Lab 5: Automation with Ansible - adaley0518/Tech_Journal GitHub Wiki

Lab 5: This lab is to introduce Automation with Linux using Ansible. It will consist of 4 environments. 1 Ubuntu (controller02-amber), 2 Centos 7 (ansible01-amber, ansible02-amber) and 1 Windows Server (mgmt01-amber). At the end of the lab, it will include Windows as well in our playbook.

Step 1: Set up network for controller, ansible 1, and ansible 2

network:
    ethernets:
        ens160:
            dhcp4: no
            addresses: {10.0.5.90/24]
            gateway4: 10.0.5.2
            nameservers:
                addresses: [10.0.5.5]
                search:
                - amber.local
    version: 2
  • ansible01 IP: 10.0.5.91/24
  • ansible02 IP: 10.0.5.92/24
    • use nmtui for network configuration
  • create sudo user for you and deployer
  • on mgmt01 add DNS A and PTR records

Step 2: Install Ansible on controller

  • commands:
    • sudo apt-add-repository ppa:ansible/ansible
    • sudo apt-get update
    • sudo apt-get install sshpass ansible -y
    • sudo apt-get install python-pip python-setuptools -y
    • sudo pip install wheel pywinrm pywinrm[kerberos]
  • check for installation
    • ansible --version
    • should show 2.9.4

Step 3: Passwordless ssh with RSA authentication

  • create file that allows no password for delpoyer
    • vi /etc/sudoers.d/sys265
deployer         ALL=(ALL)        NOPASSWD: ALL
  • On controller create an RSA keypair with a passphrase
    • ssh-keygen -t rsa
  • Add deployer@controller's public key to deployer accounts on ansible 1 and 2
    • ssh-copy-id deployer@ansible01-amber
    • ssh-copy-id deployer@ansible02-amber
  • The following commands allows you to use your passphrase once every 4 hours.
    • eval $(ssh-agent)
    • ssh-add -t 14400
  • should be able to ssh from controller to annsible 1 and 2, as well as access root

Step 4: Check Ansible Connectivity

  • mkdir -p ansible/roles
  • cd ansible
  • vi inventory.txt (add host names)
ansible01-amber
ansible02-amber
  • ping the file
    • ansible all -m ping -i inventory.txt (should be successful)

Step 5: Webmin Playbook Installation

  • First categorize inventory.txt by host type and test ping with tag
    • host is webmin
ansible01-amber
[webmin]
ansible02-amber

* ansible webmin -m ping -i inventory.txt (should be successful for only ansible2)
  • Second, create a playbook for webmin
    • install the role
      • ansible-galaxy install semuadmin.webmin -p roles/
    • vi roles/webmin.yml
    • Execute the playbook
      • ansible-playbook -i inventory.txt roles/webmin.yml
  • Lastly, access webmin through mgmt01

Step 6: Ansible Role I Found (cockpit)

  • first, install cockpit role
    • ansible-galaxy install oasis_roles.cockpit
    • ansible-galaxy install oasis_roles.firewalld
  • second, create playbook
  • thirdly, edit host and run playbook
    • vi inventory.txt
[cockpit]
ansible01-amber
[webmin]
ansible02-amber

* ansible-playbook -i inventory.txt roles/cockpit

Step 7: Windows Automation

Step 8: Software Deployment with win)chocolatey

  • make a new playbook
    • vi roles/windows_software.yml
---
  - name: Install Windows Applications
    hosts: windows
    tasks:
        - name: Install Firefox and 7zip
          win_chocolatey:
              name:
              - firefox
              - 7zip
              state: present
  • install with the playbook
    • ansible-playbook -i inventory.txt roles/windows_software.yml --ask-pass
  • to uninstall change the state to absent and rerun playbook
  • add notepadd++ to windows playbook to be installed on mgmto01
  • run the playbook
    • ansible-playbook -i inventory.txt roles/windows_software.yml

Step 9: check installed packages on mgmt

  • powershell
    • C:\ProgramData\chocolatey\bin\choco.exe list --local-only
    • should see 7zip, chocolatey, firefox and notepad!