Automation with Ansible - devinziegler/Devin-Tech-Journal GitHub Wiki
Ansible offers open-source automation. This entry will go over how to install ansible as well as some information on ansible-galaxy, and installing ansible roles. Here are some reading sources for Ansible:
- (https://docs.ansible.com/)[https://docs.ansible.com/]
- (https://galaxy.ansible.com/ui/)[https://galaxy.ansible.com/ui/]
Use the following command to install ansible on any Debian based system
sudo apt install ansible sshpass python3-paramiko
You can confirm a successful install by running the ansible --version command.
ansible --version
In order for Ansible to run elevated playbooks the following changes must be made to the /etc/sudoers.d dir on the ansible targets. Make a new file in the directory with the following contents:
<username> ALL=(ALL) NOPASSWD: ALL
For password-less ssh & password-less scripts, make sure to make and distribute keys for your controller system
Ansible uses a host file to locate systems on the network. Here is the example of inventory.txt, my host file for this lab:
ansible01-devin
[webmin]
ansible02-devin
[windows]
mgmt01-devin
wks01-devin
[windows:vars]
ansible_shell_type=powershell
We can now run a test using ansible ping. In this command I will ping the webmin system from the inventory.txt file:
ansible webmin -m ping -i inventory.txt
If the command is successful you should get the following output:
ansible02-devin | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
Note that the python interpreter will be different based on the installed distro
Ansible Galaxy is a place where ansible users can upload things like roles. Check the documentation of the role to see install instructions. For this example I will outline how to install the apache02 role.
To organize roles, I would recommend making a
roledirectory on the controller system.
To install roles on a target system, a playbook is needed, here is my playbook for the apache02 role:
---
- hosts: ansible01-devin
vars_files:
- /home/deployer/ansible/roles/geerlingguy.apache/defaults/main.yml
become: true
roles:
- geerlingguy.apache
tasks:
- name: add firewall rule
firewalld:
port: 80/tcp
permanent: true
state: enabled
Setting up ansible for windows requires a little more than linux.
The fist thing to do on windows is install openssh server.
If you instillation has turned off updates, you will run into a problem here, I recommend doing a manual install from openssh: https://github.com/PowerShell/Win32-OpenSSH/releases
For normal installation run the following commands as administrator in the windows host:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
These commands install openssh, start the service, and add an entry so it start on bootup.
I would also recommend setting the default ssh prompt to Powershell. Run the following in admin powershell window:
Set-ItemProperty "HKLM:\Software\Microsoft\Powershell\1\ShellIds" -Name ConsolePrompting -Value $true
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
Running Ansible playbooks on windows is exactly the same on linux, however we will need to use the chocolatey package manager. Here is my example of the windows playbook used in the lab:
---
- name: install windows applications
hosts: windows
tasks:
- name: Install firefox and 7zip
win_chocolatey:
name:
- firefox
- 7zip
- notepadplusplus
state: present
Raw code can be found here: windows_software.yml - This playbook installs firefox, 7zip, and notepad ++.
Installed Windows packages can be listed by running the following command:
C:\ProgramData\chocolatey\bin\choco.exe list