Differences
This shows you the differences between two versions of the page.
|
devops:laboratoare:03 [2022/07/27 16:38] bogdan.croitoru |
devops:laboratoare:03 [2022/07/27 16:41] (current) bogdan.croitoru |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Hands-on session 2/2 - part 2/3 ===== | ===== Hands-on session 2/2 - part 2/3 ===== | ||
| - | + | Please check the text file on the Media Manager section. | |
| - | THE FOLLOWING SCRIPTS WILL DEPLOY AUTOMATED ANSIBLE ENVIRONMENTS FOR YOUR ACCOUNTS | + | |
| - | ---------------------------------------------------------------------------------- | + | |
| - | + | ||
| - | + | ||
| - | ======= | + | |
| - | AS USER | + | |
| - | ======= | + | |
| - | + | ||
| - | + | ||
| - | 1.automated_ansible_install.sh | + | |
| - | ------------------------------ | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Automated deployment for Ansible environment with pip | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as user) | source automated_ansible_install.sh | + | |
| - | + | ||
| - | pip3 install --user --upgrade pip | + | |
| - | pip3 install --user pytest-testinfra | + | |
| - | pip3 install ansible==2.9 | + | |
| - | + | ||
| - | echo "export PATH=\$PATH:\$HOME/.local/bin" >> ~/.bashrc | + | |
| - | source ~/.bashrc | + | |
| - | + | ||
| - | + | ||
| - | 2.create_server_list.sh | + | |
| - | ----------------------- | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Generate server list | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as user) | ~$ bash create_server_list.sh | + | |
| - | + | ||
| - | read -p "ENTER NODE1 IP: " n1 | + | |
| - | read -p "ENTER NODE2 IP: " n2 | + | |
| - | read -p "ENTER NODE3 IP: " n3 | + | |
| - | + | ||
| - | echo $n1 >> server_list | + | |
| - | echo $n2 >> server_list | + | |
| - | echo $n3 >> server_list | + | |
| - | + | ||
| - | + | ||
| - | =============================================== | + | |
| - | AS ROOT | + | |
| - | sudo su -- (to keep current scripts directory) | + | |
| - | =============================================== | + | |
| - | + | ||
| - | + | ||
| - | 3.create_sudoers_rule.sh | + | |
| - | ------------------------ | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Create sudoers rule and distribute on remote nodes | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as root) | ~# bash create_sudoers_rule.sh | + | |
| - | + | ||
| - | read -p "ENTER YOUR USER NAME: " user | + | |
| - | read -p "SET NAME FOR ANSIBLE USER (YOUR CURRENT NAME FOLLOWED BY A NUMBER/LETTER): " ansible_user | + | |
| - | + | ||
| - | echo "$ansible_user ALL=(ALL) NOPASSWD :ALL" > /etc/sudoers.d/$ansible_user | + | |
| - | chmod 0440 /etc/sudoers.d/$ansible_user | + | |
| - | visudo -c | + | |
| - | for i in `cat /home/$user/server_list`; do scp /etc/sudoers.d/$ansible_user $i:/etc/sudoers.d/; done | + | |
| - | + | ||
| - | + | ||
| - | 4.create_ansible_user.sh | + | |
| - | ------------------------ | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Create ansible account on remote nodes | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as root) | ~# bash create_ansible_user.sh | + | |
| - | + | ||
| - | + | ||
| - | read -p "ENTER YOUR ansible USER NAME: " ansible | + | |
| - | read -p "ENTER YOUR ansible USER PASSWORD: " pass | + | |
| - | + | ||
| - | echo -e '#!/usr/bin/env bash' >> 5.deploy_user_for_ansible.sh | + | |
| - | echo 'useradd -m -d /home/'$ansible' -s /bin/bash '$ansible' && echo "'$ansible:$pass'" | chpasswd' >> 5.deploy_user_for_ansible.sh | + | |
| - | + | ||
| - | chmod 755 5.deploy_user_for_ansible.sh | + | |
| - | + | ||
| - | + | ||
| - | -----THE 5th SCRIPT WILL BE GENERATED BY THE SCRIPT ABOVE----- | + | |
| - | + | ||
| - | + | ||
| - | 6.create_ansible_user_on_nodes | + | |
| - | ------------------------------ | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Deploy ansible account on remote nodes | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as root) | ~# bash create_ansible_user_on_nodes.sh | + | |
| - | + | ||
| - | read -p "ENTER YOUR USER NAME: " user | + | |
| - | + | ||
| - | for i in `cat /home/$user/server_list`; do ssh root@$i 'bash -s' < 5.deploy_user_for_ansible.sh; done | + | |
| - | + | ||
| - | + | ||
| - | =========================== | + | |
| - | exit (TO BECOME USER AGAIN) | + | |
| - | =========================== | + | |
| - | + | ||
| - | + | ||
| - | 7.deploy_ssh_key.sh | + | |
| - | ------------------- | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Deploy ssh key to remote ansible user | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as user) | ~$ bash deploy_ssh_key.sh | + | |
| - | + | ||
| - | read -p "ENTER YOUR ansible USER NAME: " ansible | + | |
| - | + | ||
| - | ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" | + | |
| - | for i in `cat server_list`; do ssh-copy-id -i ~/.ssh/id_rsa.pub $ansible@$i; done | + | |
| - | + | ||
| - | + | ||
| - | 8.create_ansible_config.sh | + | |
| - | -------------------------- | + | |
| - | + | ||
| - | #!/usr/bin/env bash | + | |
| - | + | ||
| - | # AUTHOR | Mircea VRABIE | + | |
| - | # TARGET | Create environment for ansible deployments | + | |
| - | # DATE | Jul 2022 | + | |
| - | # HOW TO (as user) | ~$ bash create_ansible_config.sh | + | |
| - | + | ||
| - | ### SET ANSIBLE ENVIRONMENT | + | |
| - | + | ||
| - | read -p "ENTER YOUR ansible USER NAME: " ansible | + | |
| - | + | ||
| - | mv server_list inventory | + | |
| - | + | ||
| - | cat <<EOF >> ~/ansible.cfg | + | |
| - | [defaults] | + | |
| - | inventory=~/inventory | + | |
| - | remote_user=$ansible | + | |
| - | host_key_checking=False | + | |
| - | deprecation_warnings=False | + | |
| - | forks=1 | + | |
| - | + | ||
| - | [privilege_escalation] | + | |
| - | become=True | + | |
| - | become_method=sudo | + | |
| - | become_user=root | + | |
| - | become_ask_pass=False | + | |
| - | EOF | + | |
| - | + | ||
| - | ================================================================================================================= | + | |
| - | ================================================================================================================= | + | |
| - | ================================================================================================================= | + | |
| - | + | ||
| - | ++++++LAB++++++ | + | |
| - | + | ||
| - | # Add user | + | |
| - | + | ||
| - | openssl passwd -6 -salt xyz <your_password> - (Generate password hash for /etc/shadow) | + | |
| - | + | ||
| - | mkdir playbooks | + | |
| - | vim playbooks/add_user.yml | + | |
| - | + | ||
| - | --- | + | |
| - | - name: add_user | + | |
| - | hosts: all (IP_node1) | + | |
| - | tasks: | + | |
| - | - name: add user "<your_user1>" on all hosts | + | |
| - | user: | + | |
| - | name: <your_user1> | + | |
| - | shell: /bin/bash | + | |
| - | home: /home/<your_user1> | + | |
| - | password: $6$xyz$73Q3Z.l5kN5BNAGMmP5IKozhqw3Zhj8bqQuJy3.Wf44.I3/nkSnzPMeX6rozvFiDHgi2DIt/BOc/lt14/2PH91 | + | |
| - | generate_ssh_key: yes | + | |
| - | ssh_key_bits: 2048 | + | |
| - | ssh_key_file: .ssh/id_rsa | + | |
| - | - name: create /etc/sudoers.d/<your_user1> | + | |
| - | file: | + | |
| - | path: /etc/sudoers.d/<your_user1> | + | |
| - | state: touch | + | |
| - | - name: add sudoers rights for <your_user1> | + | |
| - | copy: | + | |
| - | content: "<your_user1> ALL=(ALL) NOPASSWD: ALL" | + | |
| - | dest: /etc/sudoers.d/<your_user1> | + | |
| - | - name: set rights for /etc/sudoers.d/<your_user1> | + | |
| - | file: | + | |
| - | path: /etc/sudoers.d/<your_user1> | + | |
| - | mode: '0440' | + | |
| - | ... | + | |
| - | + | ||
| - | + | ||
| - | ansible-playbook --syntax-check playbooks/add_user.yml | + | |
| - | ansible-playbook -v -C playbooks/add_user.yml (" '-C' - dry run") | + | |
| - | ansible-playbook -v playbooks/add_user.yml ("execute playbook") (" '-v' TO '-vvvv' ==> verbosity for debuging, usualy '-v' is enought") | + | |
| - | + | ||
| - | + | ||
| - | # Delete user with one liner | + | |
| - | ansible all (node1) -m shell -a 'userdel -r <your_user1>' | + | |
