THE FOLLOWING SCRIPTS WILL DEPLOY AUTOMATED ANSIBLE ENVIRONMENTS FOR YOUR ACCOUNTS ---------------------------------------------------------------------------------- ======= AS USER ======= 1.automated_ansible_install.sh ------------------------------ #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Automated deployment for Ansible environment with pip # DATE | Jul 2022 # HOW TO (as user) | ~$ source automated_ansible_install.sh pip3 install --user --upgrade pip pip3 install --user pytest-testinfra pip3 install ansible==2.9 echo "export PATH=\$PATH:\$HOME/.local/bin" >> ~/.bashrc source ~/.bashrc 2.create_server_list.sh ----------------------- #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Generate server list # DATE | Jul 2022 # HOW TO (as user) | ~$ bash create_server_list.sh read -p "ENTER NODE1 IP: " n1 read -p "ENTER NODE2 IP: " n2 read -p "ENTER NODE3 IP: " n3 echo $n1 >> server_list echo $n2 >> server_list echo $n3 >> server_list =============================================== AS ROOT sudo su -- (to keep current scripts directory) =============================================== 3.create_sudoers_rule.sh ------------------------ #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Create sudoers rule and distribute on remote nodes # DATE | Jul 2022 # HOW TO (as root) | ~# bash create_sudoers_rule.sh read -p "ENTER YOUR USER NAME: " user read -p "SET NAME FOR ANSIBLE USER (YOUR CURRENT NAME FOLLOWED BY A NUMBER/LETTER): " ansible_user echo "$ansible_user ALL=(ALL) NOPASSWD :ALL" > /etc/sudoers.d/$ansible_user chmod 0440 /etc/sudoers.d/$ansible_user visudo -c for i in `cat /home/$user/server_list`; do scp /etc/sudoers.d/$ansible_user $i:/etc/sudoers.d/; done 4.create_ansible_user.sh ------------------------ #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Create ansible account on remote nodes # DATE | Jul 2022 # HOW TO (as root) | ~# bash create_ansible_user.sh read -p "ENTER YOUR ansible USER NAME: " ansible read -p "ENTER YOUR ansible USER PASSWORD: " pass echo -e '#!/usr/bin/env bash' >> 5.deploy_user_for_ansible.sh echo 'useradd -m -d /home/'$ansible' -s /bin/bash '$ansible' && echo "'$ansible:$pass'" | chpasswd' >> 5.deploy_user_for_ansible.sh chmod 755 5.deploy_user_for_ansible.sh -----THE 5th SCRIPT WILL BE GENERATED BY THE SCRIPT ABOVE----- 6.create_ansible_user_on_nodes ------------------------------ #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Deploy ansible account on remote nodes # DATE | Jul 2022 # HOW TO (as root) | ~# bash create_ansible_user_on_nodes.sh read -p "ENTER YOUR USER NAME: " user for i in `cat /home/$user/server_list`; do ssh root@$i 'bash -s' < 5.deploy_user_for_ansible.sh; done =========================== exit (TO BECOME USER AGAIN) =========================== 7.deploy_ssh_key.sh ------------------- #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Deploy ssh key to remote ansible user # DATE | Jul 2022 # HOW TO (as user) | ~$ bash deploy_ssh_key.sh read -p "ENTER YOUR ansible USER NAME: " ansible ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" for i in `cat server_list`; do ssh-copy-id -i ~/.ssh/id_rsa.pub $ansible@$i; done 8.create_ansible_config.sh -------------------------- #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Create environment for ansible deployments # DATE | Jul 2022 # HOW TO (as user) | ~$ bash create_ansible_config.sh ### SET ANSIBLE ENVIRONMENT read -p "ENTER YOUR ansible USER NAME: " ansible mv server_list inventory cat <> ~/ansible.cfg [defaults] inventory=~/inventory remote_user=$ansible host_key_checking=False deprecation_warnings=False forks=1 [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False EOF ================================================================================================================= ================================================================================================================= ================================================================================================================= ++++++LAB++++++ # Add user openssl passwd -6 -salt xyz - (Generate password hash for /etc/shadow) mkdir playbooks vim playbooks/add_user.yml --- - name: add_user hosts: all (IP_node1) tasks: - name: add user "" on all hosts user: name: shell: /bin/bash home: /home/ password: $6$xyz$73Q3Z.l5kN5BNAGMmP5IKozhqw3Zhj8bqQuJy3.Wf44.I3/nkSnzPMeX6rozvFiDHgi2DIt/BOc/lt14/2PH91 generate_ssh_key: yes ssh_key_bits: 2048 ssh_key_file: .ssh/id_rsa - name: create /etc/sudoers.d/ file: path: /etc/sudoers.d/ state: touch - name: add sudoers rights for copy: content: " ALL=(ALL) NOPASSWD: ALL" dest: /etc/sudoers.d/ - name: set rights for /etc/sudoers.d/ file: path: /etc/sudoers.d/ mode: '0440' ... ansible-playbook --syntax-check playbooks/add_user.yml ansible-playbook -v -C playbooks/add_user.yml (" '-C' - dry run") ansible-playbook -v playbooks/add_user.yml ("execute playbook") (" '-v' TO '-vvvv' ==> verbosity for debuging, usualy '-v' is enought") # Delete user with one liner ansible all (node1) -m shell -a 'userdel -r '