Last active
September 24, 2025 08:25
-
-
Save githubfoam/94521cd6ebac9494939cba28c08f2eb3 to your computer and use it in GitHub Desktop.
Revisions
-
githubfoam revised this gist
Sep 24, 2025 . 1 changed file with 9 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -65,7 +65,7 @@ control01 ansible_host=192.168.45.10 ansible_connection=ssh ansible_ssh_port=22 [all:vars] ansible_python_interpreter=/usr/bin/python3 ---------------------------------------------------------------------------------------------------------------------- Running a playbook in dry-run mode preflight ansible-playbook playbooks/PLAYBOOK_NAME.yml --check ansible hostname -m setup @@ -449,7 +449,7 @@ vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.in playbook: create_user.yaml #Running a playbook in dry-run mode preflight vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --check --ask-pass SSH password: @@ -538,7 +538,7 @@ vagrant@vg-ubuntu-01:~$ ansible-playbook ssh.yaml -i custom-inventory.ini --synt playbook: ssh.yaml # user not created yet, avoid for now dry-run preflight vagrant@vg-ubuntu-01:~$ vagrant@vg-ubuntu-01:~$ sudo ansible-playbook ssh.yaml -i custom-inventory.ini --check --ask-pass SSH password: @@ -649,7 +649,7 @@ ansibleadm@vg-ubuntu-01:~$ cat create_group_loop.yaml ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --syntax-check playbook: create_group_loop.yaml dry-run preflight mode ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --check PLAY [creating groups with loop] ******************************************************************************************************* @@ -714,7 +714,7 @@ vg-centos-01 | SUCCESS => { "ping": "pong" } dry-run preflight mode ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --check PLAY [creating groups with loop] ******************************************************************************************************* @@ -807,7 +807,8 @@ Apr 26 13:04:52 ubuntu-xenial systemd-logind[1067]: New session 31 of user ansib #no need to set become: no in ssh.yaml ansibleadm@vg-ubuntu-01:~$ cat ssh.yaml | grep become become: true dry-run preflight mode $ ansible-playbook ssh.yaml -i custom-inventory.ini --check -bK BECOME password: @@ -837,6 +838,7 @@ vg-ubuntu-02 : ok=3 changed=1 unreachable=0 failed=0 s #password in ssh.yaml, not the password set on vg-ubuntu-01 by sudo user vagrant, two different passwords dry-run preflight mode ansibleadm@vg-ubuntu-01:~$ ansible-playbook ssh.yaml -i custom-inventory.ini --check -bK -l ubuntu_servers BECOME password: @@ -975,6 +977,7 @@ ansibleadm@vg-ubuntu-01:~$ cat cron.yml ansibleadm@vg-ubuntu-01:~$ ansible-playbook cron.yml -i custom-inventory.ini -l ubuntu_servers --syntax-check dry-run preflight mode playbook: cron.yml ansibleadm@vg-ubuntu-01:~$ ansible-playbook cron.yml -i custom-inventory.ini -l ubuntu_servers --check -
Aug 14, 2025 . 1 changed file with 7 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,10 @@ ---------------------------------------------------------------------------------------------------------------------- Option 1 — Use full path in run_backup.sh Find where Ansible is installed: docker exec -it ansible-netops which ansible-playbook ---------------------------------------------------------------------------------------------------------------------- $ ansible --version ansible 2.9.27 -
Aug 14, 2025 . 1 changed file with 42 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1007,6 +1007,48 @@ Problem: The authenticity of host 'xx' can't be established due to 'Host is unknown: xx'.\nThe ssh-rsa key fingerprint is SHA1:xx. Fix: # export ANSIBLE_HOST_KEY_CHECKING=False 1. Create the file inside the running container docker exec -it ansible-netops mkdir -p /etc/ansible docker exec -it ansible-netops bash -c "echo -e '[defaults]\nhost_key_checking = False' > /etc/ansible/ansible.cfg" Verify: docker exec -it ansible-netops cat /etc/ansible/ansible.cfg Output should be: [defaults] host_key_checking = False 2. Bake it into the Dockerfile (recommended for persistence) Add this section near the end of your Dockerfile.ansible.cron before CMD: # Disable host key checking for Ansible inside the container RUN mkdir -p /etc/ansible \ && echo '[defaults]' > /etc/ansible/ansible.cfg \ Then rebuild: docker build -t ansible-netops:latest -f Dockerfile.ansible.cron . docker rm -f ansible-netops docker run -d --name ansible-netops --restart=always \ -v $HOME/backups:/ansible/backups \ ansible-netops:latest 3. Temporary environment variable method (no file needed) You can also run the container with: docker run -d --name ansible-netops --restart=always \ -e ANSIBLE_HOST_KEY_CHECKING=False \ -v $HOME/backups:/ansible/backups \ ansible-netops:latest This works, but it’s only for that container instance. ----------------------------------------------------------------------------------------------------- #troubleshooting Problem: -
Jun 2, 2023 . 1 changed file with 56 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1053,6 +1053,62 @@ ansible-galaxy collection list #check whether it is installed ansible-galaxy collection install fortinet.fortios -f ansible-galaxy collection install -f fortinet.fortios:1.1.9 ----------------------------------------------------------------------------------------------------- #troubleshooting bing The error message ssh connection failed: ssh connect failed: No route to host indicates that Ansible was unable to connect to the target device via SSH. This could be due to a number of reasons, such as: The target device is not reachable from the Ansible control node. The target device is not configured to allow SSH connections. The target device is configured to allow SSH connections only from specific IP addresses. The target device is configured to use a non-standard SSH port. Here are some steps you can take to troubleshoot this issue: Verify that the target device is reachable from the Ansible control node by pinging it. If the ping fails, check the network connectivity between the two devices. Verify that the target device is configured to allow SSH connections. You can do this by logging in to the device manually and checking its configuration. Verify that the target device is configured to allow SSH connections from the Ansible control node’s IP address. You can do this by checking the device’s access control lists (ACLs) or firewall rules. Verify that the target device is configured to use the default SSH port (22). If it is using a non-standard port, you will need to specify it in your Ansible playbook. I hope this helps! Let me know if you have any other questions. ----------------------------------------------------------------------------------------------------- #troubleshooting bard Check the IP address of the Aruba switch that you are trying to connect to. Make sure that the IP address is correct and that the switch is reachable from your Ansible control node. Check the network connectivity between your Ansible control node and the Aruba switch. Make sure that the network is up and running and that there are no routing issues. Check the SSH configuration on the Aruba switch. Make sure that SSH is enabled and that the SSH port is open. Check the Ansible configuration. Make sure that the ansible_user and ansible_password variables are set to the correct values for the Aruba switch. Try running the Ansible playbook again. If you are still seeing the error message, you may need to contact Aruba support for assistance. Here are some additional details about each of the troubleshooting steps: To check the IP address of the Aruba switch, you can use the ip addr command on your Ansible control node. To check the network connectivity between your Ansible control node and the Aruba switch, you can use the ping command. To check the SSH configuration on the Aruba switch, you can use the show running-config | include ssh command. To check the Ansible configuration, you can use the ansible-playbook --syntax-check check_telnet_ssh_aruba.yml command. If you are still seeing the error message after trying all of the troubleshooting steps, you may need to contact Aruba support for assistance ----------------------------------------------------------------------------------------------------- #troubleshooting chatgpt When encountering the error message "ssh connection failed: ssh connect failed: No route to host" while running the ansible-playbook command, it suggests that Ansible is unable to establish an SSH connection to the target device (HPE Aruba 2930F switch). To troubleshoot this issue, you can follow these steps: Verify network connectivity: Ensure that there is network connectivity between the Ansible control machine and the HPE Aruba 2930F switch. Use the ping command to check if you can reach the switch's IP address from the control machine. If the ping fails, investigate the network configuration, including any firewalls or routing issues. Check the SSH server status: Verify that the SSH server is running on the HPE Aruba 2930F switch. Ensure that the SSH service is enabled and configured correctly. Review the switch's SSH configuration, including the SSH port and any access control settings. Validate SSH access credentials: Double-check the SSH access credentials specified in the inventory file (inventory). Ensure that the username and password (or SSH key) are correct and have the necessary permissions to establish an SSH connection to the switch. Confirm SSH connectivity manually: Attempt to establish an SSH connection manually from the Ansible control machine to the HPE Aruba 2930F switch using the same credentials specified in the inventory file. Use the ssh command followed by the switch's IP address or hostname. This manual connection attempt can provide more detailed error messages or warnings that can help identify the issue. Verify SSH port and protocol: Ensure that the SSH port (default is 22) is open and accessible on the HPE Aruba 2930F switch. Additionally, check if the switch supports SSH protocol version 2, as some devices may only support version 1 by default. If needed, configure the switch to allow SSH version 2 connections. Check firewall and security settings: Review any firewalls or security configurations that may be blocking SSH traffic between the Ansible control machine and the switch. Ensure that the necessary firewall rules are in place to permit SSH connections. If necessary, consult your network or security team for assistance in allowing SSH access. Verify DNS resolution: If you are using hostnames in the inventory file instead of IP addresses, confirm that DNS resolution is functioning correctly. Ensure that the control machine can resolve the switch's hostname to the correct IP address. Check log files: Review the Ansible log files to gather additional information about the failed SSH connection. The log files are typically located in the default Ansible log directory (/var/log/ansible/). Check the log file associated with the failed playbook execution for any relevant error messages or warnings. By following these troubleshooting steps, you should be able to identify and resolve the SSH connection issue when running the ansible-playbook command against the HPE Aruba 2930F switch. ----------------------------------------------------------------------------------------------------- -
Oct 26, 2022 . 1 changed file with 11 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1033,6 +1033,17 @@ ansible-playbook -vvvv # less $ANSIBLE_LOG_PATH # grep "p=28990" $ANSIBLE_LOG_PATH #ensure connectivity by attempting to execute a single command on the remote device connect to switch1.example.net specified in the inventory file inventory use the module arista.eos.eos_command run the command ? connect using the username admin inform the ansible command to prompt for the SSH password by specifying -k ansible -m arista.eos.eos_command -a 'commands=?' -i inventory switch1.example.net -e 'ansible_connection=ansible.netcommon.network_cli' -u admin -k ansible -m cisco.ios.ios_command -a 'commands=?' -i inventory switch1.example.net -e 'ansible_connection=ansible.netcommon.network_cli' -u admin -k #===================================================================== #ansible,https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_monitor_fact_module.html -
Oct 25, 2022 . 1 changed file with 10 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1033,5 +1033,15 @@ ansible-playbook -vvvv # less $ANSIBLE_LOG_PATH # grep "p=28990" $ANSIBLE_LOG_PATH #===================================================================== #ansible,https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_monitor_fact_module.html ansible-galaxy collection install fortinet.fortios ansible-galaxy collection list #check whether it is installed # ansible-galaxy collection verify fortinet.fortios #verify ansible-galaxy collection install fortinet.fortios -f ansible-galaxy collection install -f fortinet.fortios:1.1.9 ----------------------------------------------------------------------------------------------------- -
Oct 25, 2022 . No changes.There are no files selected for viewing
-
Oct 25, 2022 . 1 changed file with 3 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1024,15 +1024,14 @@ Fix: ----------------------------------------------------------------------------------------------------- #troubleshooting,Enabling Networking logging export ANSIBLE_LOG_PATH=~/ansible.log # Specify the location for the log file export ANSIBLE_DEBUG=True # Enable Debug # Run with 4*v for connection level verbosity ansible-playbook -vvvv # less $ANSIBLE_LOG_PATH # grep "p=28990" $ANSIBLE_LOG_PATH ----------------------------------------------------------------------------------------------------- -
Oct 21, 2022 . 1 changed file with 12 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1021,6 +1021,18 @@ Problem: Fix: # ansible -i inventory hostname -m ping ----------------------------------------------------------------------------------------------------- #troubleshooting,Enabling Networking logging # Specify the location for the log file export ANSIBLE_LOG_PATH=~/ansible.log # Enable Debug export ANSIBLE_DEBUG=True # Run with 4*v for connection level verbosity ansible-playbook -vvvv # less $ANSIBLE_LOG_PATH ----------------------------------------------------------------------------------------------------- -
Oct 20, 2022 . 1 changed file with 7 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -207,13 +207,19 @@ to all web servers defned within the Ansible inventory. Copy SSH key manually ansible <HOST_GROUP> -m authorized_key -a "user=root key='ssh-rsa AAAA...XXX == root@hostname'" ---------------------------------------------------------------------------------------------------- ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt -> Ansible will automatically search for the password in that file ansible-vault create passwd.yml -> Create a new encrypted data file.Set the password for vault ansible-vault edit passwd.yml -> Edit encrypted file ansible-vault rekey passwd.yml -> Change password for encrypted file EDITOR=nano ansible-vault . . . # make this persistent, open your ~/.bashrc file nano ~/.bashrc export EDITOR=nano #adding an EDITOR assignment to the end of the file echo $EDITOR ---------------------------------------------------------------------------------------------------- #Install ansible Debian/Ubuntu sudo apt-add-repository ppa:ansible/ansible sudo apt-get update -
Oct 19, 2022 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -132,6 +132,7 @@ ansible www.example.com -m copy -a "src=/home/liquidat/tmp/test.yml dest=/home/l ansible-config view -> Displays the current config file ansible-config list -> List all current configs reading lib/constants.py and shows env and config file setting names #verbose mode, add -v (or -vv, -vvv, -vvvv, -vvvvv). ansible-playbook playbook.yml -v ansible-playbook playbook.yml -vv ansible-playbook playbook.yml -vvv -
Oct 19, 2022 . 1 changed file with 10 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1007,3 +1007,13 @@ fatal: [albus.local]: FAILED! => {"msg": "to use the 'ssh' connection type with Fix: apt install sshpass ----------------------------------------------------------------------------------------------------- #troubleshooting Problem: {"changed": false, "msg": "ssh connection failed: ssh connect failed: No route to host"} Fix: # ansible -i inventory hostname -m ping ----------------------------------------------------------------------------------------------------- -
Oct 18, 2022 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1000,5 +1000,10 @@ Problem: The authenticity of host 'xx' can't be established due to 'Host is unknown: xx'.\nThe ssh-rsa key fingerprint is SHA1:xx. Fix: # export ANSIBLE_HOST_KEY_CHECKING=False ----------------------------------------------------------------------------------------------------- #troubleshooting Problem: fatal: [albus.local]: FAILED! => {"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"} Fix: apt install sshpass ----------------------------------------------------------------------------------------------------- -
Oct 18, 2022 . 1 changed file with 9 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -993,3 +993,12 @@ Problem: Fix: # nslookup server1.example.com ----------------------------------------------------------------------------------------------------- #troubleshooting #If you don't want to modify ansible.cfg or the playbook.yml then you can just set an environment variable: Problem: The authenticity of host 'xx' can't be established due to 'Host is unknown: xx'.\nThe ssh-rsa key fingerprint is SHA1:xx. Fix: # export ANSIBLE_HOST_KEY_CHECKING=False ----------------------------------------------------------------------------------------------------- -
Oct 18, 2022 . 1 changed file with 8 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -985,3 +985,11 @@ sudo sed -i 's/#deprecation_warnings = True/deprecation_warnings = False/' /etc/ #enable sudo sed -i 's/deprecation_warnings = False/deprecation_warnings = True/' /etc/ansible/ansible.cfg ----------------------------------------------------------------------------------------------------- #troubleshooting #add an entry like this to the /etc/hosts file on your Ansible control node to resolve the hostname to an IP address. Problem: "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname server1.example.com: Name or service not known", Fix: # nslookup server1.example.com ----------------------------------------------------------------------------------------------------- -
Jul 20, 2022 . No changes.There are no files selected for viewing
-
May 12, 2022 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -982,4 +982,6 @@ $ cat /etc/ansible/ansible.cfg | grep deprecation #disable sudo sed -i 's/#deprecation_warnings = True/deprecation_warnings = False/' /etc/ansible/ansible.cfg #enable sudo sed -i 's/deprecation_warnings = False/deprecation_warnings = True/' /etc/ansible/ansible.cfg ----------------------------------------------------------------------------------------------------- -
May 12, 2022 . 1 changed file with 15 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,12 @@ ---------------------------------------------------------------------------------------------------------------------- $ ansible --version ansible 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/ansiadm/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/dist-packages/ansible executable location = /usr/bin/ansible python version = 2.7.17 (default, Mar 18 2022, 13:21:42) [GCC 7.5.0] ---------------------------------------------------------------------------------------------------------------------- #specify a different inventory file using the -i <path> option on the command line /etc/ansible/hosts #Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts @@ -966,5 +974,12 @@ $ ansibleadm@vg-ubuntu-01:~$ ansible-playbook cron.yml -i custom-inventory.ini - ansibleadm@vg-ubuntu-02:~$ crontab -l #Ansible: check disk space 0 5,2 * * * df -h ----------------------------------------------------------------------------------------------------- #Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. $ cat /etc/ansible/ansible.cfg | grep deprecation # by default (as of 1.4), Ansible may display deprecation warnings for language #deprecation_warnings = True #disable sudo sed -i 's/#deprecation_warnings = True/deprecation_warnings = False/' /etc/ansible/ansible.cfg ----------------------------------------------------------------------------------------------------- -
May 11, 2022 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -93,13 +93,13 @@ $ ansible -i inventory client1.example.lan -m setup -a "filter=facter_*" $ ansible client1.example.lan -i inventory -m setup | grep ansible_default_ipv4.gateway $ ansible -i inventory client1.example.lan -m ping $ ansible -i inventory client1.example.lan -m ping -u root $ ansible all -m ping -i bakircay-inventory.ini -l servergroup #only for specific group in inventory $ ansible -i inventory c-m ping -u root $ ansible -i inventory "client*" -m yum -a 'name=httpd state=absent' $ ansible -i inventory "client*" -a "yum update" $ ansible -i inventory "client*" -a "uname -a" $ ansible -i inventory "client*" -m yum -a 'name=* state=latest' $ ansible -i inventory client1.example.lan -m shell -a "yum list installed | grep docker" #only for specific server in inventory ansible all -m ping -i inventory.ini -l servers_prod_1 #ping specific group of files ansible all -i inventory.ini -l servers_prod_1 -m ping #ping specific group of files -
May 6, 2022 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -100,6 +100,10 @@ $ ansible -i inventory "client*" -a "yum update" $ ansible -i inventory "client*" -a "uname -a" $ ansible -i inventory "client*" -m yum -a 'name=* state=latest' $ ansible -i inventory client1.example.lan -m shell -a "yum list installed | grep docker" ansible all -m ping -i inventory.ini -l servers_prod_1 #ping specific group of files ansible all -i inventory.ini -l servers_prod_1 -m ping #ping specific group of files $ ansible -i inventory client1.example.lan -m shell -a "hostnamectl" $ ansible -i inventory client1.example.lan -m shell -a "cat /etc/hosts" $ ansible -i inventory client1.example.lan -m shell -a "ifconfig" -
Apr 28, 2022 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -93,6 +93,8 @@ $ ansible -i inventory client1.example.lan -m setup -a "filter=facter_*" $ ansible client1.example.lan -i inventory -m setup | grep ansible_default_ipv4.gateway $ ansible -i inventory client1.example.lan -m ping $ ansible -i inventory client1.example.lan -m ping -u root $ ansible all -m ping -i bakircay-inventory.ini -l servergroup # only for specific group in inventory $ ansible -i inventory c-m ping -u root $ ansible -i inventory "client*" -m yum -a 'name=httpd state=absent' $ ansible -i inventory "client*" -a "yum update" $ ansible -i inventory "client*" -a "uname -a" -
Apr 28, 2022 . No changes.There are no files selected for viewing
-
Apr 27, 2022 . 1 changed file with 257 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,10 +4,10 @@ /etc/ansible/ansible.cfg #config file -b, --become run operations with become (does not imply password prompting) -k, –ask-pass: ask for connection password -K, –ask-become-pass: ask for privilege escalation password ---------------------------------------------------------------------------------------------------------------------- #INI-like inventory file mail.example.com @@ -662,7 +662,31 @@ playbook: create_group_loop.yaml vg-ubuntu-02 vg-centos-02 vg-centos-01 ansibleadm@vg-ubuntu-01:~$ ansible all -m ping -i custom-inventory.ini vg-ubuntu-02 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } vg-centos-02 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } vg-centos-01 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --check PLAY [creating groups with loop] ******************************************************************************************************* @@ -707,4 +731,234 @@ vg-centos-01 : ok=2 changed=1 unreachable=0 failed=0 s vg-centos-02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 # turn off password authentication on vg-ubuntu-02 vagrant@vg-ubuntu-02:~$ sudo grep --color PasswordAuthentication /etc/ssh/sshd_config PasswordAuthentication yes # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication, then enable this but set PasswordAuthentication vagrant@vg-ubuntu-02:~$ sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config vagrant@vg-ubuntu-02:~$ sudo service ssh restart vagrant@vg-ubuntu-02:~$ sudo grep --color PasswordAuthentication /etc/ssh/sshd_config PasswordAuthentication no #connect to vg-ubuntu-02 in passwordless SSH mode from controller vg-ubuntu-01 ansibleadm@vg-ubuntu-01:~$ ssh ansibleadm@vg-ubuntu-02 Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 4.4.0-210-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage UA Infra: Extended Security Maintenance (ESM) is not enabled. 1 update can be applied immediately. To see these additional updates run: apt list --upgradable 96 additional security updates can be applied with UA Infra: ESM Learn more about enabling UA Infra: ESM service for Ubuntu 16.04 at https://ubuntu.com/16-04 New release '18.04.6 LTS' available. Run 'do-release-upgrade' to upgrade to it. Last login: Tue Apr 26 13:01:14 2022 from 10.35.8.67 ansibleadm@vg-ubuntu-02:~$ #verify passwordless connection from controller vg-ubuntu-01 vagrant@vg-ubuntu-02:~$ sudo tail -f /var/log/auth.log Apr 26 13:04:52 ubuntu-xenial sshd[7883]: Accepted publickey for ansibleadm from 10.35.8.67 port 46452 ssh2: RSA SHA256:YDWRPmsGRx4/9FmTOgml/B7MbEFcP52Oj9oMWIF7F/Q Apr 26 13:04:52 ubuntu-xenial sshd[7883]: pam_unix(sshd:session): session opened for user ansibleadm by (uid=0) Apr 26 13:04:52 ubuntu-xenial systemd: pam_unix(systemd-user:session): session opened for user ansibleadm by (uid=0) Apr 26 13:04:52 ubuntu-xenial systemd-logind[1067]: New session 31 of user ansibleadm. #no need to set become: no in ssh.yaml ansibleadm@vg-ubuntu-01:~$ cat ssh.yaml | grep become become: true $ ansible-playbook ssh.yaml -i custom-inventory.ini --check -bK BECOME password: PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* ok: [vg-ubuntu-02] ok: [vg-centos-02] ok: [vg-centos-01] TASK [Deploy SSH Public Key] *********************************************************************************************************** ok: [vg-ubuntu-02] ok: [vg-centos-02] ok: [vg-centos-01] TASK [Deny root from login] ************************************************************************************************************ changed: [vg-ubuntu-02] changed: [vg-centos-02] changed: [vg-centos-01] PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 #run playbook for only a specific server group ubuntu_servers,-l ubuntu_servers #password in ssh.yaml, not the password set on vg-ubuntu-01 by sudo user vagrant, two different passwords ansibleadm@vg-ubuntu-01:~$ ansible-playbook ssh.yaml -i custom-inventory.ini --check -bK -l ubuntu_servers BECOME password: PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* ok: [vg-ubuntu-02] TASK [Deploy SSH Public Key] *********************************************************************************************************** ok: [vg-ubuntu-02] TASK [Deny root from login] ************************************************************************************************************ changed: [vg-ubuntu-02] PLAY RECAP ***************************************************************************************************************************** vg-ubuntu-02 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 # disable root login and passwordauthentication, only passwordless SSH logins enabled ansibleadm@vg-ubuntu-01:~$ cat ssh.yaml --- - name: Create New User hosts: all become: true gather_facts: false vars: # Define your username and password here that you want to create on target hosts. username: ansibleadm userpass: admpass tasks: - name: "Create User" ansible.builtin.user: name: "{{ username }}" state: present shell: /bin/bash password: "{{ userpass | password_hash('sha512') }}" update_password: on_create groups: "{{ super_group }}" append: yes - name: "Deploy SSH Public Key" authorized_key: user: "{{ username }}" state: present key: "{{ lookup('file', '/home/{{ username }}/.ssh/id_rsa.pub') }}" - name: "Disable password login, only SSH enabled" lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#)?PasswordAuthentication \w*$' line: 'PasswordAuthentication no' state: present - name: "Deny root from login" lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#)?PermitRootLogin \w*$' line: 'PermitRootLogin no' state: present #password authentication disable, avoid small "-k" for now # -k, --ask-pass: ask for connection password # -K, --ask-become-pass: ask for privilege escalation password ansibleadm@vg-ubuntu-01:~$ ansible-playbook ssh.yaml -i custom-inventory.ini -bk -l centos_servers SSH password: PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* fatal: [vg-centos-02]: FAILED! => {"msg": "Missing sudo password"} fatal: [vg-centos-01]: FAILED! => {"msg": "Missing sudo password"} PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 #password authentication disable, runs big "-K" # -k, --ask-pass: ask for connection password # -K, --ask-become-pass: ask for privilege escalation password ansibleadm@vg-ubuntu-01:~$ ansible-playbook ssh.yaml -i custom-inventory.ini -bK -l centos_servers BECOME password: PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* ok: [vg-centos-02] ok: [vg-centos-01] TASK [Deploy SSH Public Key] *********************************************************************************************************** ok: [vg-centos-02] ok: [vg-centos-01] TASK [Disable password login, only SSH enabled] **************************************************************************************** ok: [vg-centos-02] ok: [vg-centos-01] TASK [Deny root from login] ************************************************************************************************************ ok: [vg-centos-02] ok: [vg-centos-01] PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------------------------------------------------------------------------------- #create cron jobs remotely ansibleadm@vg-ubuntu-01:~$ cat cron.yml --- - name: "set cron jobs" hosts: all tasks: #Ensure a job that runs at 2 and 5 exists. # Creates an entry like "0 5,2 * * ls -alh > /dev/null" - name: "set disk space cron job - crontab -e" cron: name: "check disk space" minute: "0" hour: "5,2" job: "df -h" user: "ansibleadm" # add sudo crontab -e state: present #state: absent - name: "set memory space cron job -sudo crontab -e" cron: name: "check memory space" minute: "0" hour: "5,2" job: "free -m" state: present #state: absent user: "root" # add sudo crontab -e ansibleadm@vg-ubuntu-01:~$ ansible-playbook cron.yml -i custom-inventory.ini -l ubuntu_servers --syntax-check playbook: cron.yml ansibleadm@vg-ubuntu-01:~$ ansible-playbook cron.yml -i custom-inventory.ini -l ubuntu_servers --check (ansibleadm cron jobs, crontab -l,crontab -e) $ ansible-playbook cron.yml -i custom-inventory.ini -l ubuntu_servers -K (ansibleadm cron jobs, sudo crontab -l,sudo crontab -e) $ ansibleadm@vg-ubuntu-01:~$ ansible-playbook cron.yml -i custom-inventory.ini -l ubuntu_servers -bK #verify ansibleadm@vg-ubuntu-02:~$ crontab -l #Ansible: check disk space 0 5,2 * * * df -h ----------------------------------------------------------------------------------------------------- -
Apr 26, 2022 . 1 changed file with 436 additions and 86 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,6 +7,8 @@ -k, –ask-pass: ask for connection password ( We have already defined connection password through variable in inventory file.) -K, –ask-become-pass: ask for privilege escalation password ---------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------- #INI-like inventory file mail.example.com @@ -208,14 +210,35 @@ sudo yum -y install https://dl.fedoraproject.org/pub/epel/epelrelease-latest-7.n sudo yum install ansible ansible --version ----------------------------------------------------------------------------------------------------- # 3x servers + 1x controller(remote control) vagrant@vg-ubuntu-01:~$ whoami vagrant vagrant@vg-ubuntu-01:~$ sudo whoami root vagrant@vg-ubuntu-01:~$ id vagrant uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),999(docker) cat | sudo tee << EOF #!/bin/bash apt-get update -yq apt-get install software-properties-common -yq add-apt-repository --yes --update ppa:ansible/ansible apt-get install ansible -yq VER=$(ansible --version) echo "ansible version ...: $VER" EOF sudo cp /etc/hosts{,.orig} #backup cat | sudo tee -a /etc/hosts << EOF 10.35.8.66 vg-ubuntu-02.local vg-ubuntu-02 10.35.8.69 vg-centos-01.local vg-centos-01 10.35.8.68 vg-centos-02.local vg-centos-02 EOF cat | sudo tee custom-inventory.ini << EOF #INI-like inventory file [ubuntu_servers] @@ -231,25 +254,168 @@ super_group = wheel [ubuntu_servers:vars] super_group = sudo EOF $ ansible-inventory --inventory-file=custom-inventory.ini --list $ ansible-inventory --inventory-file=custom-inventory.ini --graph @all: |--@centos_servers: | |--vg-centos-01 | |--vg-centos-02 |--@ubuntu_servers: | |--vg-ubuntu-02 |--@ungrouped: $ cat /etc/ansible/ansible.cfg | grep host_key_checking #host_key_checking = False vagrant@vg-ubuntu-01:~$ ansible all -m ping -i custom-inventory.ini --ask-pass SSH password: vg-centos-02 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true } vg-ubuntu-02 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).", "unreachable": true } vg-centos-01 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } $ sudo ansible all -m ping -i custom-inventory.ini --ask-pass SSH password: vg-ubuntu-02 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).", "unreachable": true } vg-centos-02 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true } vg-centos-01 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } FIX: vagrant@vg-ubuntu-02:~$ sudo grep --color PasswordAuthentication /etc/ssh/sshd_config PasswordAuthentication no # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication, then enable this but set PasswordAuthentication vagrant@vg-ubuntu-02:~$ sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config vagrant@vg-ubuntu-02:~$ sudo grep --color PasswordAuthentication /etc/ssh/sshd_config PasswordAuthentication yes # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication, then enable this but set PasswordAuthentication $ sudo tail -f /var/log/auth.log Apr 26 11:32:23 ubuntu-xenial sshd[5113]: Accepted password for vagrant from 10.35.8.67 port 46310 ssh2 Apr 26 11:32:23 ubuntu-xenial sshd[5113]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) Apr 26 11:32:23 ubuntu-xenial systemd-logind[1067]: New session 9 of user vagrant. $ ansible all -m ping -i custom-inventory.ini --ask-pass SSH password: vg-centos-02 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true } vg-ubuntu-02 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } vg-centos-01 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } FIX: allow password authentication [vagrant@vg-centos-02 ~]$ sudo grep --color PasswordAuthentication /etc/ssh/sshd_config #PasswordAuthentication yes PasswordAuthentication no [vagrant@vg-centos-02 ~]$ sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config [vagrant@vg-centos-02 ~]$ sudo grep --color PasswordAuthentication /etc/ssh/sshd_config #PasswordAuthentication yes PasswordAuthentication yes # PasswordAuthentication. Depending on your PAM configuration, [vagrant@vg-centos-02 ~]$ sudo service sshd restart Redirecting to /bin/systemctl restart sshd.service [vagrant@vg-centos-02 ~]$ sudo journalctl -t sshd -f Apr 26 11:35:01 vg-centos-02 sshd[5798]: Server listening on 0.0.0.0 port 22. Apr 26 11:35:01 vg-centos-02 sshd[5798]: Server listening on :: port 22. Apr 26 11:37:00 vg-centos-02 sshd[5807]: Accepted password for vagrant from 10.35.8.67 port 51456 ssh2 Apr 26 11:37:00 vg-centos-02 sshd[5807]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) $ sudo ansible -i custom-inventory.ini vg-centos-01 -m setup --ask-pass | grep ansible_user SSH password: "ansible_user_dir": "/root", "ansible_user_gecos": "root", "ansible_user_gid": 0, "ansible_user_id": "root", "ansible_user_shell": "/bin/bash", "ansible_user_uid": 0, "ansible_userspace_architecture": "x86_64", "ansible_userspace_bits": "64", #server groups in the inventory file vagrant@vg-ubuntu-01:~$ ansible ubuntu_servers -m shell -a "hostnamectl" -i custom-inventory.ini --ask-pass SSH password: vg-ubuntu-02 | CHANGED | rc=0 >> Static hostname: vg-ubuntu-02 Icon name: computer-vm Chassis: vm Machine ID: 832684edd7804fa59b04cc7c1efe63ba Boot ID: 1140618df6994658b5b6739159d21e96 Virtualization: oracle Operating System: Ubuntu 16.04.7 LTS Kernel: Linux 4.4.0-210-generic Architecture: x86-64 vagrant@vg-ubuntu-01:~$ cat | sudo tee create_user.yaml << EOF --- - name: "Create New User" hosts: all become: true gather_facts: false vars: # Define your username and password here that you want to create on target hosts. username: ansibleadm userpass: admpass tasks: - name: "Create User" ansible.builtin.user: name: "{{ username }}" state: present shell: /bin/bash password: "{{ userpass | password_hash('sha512') }}" update_password: on_create groups: "{{ super_group }}" append: yes EOF vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --syntax-check @@ -259,102 +425,286 @@ playbook: create_user.yaml vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --check --ask-pass SSH password: # --ask-pass not required, as become=true param in create_user.yaml vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* changed: [vg-ubuntu-02] changed: [vg-centos-02] changed: [vg-centos-01] PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 #verify user on target servers vagrant@vg-ubuntu-02:~$ id ansibleadm uid=1002(ansibleadm) gid=1002(ansibleadm) groups=1002(ansibleadm),27(sudo) [vagrant@vg-centos-01 ~]$ id ansibleadm uid=1002(ansibleadm) gid=1002(ansibleadm) groups=1002(ansibleadm),10(wheel) [vagrant@vg-centos-02 ~]$ id ansibleadm uid=1001(ansibleadm) gid=1001(ansibleadm) groups=1001(ansibleadm),10(wheel) #new playbook ssh.yaml, create sudo user with SSH keys and deliver on target servers #controller server, create sudo user, this password is different from the password in ssh.yaml, same user ansibleadm. vagrant@vg-ubuntu-01:~$ sudo adduser ansibleadm Adding user `ansibleadm' ... Adding new group `ansibleadm' (1002) ... Adding new user `ansibleadm' (1002) with group `ansibleadm' ... Creating home directory `/home/ansibleadm' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for ansibleadm Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y vagrant@vg-ubuntu-01:~$ sudo usermod -aG sudo ansibleadm vagrant@vg-ubuntu-01:~$ id ansibleadm uid=1002(ansibleadm) gid=1002(ansibleadm) groups=1002(ansibleadm),27(sudo) #login as sudo user and create SSH keys, skip passphrase for automation purposes vagrant@vg-ubuntu-01:~$ su - ansibleadm Password: ansibleadm@vg-ubuntu-01:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ansibleadm/.ssh/id_rsa): Created directory '/home/ansibleadm/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ansibleadm/.ssh/id_rsa. Your public key has been saved in /home/ansibleadm/.ssh/id_rsa.pub. The key fingerprint is: SHA256:YDWRPmsGRx4/9FmTOgml/B7MbEFcP52Oj9oMWIF7F/Q ansibleadm@vg-ubuntu-01 The key's randomart image is: +---[RSA 2048]----+ | +o ooo.. | | .+o+oo =.o| | o+ =o+.* Eo| | ...= +=B.+ .| | oS+ +B+ . | | + +o..o | | o . ... . | | = | | . o | +----[SHA256]-----+ ansibleadm@vg-ubuntu-01:~$ ls -lai .ssh total 16 269652 drwx------ 2 ansibleadm ansibleadm 4096 Apr 26 12:29 . 269648 drwxr-xr-x 3 ansibleadm ansibleadm 4096 Apr 26 12:29 .. 269653 -rw------- 1 ansibleadm ansibleadm 1675 Apr 26 12:29 id_rsa 269654 -rw-r--r-- 1 ansibleadm ansibleadm 405 Apr 26 12:29 id_rsa.pub vagrant@vg-ubuntu-01:~$ ansible-playbook ssh.yaml -i custom-inventory.ini --syntax-check playbook: ssh.yaml # user not created yet, avoid for now vagrant@vg-ubuntu-01:~$ vagrant@vg-ubuntu-01:~$ sudo ansible-playbook ssh.yaml -i custom-inventory.ini --check --ask-pass SSH password: PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* changed: [vg-ubuntu-02] changed: [vg-centos-02] changed: [vg-centos-01] TASK [Deploy SSH Public Key] *********************************************************************************************************** fatal: [vg-centos-02]: FAILED! => {"changed": false, "msg": "Either user must exist or you must provide full path to key file in check mode"} fatal: [vg-ubuntu-02]: FAILED! => {"changed": false, "msg": "Either user must exist or you must provide full path to key file in check mode"} fatal: [vg-centos-01]: FAILED! => {"changed": false, "msg": "Either user must exist or you must provide full path to key file in check mode"} PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vagrant@vg-ubuntu-01:~$ sudo ansible-playbook ssh.yaml -i custom-inventory.ini PLAY [Create New User] ***************************************************************************************************************** TASK [Create User] ********************************************************************************************************************* changed: [vg-ubuntu-02] changed: [vg-centos-02] changed: [vg-centos-01] TASK [Deploy SSH Public Key] *********************************************************************************************************** changed: [vg-ubuntu-02] changed: [vg-centos-02] changed: [vg-centos-01] PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 #verify if user exists vagrant@vg-ubuntu-02:~$ id ansibleadm uid=1006(ansibleadm) gid=1006(ansibleadm) groups=1006(ansibleadm),27(sudo) #verify user's password vagrant@vg-ubuntu-02:~$ su - ansibleadm Password: To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. #verify SSH publich key, comparing with on controller vg-ubuntu-01 ansibleadm@vg-ubuntu-02:~$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlTPavvyZzM4FY2lCO69a4SQ919vja3UTPHTjpJu2QbYOyKuHggHCD2Q3wExz9hvAb/mASCHxOEHVFleMwbivNgjofgJ/DG5Yomvz7J4vXFOUgNpq4rhQL/pm/+6qf7+fekHyMju70oHR6SIJd74gN4TSgs+OLWnekFTVVA/S/p0KN2lYZt7KTLDDzOd51Votz/MK3qZ2DpDdEqr6D+LG+lP/f7zIElWMHtdx/KFwNICPIWjb1hDcVADpgbKDTWNG9e8KsVnUPx2OI2+GTUWRIaVXNPxDIj96qb1+8JjKGpuvpCPMxBlDFj7TMEoUSPLvCNECiHyTlTA/B7GIzNrkJ ansibleadm@vg-ubuntu-01 ansibleadm@vg-ubuntu-01:~$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlTPavvyZzM4FY2lCO69a4SQ919vja3UTPHTjpJu2QbYOyKuHggHCD2Q3wExz9hvAb/mASCHxOEHVFleMwbivNgjofgJ/DG5Yomvz7J4vXFOUgNpq4rhQL/pm/+6qf7+fekHyMju70oHR6SIJd74gN4TSgs+OLWnekFTVVA/S/p0KN2lYZt7KTLDDzOd51Votz/MK3qZ2DpDdEqr6D+LG+lP/f7zIElWMHtdx/KFwNICPIWjb1hDcVADpgbKDTWNG9e8KsVnUPx2OI2+GTUWRIaVXNPxDIj96qb1+8JjKGpuvpCPMxBlDFj7TMEoUSPLvCNECiHyTlTA/B7GIzNrkJ ansibleadm@vg-ubuntu-01 #verify passwordless ssh connection from controller server vg-ubuntu-01 vagrant@vg-ubuntu-01:~$ su - ansibleadm Password: To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. ansibleadm@vg-ubuntu-01:~$ ssh ansibleadm@vg-ubuntu-02 Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 4.4.0-210-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage UA Infra: Extended Security Maintenance (ESM) is not enabled. 1 update can be applied immediately. To see these additional updates run: apt list --upgradable 96 additional security updates can be applied with UA Infra: ESM Learn more about enabling UA Infra: ESM service for Ubuntu 16.04 at https://ubuntu.com/16-04 New release '18.04.6 LTS' available. Run 'do-release-upgrade' to upgrade to it. Last login: Tue Apr 26 12:44:23 2022 from 10.35.8.67 To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. ansibleadm@vg-ubuntu-02:~$ whoami ansibleadm ansibleadm@vg-ubuntu-02:~$ sudo whoami [sudo] password for ansibleadm: root ansibleadm@vg-ubuntu-02:~$ # new ansible admin with sudo privilleges and access to all servers #copy server list ansibleadm@vg-ubuntu-01:~$ sudo cp /home/vagrant/custom-inventory.ini . ansibleadm@vg-ubuntu-01:~$ cat create_group_loop.yaml --- - name: creating groups with loop hosts: all become: true tasks: - group: name: "{{ item }}" state: present loop: - group1 - group2 ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --syntax-check playbook: create_group_loop.yaml ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --check PLAY [creating groups with loop] ******************************************************************************************************* TASK [Gathering Facts] ***************************************************************************************************************** fatal: [vg-ubuntu-02]: FAILED! => {"msg": "Missing sudo password"} fatal: [vg-centos-02]: FAILED! => {"msg": "Missing sudo password"} fatal: [vg-centos-01]: FAILED! => {"msg": "Missing sudo password"} PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 FIX: #become: no ansibleadm@vg-ubuntu-01:~$ cat create_group_loop.yaml --- - name: creating groups with loop hosts: all become: no tasks: - group: name: "{{ item }}" state: present loop: - group1 - group2 ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --list-hosts playbook: create_group_loop.yaml play #1 (all): creating groups with loop TAGS: [] pattern: [u'all'] hosts (3): vg-ubuntu-02 vg-centos-02 vg-centos-01 ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --check PLAY [creating groups with loop] ******************************************************************************************************* TASK [Gathering Facts] ***************************************************************************************************************** ok: [vg-centos-02] ok: [vg-ubuntu-02] ok: [vg-centos-01] TASK [group] *************************************************************************************************************************** changed: [vg-ubuntu-02] => (item=group1) changed: [vg-centos-02] => (item=group1) changed: [vg-centos-01] => (item=group1) changed: [vg-ubuntu-02] => (item=group2) changed: [vg-centos-02] => (item=group2) changed: [vg-centos-01] => (item=group2) PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ansibleadm@vg-ubuntu-01:~$ ansible-playbook create_group_loop.yaml -i custom-inventory.ini --check --ask-pass SSH password: PLAY [creating groups with loop] ******************************************************************************************************* TASK [Gathering Facts] ***************************************************************************************************************** ok: [vg-centos-02] ok: [vg-ubuntu-02] ok: [vg-centos-01] TASK [group] *************************************************************************************************************************** changed: [vg-ubuntu-02] => (item=group1) changed: [vg-centos-02] => (item=group1) changed: [vg-centos-01] => (item=group1) changed: [vg-ubuntu-02] => (item=group2) changed: [vg-centos-02] => (item=group2) changed: [vg-centos-01] => (item=group2) PLAY RECAP ***************************************************************************************************************************** vg-centos-01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-centos-02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vg-ubuntu-02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------------------------------------------------------------------------------- -
Apr 22, 2022 . 1 changed file with 131 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,11 @@ ---------------------------------------------------------------------------------------------------------------------- #specify a different inventory file using the -i <path> option on the command line /etc/ansible/hosts #Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts /etc/ansible/ansible.cfg #config file -k, –ask-pass: ask for connection password ( We have already defined connection password through variable in inventory file.) -K, –ask-become-pass: ask for privilege escalation password ---------------------------------------------------------------------------------------------------------------------- #INI-like inventory file mail.example.com @@ -211,19 +215,22 @@ root vagrant@vg-ubuntu-01:~$ id vagrant uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),999(docker) vagrant@vg-ubuntu-01:~$ cat custom-inventory.ini #INI-like inventory file [ubuntu_servers] vg-ubuntu-02 [centos_servers] vg-centos-01 vg-centos-02 [centos_servers:vars] super_group = wheel [ubuntu_servers:vars] super_group = sudo vagrant@vg-ubuntu-01:~$ ansible -i custom-iventory.yml vg-ubuntu-02 -m setup --ask-pass SSH password: @@ -239,4 +246,115 @@ host_key_checking = False vagrant@vg-ubuntu-01:~$ ansible all -m ping -i custom-inventory.ini --ask-pass SSH password: #server groups in the inventory file $ ansible ubuntu_servers -m shell -a "hostnamectl" -i custom-inventory.ini --ask-pass SSH password: vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --syntax-check playbook: create_user.yaml #Running a playbook in dry-run mode vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --check --ask-pass SSH password: #ansible admin user and password are set vagrant@vg-ubuntu-01:~$ cat custom-inventory.ini #INI-like inventory file [ubuntu_servers] vg-ubuntu-02 [centos_servers] vg-centos-01 vg-centos-02 [centos_servers:vars] super_group = wheel [ubuntu_servers:vars] super_group = sudo [all:vars] ansible_ssh_user = vagrant ansible_ssh_pass = vagrant vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --check vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini --list-hosts playbook: create_user.yaml play #1 (all): Create New User TAGS: [] pattern: [u'all'] hosts (3): vg-ubuntu-02 vg-centos-02 vg-centos-01 vagrant@vg-ubuntu-01:~$ cat create_user.yaml --- - name: Create New User hosts: all become: true gather_facts: false vars: # Define your username and password here that you want to create on target hosts. username: newuser userpass: user_password tasks: - name: Create User ansible.builtin.user: name: "{{ username }}" state: present shell: /bin/bash password: "{{ userpass | password_hash('sha512') }}" update_password: on_create groups: "{{ super_group }}" append: yes vagrant@vg-ubuntu-01:~$ ansible-playbook create_user.yaml -i custom-inventory.ini #verify [vagrant@vg-centos-01 ~]$ id newuser uid=1001(newuser) gid=1001(newuser) groups=1001(newuser),10(wheel) #verify vagrant@vg-ubuntu-02:~$ id newuser uid=1003(newuser) gid=1003(newuser) groups=1003(newuser),27(sudo) vagrant@vg-ubuntu-01:~$ cat create_user_ubuntu.yaml --- - name: Create New User hosts: ubuntu_servers become: true gather_facts: false vars: # Define your username and password here that you want to create on target hosts. username: newuser userpass: user_password tasks: - name: Create User ansible.builtin.user: name: "{{ username }}" state: present shell: /bin/bash password: "{{ userpass | password_hash('sha512') }}" update_password: on_create groups: "{{ super_group }}" append: yes vagrant@vg-ubuntu-01:~$ ansible-playbook create_user_ubuntu.yaml -i custom-inventory.ini --list-hosts playbook: create_user_ubuntu.yaml play #1 (ubuntu_servers): Create New User TAGS: [] pattern: [u'ubuntu_servers'] hosts (1): vg-ubuntu-02 ----------------------------------------------------------------------------------------------------- -
Apr 22, 2022 . 1 changed file with 37 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -203,3 +203,40 @@ ansible --version sudo yum -y install https://dl.fedoraproject.org/pub/epel/epelrelease-latest-7.noarch.rpm sudo yum install ansible ansible --version ----------------------------------------------------------------------------------------------------- vagrant@vg-ubuntu-01:~$ whoami vagrant vagrant@vg-ubuntu-01:~$ sudo whoami root vagrant@vg-ubuntu-01:~$ id vagrant uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),999(docker) $ cat custom-iventory.yml #YAML-like inventory file all: hosts: vg-ubuntu-01: children: ubuntu_servers: hosts: vg-ubuntu-02: centos_servers: hosts: vg-centos-01: vg-centos-02: vagrant@vg-ubuntu-01:~$ ansible -i custom-iventory.yml vg-ubuntu-02 -m setup --ask-pass SSH password: vagrant@vg-ubuntu-01:~$ ansible all -m ping -i custom-inventory.ini --ask-pass SSH password: $ cat /etc/ansible/ansible.cfg | grep host_key_checking #host_key_checking = False vagrant@vg-ubuntu-01:~$ sudo sed -i 's/#host_key_checking = False/host_key_checking = False/' /etc/ansible/ansible.cfg vagrant@vg-ubuntu-01:~$ cat /etc/ansible/ansible.cfg | grep host_key_checking host_key_checking = False vagrant@vg-ubuntu-01:~$ ansible all -m ping -i custom-inventory.ini --ask-pass SSH password: ----------------------------------------------------------------------------------------------------- -
Apr 22, 2022 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,7 @@ ---------------------------------------------------------------------------------------------------------------------- #specify a different inventory file using the -i <path> option on the command line /etc/ansible/hosts #Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts /etc/ansible/ansible.cfg #config file ---------------------------------------------------------------------------------------------------------------------- #INI-like inventory file mail.example.com -
Apr 22, 2022 . 1 changed file with 27 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,33 @@ #specify a different inventory file using the -i <path> option on the command line /etc/ansible/hosts #Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts ---------------------------------------------------------------------------------------------------------------------- #INI-like inventory file mail.example.com [webservers] foo.example.com bar.example.com [dbservers] one.example.com two.example.com three.example.com ---------------------------------------------------------------------------------------------------------------------- #YAML-like inventory file all: hosts: mail.example.com: children: webservers: hosts: foo.example.com: bar.example.com: dbservers: hosts: one.example.com: two.example.com: three.example.com: ---------------------------------------------------------------------------------------------------------------------- sudo apt-get install python-virtualenv python -m virtualenv ansible # Create a virtualenv if one does not already exist source ansible/bin/activate # Activate the virtual environment -
Apr 22, 2022 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,7 @@ ---------------------------------------------------------------------------------------------------------------------- #specify a different inventory file using the -i <path> option on the command line /etc/ansible/hosts #Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts ---------------------------------------------------------------------------------------------------------------------- sudo apt-get install python-virtualenv python -m virtualenv ansible # Create a virtualenv if one does not already exist source ansible/bin/activate # Activate the virtual environment -
Mar 25, 2021 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,9 @@ ---------------------------------------------------------------------------------------------------------------------- sudo apt-get install python-virtualenv python -m virtualenv ansible # Create a virtualenv if one does not already exist source ansible/bin/activate # Activate the virtual environment python -m pip install ansible ---------------------------------------------------------------------------------------------------------------------- # Not inventory, remote passwordless ssh connection
NewerOlder