the root credentials on the ansible2 VM
  • You will see a dashboard for system information

Ansible Galaxy(Install cockpit with Ansible)

  • Cockpit is a system monitoring software with a web interface
  • On the controller VM, in the ansible directory, run the command, ansible-galaxy install linux-system-roles.cockpit -p roles/
  • Add the VMs you want to have cockpit installed on to the cockpit group
  • In the roles directory, create a file called cockpit.yml
  • Edit the file to be the following:
---
- hosts: cockpit
  become: yes
  roles:
    - linux-system-roles.cockpit
  • Run the command, ansible-playbook -i inventory.txt roles/webmin.yml to run the playbook.
  • On a browser, navigate to the ip address of the system that cockpit was deployed on followed by port 9090. Ex: http://10.0.5.92:9090
  • You should now see the home page for cockpit.

Preparing Windows for SSH

  • In a powershell administrative window, type the following commands:
    • Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
    • Start-Service sshd
    • Set-Service -Name sshd -StartupType 'Automatic'
    • Set-ItemProperty "HKLM:\Software\Microsoft\Powershell\1\ShellIds" -Name ConsolePrompting -Value $true
    • New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
  • Those commands add SSH capabilities to Windows and make Powershell the default shell for SSH

SSH into a Windows system

  • From controller01 VM, SSH into your mgmt01 VM using the command, ssh USERNAME@DOMAIN_NAME@HOST_NAME
  • Add a group to your inventory.txt file called "windows" and add mgmt01 VM to it. Also add a group called "windows:vars" and add "ansible_shell_type=powershell" to that group
  • Test this configuration using the command ansible windows -i inventory.txt -m win_ping -u USERNAME@DOMAIN --ask-pass to ping the windows group
  • Add wks01 VM to the windows group
  • On wks01, make sure OpenSSH is installed and configured
  • SSH into wks01 VM from controller VM. Then close the SSH session
  • Run the command, ansible windows -i inventory.txt -m win_ping -u USERNAME@DOMAIN --ask-pass to ping the windows group again.

Deploying Software Using win_chocolatey

  • In the roles directory, create a playbook file called "windows_software.yml" and in it, type the following:
---
- name: install windows applications
  hosts: windows
  tasks:
    - name: Install Firefox and 7zip
      win_chocolatey:
        name:
        - firefox
        - 7zip
        - notepadplusplus
        state: present
  • This specifies to install Firefox, 7Zip, and Notepad ++
  • Run the playbook using ansible-playbook -i inventory.txt roles/windows_software.yml -u USERNAmER@DOMAIN --ask-pass
  • You can check if this was successful by SSHing into mgmt01 VM and typing the command C:\ProgramData\chocolatey\bin\choco.exe list --local-only, to show what has been installed using chocolatey.