Nov 18, 2021

Ansible command lines

 Ansible command line helps you to meet your requirement without creating & running playbook.

The purpose of Ansible command is basically:

--> run a single task

--> helpful to run some ad-hoc commands e.g., server uptime, date, filesystem usage report etc.


syntax:  ansible <host-pattern> [options]

-u REMOTE_USER

-m MODULE_NAME

-a module arguments

-i specify inventory host path or comma separated host

-s run operations with sudo

Examples:

1) Get uptime of remote servers:

# ansible all -m command -a uptime

192.168.100.2 | CHANGED | rc=0 >>

 06:04:05 up 3 days, 18:03,  1 user,  load average: 1.49, 1.12, 1.03

192.168.100.1 | CHANGED | rc=0 >>

 06:04:05 up 3 days, 18:02,  1 user,  load average: 1.01, 1.06, 1.08

2) Show hostnames of remote server:

# ansible all -m command -a /usr/bin/hostname

192.168.100.1 | CHANGED | rc=0 >>

example01

192.168.100.2 | CHANGED | rc=0 >>

example02

3) See remote server OS version:

# ansible all -m command -a "cat /etc/redhat-release"

192.168.100.2 | CHANGED | rc=0 >>

Red Hat Enterprise Linux Server release 7.8 (Maipo)

192.168.100.1 | CHANGED | rc=0 >>

Red Hat Enterprise Linux Server release 7.8 (Maipo)

4) See file system usage:

# ansible all -m command -a "df -h /u01"

192.168.100.2 | CHANGED | rc=0 >>

Filesystem      Size  Used Avail Use% Mounted on

/dev/sdb1       300G  183G  118G  61% /u01

192.168.100.1 | CHANGED | rc=0 >>

Filesystem      Size  Used Avail Use% Mounted on

/dev/sdb1       300G  192G  109G  64% /u01

5) See remote server dates:

# ansible all -m command -a "date"

192.168.100.2 | CHANGED | rc=0 >>

Thu Nov 18 06:08:13 GMT 2021

192.168.100.1 | CHANGED | rc=0 >>

Thu Nov 18 06:08:13 GMT 2021


Posted by at 11 comments:
Labels:

Ansible Vault - Security in Ansible

 When you are using Ansible, you may be required to key in some confidential or secret information in playbooks. This includes SSH private and public keys, passwords, and SSL certificates to mention just a few. As we already know, its bad practice to save this sensitive information in plain text for obvious reasons. This information requires to be kept under lock and key because we can only imagine what would happen if hackers or unauthorized users got a hold of it.

Ansible provides us with a handy feature known as Ansible Vault. As the name suggests, the Ansible Vault helps secure vital secret information as we have discussed earlier. Ansible Vault can encrypt variables, or even entire files and YAML playbooks as we shall later demonstrate. It’s a very handy and user-friendly tool that requires the same password when encrypting and decrypting files.


Here are few examples:

Encrypt a file/ playbook:

# ansible-vault encrypt demo.yml

New Vault password:

Confirm New Vault password:

Encryption successful

# cat demo.yml

$ANSIBLE_VAULT;1.1;AES256

63643961663965663630373861323966383565346165663231336562666338393363346162386238

3132343739396130643463333337386435663133316132640a313638373838616437663933633834

35626337373262383236646136616536616334346364393466616131306333353065386133666136

3532653438336364660a646262633233653364313965613562326136356366393564356364643536

62623034633565326535633365366362646339303766326536303431363031303235346137393233

33386334623163363032653237636363616161376635616666303136623461343134613034316365

62383464396461383937373332633462363838663764363337653265623738613035393735346634

32396265623932313530303332663937353931343036346532343266303364666566303739626534

34663839666665393363646139343931343930333430663039633934626330313830356432383861

3566343934366633353836383330303662306132623133663465

#


Decrypt the encrypted ansible file/playbook:

# ansible-vault decrypt demo.yml

Vault password:

Decryption successful


Edit an Encrypted File in Ansible:

#  ansible-vault edit demo.yml

Change Ansible Vault Password:


Reset key on Encrypted File in Ansible:

#  ansible-vault rekey demo.yml

Vault password:

New Vault password:

Confirm New Vault password:

Rekey successful


Decrypt a playbook file during Runtime:

# ansible-playbook demo.yml --ask-vault-pass

Vault password:

PLAY [all] ***********************************************************************************

TASK [Gathering Facts] ***********************************************************************************

ok: [192.168.100.2]

ok: [192.168.100.1]

TASK [Date and Time example] ***********************************************************************************

ok: [192.168.100.1] => {

    "ansible_date_time.date": "2021-11-18"

}

ok: [192.168.100.2] => {

    "ansible_date_time.date": "2021-11-18"

}

PLAY RECAP ***********************************************************************************

192.168.100.1             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

192.168.100.2             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0



Posted by at No comments:
Labels:

Nov 10, 2021

Ansible automation to install Java in Linux machines

We can install Java in multiple targets / linux hosts using ansible. Here I am showing you one demo scenario to do the following tasks using Ansible:

1. Create directory

2. Unzip/Install Java software 

3. Create a symbolic link to uninstalled Java

 Create the playbook with name something like "java_install.yml".

Step#1: Create the play book

[root@demosys01 ~]#  cat java_install.yml

---

- hosts: all

  remote_user: oracle

  tasks:

   - name: Create Folder

     file:

      path: /u01/fmw/java

      mode: 0755

      state: directory

   - name: Unpack archive

     unarchive:

      src: /software/jdk-8u291-linux-x64.tar.gz

      dest: /u01/fmw/java

      remote_src: yes

   - name: Create symbolic link

     file:

      src: "jdk1.8.0_291"

      dest: "/u01/fmw/java/jdk"

      state: link

[root@demosys01 ~]#


Step#2:  Verify the playbook to check syntax errors:

# ansible-playbook java_install.yml --syntax-check

playbook: java_install.yml

#

Here, no errors found. Now go-ahed to run the play book.


Step#3: Run the play book

[root@demosys01 ~]# ansible-playbook java_install.yml

PLAY [all] ***********************************************************************************

TASK [Gathering Facts] ***********************************************************************************

ok: [192.168.100.1]

ok: [192.168.100.2]


TASK [Create Folder] ***********************************************************************************

changed: [192.168.100.1]

changed: [192.168.100.2]


TASK [Unpack archive] ***************************************************************************************************************************************

changed: [192.168.100.1]

changed: [192.168.100.2]


TASK [Create symbolic link] ***********************************************************************************

changed: [192.168.100.1]

changed: [192.168.100.2]


PLAY RECAP ******************************************************************************************************************

192.168.100.1             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

192.168.100.2             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[root@demosys01 ~]#


Step#4: Now Verify in one of the target host:

verify in target host:


[oracle@example01 ]$ hostname -i

192.168.100.2

[oracle@example01 ]$ cd /u01/fmw/java

[oracle@example01 java]$ ls -l

total 4

lrwxrwxrwx 1 oracle dba   12 Nov 10 09:04 jdk -> jdk1.8.0_291

drwxr-xr-x 8 oracle dba 4096 Jun  2 10:05 jdk1.8.0_291

[oracle@example01 java]$

Posted by at 10 comments:
Labels:

Nov 3, 2021

Deploy and execute a shell script in target hosts using Ansible

Let's imagine you have a script to execute in all target hosts. In this case, let's call it setup.sh and for now, it will just be a Shell/ BASH script.

Step#1 : Create the Setup Script

Lets create the script on our Ansible server because it needs to be local

e.g., create in central/ ansible server

# vi setup.sh

touch test.txt

Step#2: create your play book

# cat play_setup.yml

---

#deploy shell script

- name: Transfer and execute a script.

  hosts: all

  remote_user: oracle

  tasks:

   - name: Transfer the script

     copy: src=setup.sh dest=/home/oracle mode=0777

   - name: Execute the script

     command: sh /home/oracle/setup.sh

Step#3: Now execute your play book after syntax check

# ansible-playbook play_setup.yml --syntax-check

playbook: play_setup.yml


# ansible-playbook play_setup.yml

PLAY [Transfer and execute a script.] ***********************************************************************************

TASK [Gathering Facts] ***********************************************************************************

ok: [192.168.100.1]

ok: [192.168.100.2]

TASK [Transfer the script] ***********************************************************************************

ok: [192.168.100.1]

ok: [192.168.100.2]

TASK [Execute the script] ***********************************************************************************

changed: [192.168.100.1]

changed: [192.168.100.2]

PLAY RECAP ***********************************************************************************

192.168.100.2             : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

192.168.100.1             : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0



Step#4: Verify in one of the target host

connect to 192.168.100.1 and check


$ ls setup.sh

setup.sh

$ ls test.txt

test.txt


We saw here our script deployed and executed successfully.


Posted by at 19 comments:
Labels:
Subscribe to: Posts (Atom)

Translate >>