Overview

Controller & Ansibles

Network Configs

Controller

• The controller is ubuntu so follow this guide from earlier
• Create two sudo users deployer and yourname

Ansible1

• Ansible1 is Centos so use the following guide
• Create a sudo user named deployer with the same password as Controller

Ansbible2

• Ansible2 is Rocky which is based on Centos, so follow the same guide as above

Ansible on Controller

• sudo apt install ansible sshpass python3-paramiko

Sudoers file

• Create /etc/sudoers.d/sys265 on all linux systems (controller, ansible1, ansible2) and configure the file as such

SSH

• Generate a RSA keypair with a passphrase using ssh-keygen -t rsa -C "sys265"
• Share the keys using ssh-copy-id -i (path of key) (target machine)
• Use ssh-add -t 14400 so you only have to use the passphrase once for the next 4 hours

Ansible Use

• Use mkdir to create a directory on controller called ansible

Inventory File & Tags

• In the ansible directory create a text file called inventory.txt and put the hostnames of the other Linux machines in it
• To add a tag put in brackets ([]) the name of the tag above the included hostnames

Ansible-Galaxy & Playbook Installations

• ansible-galaxy install (target role) -p /roles (-p = path) to install the wanted role
• ansible-galaxy role remove (target role) to remove or uninstall a role.

Ansible Playbook Runs

• ansible-playbook -i (inventory file) (playbook path) to "play" the playbook

Ansible on Windows

Configure OpenSSH

• Go to Services to see if SSH is running
• Make sure Windows Update is enabled to download SSH if needed.
• Go to "manage optional features" to install OpenSSH client and server

• Go to "Services" to start OpenSSH server and set it to automatic

Configure Firewall

• On both WKS01 and MGMT01 create inbound and outbound rules that opens TCP on port 22, which is used for SSH

Chocolatey

• Use win_chocolatey in a playbook to install a variety of programs

• You can use "C:\ProgramData\chocolately\bin/choco.exe list" to view everything downloaded with chocolately on that machine:

Manual Install

• If there are issues with the automatic installation you can do a manual installation on the windows boxes through PowerShell
• First you must use "Get-ExecutionPolicy" to make sure that its not restricted; if it is use "Set-ExecutionPolicy Bypass" to avoid this
• Then use the following command line to install Chocolatey:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

• It will give a warning that it will require a reboot, so reboot the device and install it again and it will work; you will see the chocolatey files in ProgramData\chocolatey

Notes

Issues

• Issue with DNS (RESOLVED)
• • need to make sure that in netplan config file that the search option is set to the domain.

• Issue with Semuadmin
• • github for the role download is gone Link to Semuadmin github
• Issue with SSH (RESOLVED)
• • WKS01 also needs SSH server installed and running
• • Needed to set rules on both devices for TCP/22
• • needed to swap wks01 ssh default from cmd.exe to PS using the following

• Issue with Firewall
• • Default Firewall blocks all ICMP and SSH, even if there were rules implemented.
• • Current Solution is not sustainable
• Issue with Chocolatey
• • The installation done through ansible didn't open the package file and then threw errors for not seeing choco.exe
• • Solved through manual installation

Commands

• sudo mkhomedir-helper (user): makes a home directory for the given user

Sources

• DNS Solution
• NGinx Role
• Change Default
• Powershell Chocolatey