Show page
Recent changes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

devops:laboratoare:03 [2022/07/27 16:29]
bogdan.croitoru 		devops:laboratoare:03 [2022/07/27 16:41] (current)
bogdan.croitoru
Line 1: Line 1:
 ===== Hands-on session 2/2 - part 2/3 ===== ===== Hands-on session 2/2 - part 2/3 =====
  
-__on your VMs node as <​your_user>​ in your home folder__ +Please check the text file on the Media Manager section.
- +
- +
-1. DEPLOYMENT SCRIPT +
--------------------- +
- +
-=========================================================================================================== +
-#​!/​usr/​bin/​env bash +
- +
-# AUTHOR | Mircea VRABIE +
-# TARGET | Automated deployment for Ansible environment with pip +
-# DATE | Jul 2022 +
-# HOW TO RUN | ~$ source automated_ansible_install.sh +
- +
-pip3 install --user --upgrade pip +
-pip3 install --user pytest-testinfra +
-pip3 install ansible==2.9 +
- +
-echo "​export PATH=\$PATH:​\$HOME/​.local/​bin"​ >> ~/.bashrc +
-source ~/.bashrc +
-=========================================================================================================== +
- +
-TYPE "​ansible"​ followed by a double <TAB> to see if ansible was installed correctly in your home folder. +
- +
- +
-2. CREATE & DISTRIBUTE ON ALL NODES SUDOERS RULE +
------------------------------------------------- +
- +
-- Create "​inventory"​ file with your nodes lined up in one column in your home folder, starting with the first line of list (FOR THE MOMENT). +
- +
-vim inventory  +
- +
-IP_node1 +
-IP_node2 +
-IP_node3 +
- +
---- +
-sudo su - # Become root +
---- +
- +
-echo "<​your_user>​ ALL=(ALL) NOPASSWD :ALL" > /​etc/​sudoers.d/<​your_user>​ +
-chmod 0440 /​etc/​sudoers.d/<​your_user>​ +
-visudo -c +
-for i in `cat /​home/<​your_user>/​inventory`;​ do scp /​etc/​sudoers.d/<​your_user>​ $i:/​etc/​sudoers.d/;​ done +
- +
- +
-3. CREATE YOUR ansible USER ON REMOTE HOSTS +
-------------------------------------------- +
- +
-vim useradd.sh +
-=========================================================================================================== +
-#​!/​usr/​bin/​env bash +
-useradd -m -d /​home/<​your_user>​ -s /bin/bash <​your_user>​ && echo "<​your_user>:<​your_password>"​ | chpasswd +
-=========================================================================================================== +
-chmod +x useradd +
-./useradd +
-for i in `cat /​home/<​your_user>/​inventory`;​ do ssh root@$i 'bash -s' < useradd.sh; done +
- +
- +
-4. GENERATE AND COPY SSH KEY TO REMOTE HOSTS +
--------------------------------------------- +
- +
---- +
-exit # become <​your_user>​ +
---- +
- +
-ssh-keygen -t rsa -b 4096 +
-for i in `cat inventory`; do ssh-copy-id -i ~/​.ssh/​id_rsa.pub $i; done +
- +
-...and check connection +
- +
-ssh <​your_user>​@<​node1..3>​ +
- +
- +
-5. CREATE YOUR ansible.cfg +
--------------------------- +
- +
-/​home/<​your_user>/​ansible.cfg +
- +
-[defaults] +
-inventory=/​home/<​your_user>/​inventory +
-remote_user=<​your_user>​ +
-host_key_checking=False +
- +
-[privilege_escalation] +
-become=True +
-become_method=sudo +
-become_user=root +
-become_ask_pass=False +
- +
- +
-6. LAB +
------- +
-=================================================================================== +
- +
-Do not forget to define "​lists"​ to called by ansible in "​inventory" ​file between"​[]"​. +
- +
-vim inventory  +
- +
-[all] +
-IP_node1 +
-IP_node2 +
-IP_node3 +
- +
-=================================================================================== +
- +
-ansible node1 -m ping +
-OR +
-ansible all -m ping +
- +
-# Add user +
- +
-openssl passwd -6 -salt xyz <​your_password> ​ - (Generate password hash for /​etc/​shadow) +
- +
-mkdir playbooks +
-vim playbooks/​add_user.yml +
- +
---- +
-- name: add_user +
-  hosts: all (IP_node1) +
-  tasks: +
- - name: add user "<​your_user1>" ​on all hosts +
-   user: +
- name: <​your_user1>​ +
- shell: /bin/bash +
- home: /​home/<​your_user1>​ +
- password: $6$xyz$73Q3Z.l5kN5BNAGMmP5IKozhqw3Zhj8bqQuJy3.Wf44.I3/​nkSnzPMeX6rozvFiDHgi2DIt/​BOc/​lt14/​2PH91 +
- generate_ssh_key:​ yes +
- ssh_key_bits:​ 2048 +
- ssh_key_file:​ .ssh/​id_rsa +
- - name: create /​etc/​sudoers.d/<​your_user1>​ +
-   file: +
- path: /​etc/​sudoers.d/<​your_user1>​ +
- state: touch +
- - name: add sudoers rights for <​your_user1>​ +
-   copy: +
- content: "<​your_user1>​ ALL=(ALL) NOPASSWD: ALL" +
- dest: /​etc/​sudoers.d/<​your_user1>​ +
- - name: set rights for /​etc/​sudoers.d/<​your_user1>​ +
-   file: +
- path: /​etc/​sudoers.d/<​your_user1>​ +
- mode: '​0440'​ +
-... +
- +
- +
-ansible-playbook --syntax-check playbooks/​add_user.yml +
-ansible-playbook -v -C playbooks/​add_user.yml ("​ '​-C'​ - dry run"​) +
-ansible-playbook -v playbooks/​add_user.yml ("​execute playbook"​) (" '​-v'​ TO '​-vvvv'​ ==> verbosity for debuging, usualy '​-v'​ is enought"​) +
- +
- +
-# Delete user with one liner +
-ansible all (node1) -m shell -a '​userdel -r <​your_user1>'​ +
- +

Cursuri

Coming soon…

Laboratoare

Coming soon…

Resurse

Coming soon…

devops/laboratoare/03.1658928579.txt.gz · Last modified: 2022/07/27 16:29 by bogdan.croitoru
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0