This shows you the differences between two versions of the page.
devops:laboratoare:03 [2022/07/27 16:38] bogdan.croitoru |
devops:laboratoare:03 [2022/07/27 16:41] (current) bogdan.croitoru |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Hands-on session 2/2 - part 2/3 ===== | ===== Hands-on session 2/2 - part 2/3 ===== | ||
- | + | Please check the text file on the Media Manager section. | |
- | THE FOLLOWING SCRIPTS WILL DEPLOY AUTOMATED ANSIBLE ENVIRONMENTS FOR YOUR ACCOUNTS | + | |
- | ---------------------------------------------------------------------------------- | + | |
- | + | ||
- | + | ||
- | ======= | + | |
- | AS USER | + | |
- | ======= | + | |
- | + | ||
- | + | ||
- | 1.automated_ansible_install.sh | + | |
- | ------------------------------ | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Automated deployment for Ansible environment with pip | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as user) | source automated_ansible_install.sh | + | |
- | + | ||
- | pip3 install --user --upgrade pip | + | |
- | pip3 install --user pytest-testinfra | + | |
- | pip3 install ansible==2.9 | + | |
- | + | ||
- | echo "export PATH=\$PATH:\$HOME/.local/bin" >> ~/.bashrc | + | |
- | source ~/.bashrc | + | |
- | + | ||
- | + | ||
- | 2.create_server_list.sh | + | |
- | ----------------------- | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Generate server list | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as user) | ~$ bash create_server_list.sh | + | |
- | + | ||
- | read -p "ENTER NODE1 IP: " n1 | + | |
- | read -p "ENTER NODE2 IP: " n2 | + | |
- | read -p "ENTER NODE3 IP: " n3 | + | |
- | + | ||
- | echo $n1 >> server_list | + | |
- | echo $n2 >> server_list | + | |
- | echo $n3 >> server_list | + | |
- | + | ||
- | + | ||
- | =============================================== | + | |
- | AS ROOT | + | |
- | sudo su -- (to keep current scripts directory) | + | |
- | =============================================== | + | |
- | + | ||
- | + | ||
- | 3.create_sudoers_rule.sh | + | |
- | ------------------------ | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Create sudoers rule and distribute on remote nodes | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as root) | ~# bash create_sudoers_rule.sh | + | |
- | + | ||
- | read -p "ENTER YOUR USER NAME: " user | + | |
- | read -p "SET NAME FOR ANSIBLE USER (YOUR CURRENT NAME FOLLOWED BY A NUMBER/LETTER): " ansible_user | + | |
- | + | ||
- | echo "$ansible_user ALL=(ALL) NOPASSWD :ALL" > /etc/sudoers.d/$ansible_user | + | |
- | chmod 0440 /etc/sudoers.d/$ansible_user | + | |
- | visudo -c | + | |
- | for i in `cat /home/$user/server_list`; do scp /etc/sudoers.d/$ansible_user $i:/etc/sudoers.d/; done | + | |
- | + | ||
- | + | ||
- | 4.create_ansible_user.sh | + | |
- | ------------------------ | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Create ansible account on remote nodes | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as root) | ~# bash create_ansible_user.sh | + | |
- | + | ||
- | + | ||
- | read -p "ENTER YOUR ansible USER NAME: " ansible | + | |
- | read -p "ENTER YOUR ansible USER PASSWORD: " pass | + | |
- | + | ||
- | echo -e '#!/usr/bin/env bash' >> 5.deploy_user_for_ansible.sh | + | |
- | echo 'useradd -m -d /home/'$ansible' -s /bin/bash '$ansible' && echo "'$ansible:$pass'" | chpasswd' >> 5.deploy_user_for_ansible.sh | + | |
- | + | ||
- | chmod 755 5.deploy_user_for_ansible.sh | + | |
- | + | ||
- | + | ||
- | -----THE 5th SCRIPT WILL BE GENERATED BY THE SCRIPT ABOVE----- | + | |
- | + | ||
- | + | ||
- | 6.create_ansible_user_on_nodes | + | |
- | ------------------------------ | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Deploy ansible account on remote nodes | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as root) | ~# bash create_ansible_user_on_nodes.sh | + | |
- | + | ||
- | read -p "ENTER YOUR USER NAME: " user | + | |
- | + | ||
- | for i in `cat /home/$user/server_list`; do ssh root@$i 'bash -s' < 5.deploy_user_for_ansible.sh; done | + | |
- | + | ||
- | + | ||
- | =========================== | + | |
- | exit (TO BECOME USER AGAIN) | + | |
- | =========================== | + | |
- | + | ||
- | + | ||
- | 7.deploy_ssh_key.sh | + | |
- | ------------------- | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Deploy ssh key to remote ansible user | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as user) | ~$ bash deploy_ssh_key.sh | + | |
- | + | ||
- | read -p "ENTER YOUR ansible USER NAME: " ansible | + | |
- | + | ||
- | ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" | + | |
- | for i in `cat server_list`; do ssh-copy-id -i ~/.ssh/id_rsa.pub $ansible@$i; done | + | |
- | + | ||
- | + | ||
- | 8.create_ansible_config.sh | + | |
- | -------------------------- | + | |
- | + | ||
- | #!/usr/bin/env bash | + | |
- | + | ||
- | # AUTHOR | Mircea VRABIE | + | |
- | # TARGET | Create environment for ansible deployments | + | |
- | # DATE | Jul 2022 | + | |
- | # HOW TO (as user) | ~$ bash create_ansible_config.sh | + | |
- | + | ||
- | ### SET ANSIBLE ENVIRONMENT | + | |
- | + | ||
- | read -p "ENTER YOUR ansible USER NAME: " ansible | + | |
- | + | ||
- | mv server_list inventory | + | |
- | + | ||
- | cat <<EOF >> ~/ansible.cfg | + | |
- | [defaults] | + | |
- | inventory=~/inventory | + | |
- | remote_user=$ansible | + | |
- | host_key_checking=False | + | |
- | deprecation_warnings=False | + | |
- | forks=1 | + | |
- | + | ||
- | [privilege_escalation] | + | |
- | become=True | + | |
- | become_method=sudo | + | |
- | become_user=root | + | |
- | become_ask_pass=False | + | |
- | EOF | + | |
- | + | ||
- | ================================================================================================================= | + | |
- | ================================================================================================================= | + | |
- | ================================================================================================================= | + | |
- | + | ||
- | ++++++LAB++++++ | + | |
- | + | ||
- | # Add user | + | |
- | + | ||
- | openssl passwd -6 -salt xyz <your_password> - (Generate password hash for /etc/shadow) | + | |
- | + | ||
- | mkdir playbooks | + | |
- | vim playbooks/add_user.yml | + | |
- | + | ||
- | --- | + | |
- | - name: add_user | + | |
- | hosts: all (IP_node1) | + | |
- | tasks: | + | |
- | - name: add user "<your_user1>" on all hosts | + | |
- | user: | + | |
- | name: <your_user1> | + | |
- | shell: /bin/bash | + | |
- | home: /home/<your_user1> | + | |
- | password: $6$xyz$73Q3Z.l5kN5BNAGMmP5IKozhqw3Zhj8bqQuJy3.Wf44.I3/nkSnzPMeX6rozvFiDHgi2DIt/BOc/lt14/2PH91 | + | |
- | generate_ssh_key: yes | + | |
- | ssh_key_bits: 2048 | + | |
- | ssh_key_file: .ssh/id_rsa | + | |
- | - name: create /etc/sudoers.d/<your_user1> | + | |
- | file: | + | |
- | path: /etc/sudoers.d/<your_user1> | + | |
- | state: touch | + | |
- | - name: add sudoers rights for <your_user1> | + | |
- | copy: | + | |
- | content: "<your_user1> ALL=(ALL) NOPASSWD: ALL" | + | |
- | dest: /etc/sudoers.d/<your_user1> | + | |
- | - name: set rights for /etc/sudoers.d/<your_user1> | + | |
- | file: | + | |
- | path: /etc/sudoers.d/<your_user1> | + | |
- | mode: '0440' | + | |
- | ... | + | |
- | + | ||
- | + | ||
- | ansible-playbook --syntax-check playbooks/add_user.yml | + | |
- | ansible-playbook -v -C playbooks/add_user.yml (" '-C' - dry run") | + | |
- | ansible-playbook -v playbooks/add_user.yml ("execute playbook") (" '-v' TO '-vvvv' ==> verbosity for debuging, usualy '-v' is enought") | + | |
- | + | ||
- | + | ||
- | # Delete user with one liner | + | |
- | ansible all (node1) -m shell -a 'userdel -r <your_user1>' | + |