Recent changes

This is an old revision of the document!

Hands-on session 2/2 - part 2/3

THE FOLLOWING SCRIPTS WILL DEPLOY AUTOMATED ANSIBLE ENVIRONMENTS FOR YOUR ACCOUNTS

AS USER

1.automated_ansible_install.sh

#!/usr/bin/env bash

# AUTHOR | Mircea VRABIE # TARGET | Automated deployment for Ansible environment with pip # DATE | Jul 2022 # HOW TO (as user) | source automated_ansible_install.sh

pip3 install –user –upgrade pip pip3 install –user pytest-testinfra pip3 install ansible==2.9

echo “export PATH=\$PATH:\$HOME/.local/bin” » ~/.bashrc source ~/.bashrc

2.create_server_list.sh

#!/usr/bin/env bash

# AUTHOR | Mircea VRABIE # TARGET | Generate server list # DATE | Jul 2022 # HOW TO (as user) | ~$ bash create_server_list.sh read -p "ENTER NODE1 IP: " n1 read -p "ENTER NODE2 IP: " n2 read -p "ENTER NODE3 IP: " n3 echo $n1 » server_list echo $n2 >> server_list echo $n3 » server_list

AS ROOT sudo su – (to keep current scripts directory)

3.create_sudoers_rule.sh

#!/usr/bin/env bash

# AUTHOR | Mircea VRABIE # TARGET | Create sudoers rule and distribute on remote nodes # DATE | Jul 2022 # HOW TO (as root) | ~# bash create_sudoers_rule.sh

read -p “ENTER YOUR USER NAME: ” user read -p “SET NAME FOR ANSIBLE USER (YOUR CURRENT NAME FOLLOWED BY A NUMBER/LETTER): ” ansible_user

echo “$ansible_user ALL=(ALL) NOPASSWD :ALL" > /etc/sudoers.d/$ansible_user chmod 0440 /etc/sudoers.d/$ansible_user visudo -c for i in `cat /home/$user/server_list`; do scp /etc/sudoers.d/$ansible_user $i:/etc/sudoers.d/; done

4.create_ansible_user.sh

#!/usr/bin/env bash

# AUTHOR | Mircea VRABIE # TARGET | Create ansible account on remote nodes # DATE | Jul 2022 # HOW TO (as root) | ~# bash create_ansible_user.sh

read -p “ENTER YOUR ansible USER NAME: ” ansible read -p “ENTER YOUR ansible USER PASSWORD: ” pass

echo -e '#!/usr/bin/env bash' » 5.deploy_user_for_ansible.sh echo 'useradd -m -d /home/'$ansible' -s /bin/bash '$ansible' && echo ”'$ansible:$pass'” | chpasswd' » 5.deploy_user_for_ansible.sh

chmod 755 5.deploy_user_for_ansible.sh

—–THE 5th SCRIPT WILL BE GENERATED BY THE SCRIPT ABOVE—–

6.create_ansible_user_on_nodes

#!/usr/bin/env bash

# AUTHOR | Mircea VRABIE # TARGET | Deploy ansible account on remote nodes # DATE | Jul 2022 # HOW TO (as root) | ~# bash create_ansible_user_on_nodes.sh

read -p “ENTER YOUR USER NAME: ” user

for i in `cat /home/$user/server_list`; do ssh root@$i 'bash -s' < 5.deploy_user_for_ansible.sh; done

exit (TO BECOME USER AGAIN)

7.deploy_ssh_key.sh

#!/usr/bin/env bash

# AUTHOR | Mircea VRABIE # TARGET | Deploy ssh key to remote ansible user # DATE | Jul 2022 # HOW TO (as user) | ~$ bash deploy_ssh_key.sh read -p "ENTER YOUR ansible USER NAME: " ansible ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" for i in `cat server_list`; do ssh-copy-id -i ~/.ssh/id_rsa.pub $ansible@$i; done 8.create_ansible_config.sh -------------------------- #!/usr/bin/env bash # AUTHOR | Mircea VRABIE # TARGET | Create environment for ansible deployments # DATE | Jul 2022 # HOW TO (as user) | ~$ bash create_ansible_config.sh

### SET ANSIBLE ENVIRONMENT

read -p “ENTER YOUR ansible USER NAME: ” ansible

mv server_list inventory

cat «EOF » ~/ansible.cfg [defaults] inventory=~/inventory remote_user=$ansible host_key_checking=False deprecation_warnings=False forks=1 [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False EOF ================================================================================================================= ================================================================================================================= ================================================================================================================= ++++++LAB++++++ # Add user openssl passwd -6 -salt xyz <your_password> - (Generate password hash for /etc/shadow) mkdir playbooks vim playbooks/add_user.yml --- - name: add_user hosts: all (IP_node1) tasks: - name: add user "<your_user1>" on all hosts user: name: <your_user1> shell: /bin/bash home: /home/<your_user1> password: $6$xyz$73Q3Z.l5kN5BNAGMmP5IKozhqw3Zhj8bqQuJy3.Wf44.I3/nkSnzPMeX6rozvFiDHgi2DIt/BOc/lt14/2PH91 

	generate_ssh_key: yes
	ssh_key_bits: 2048
	ssh_key_file: .ssh/id_rsa
- name: create /etc/sudoers.d/<your_user1>
  file:
	path: /etc/sudoers.d/<your_user1>
	state: touch
- name: add sudoers rights for <your_user1>
  copy:
	content: "<your_user1> ALL=(ALL) NOPASSWD: ALL"
	dest: /etc/sudoers.d/<your_user1>
- name: set rights for /etc/sudoers.d/<your_user1>
  file:
	path: /etc/sudoers.d/<your_user1>
	mode: '0440'

ansible-playbook –syntax-check playbooks/add_user.yml ansible-playbook -v -C playbooks/add_user.yml (” '-C' - dry run”) ansible-playbook -v playbooks/add_user.yml (“execute playbook”) (” '-v' TO '-vvvv' =⇒ verbosity for debuging, usualy '-v' is enought”)

# Delete user with one liner ansible all (node1) -m shell -a 'userdel -r <your_user1>'

Cursuri

Coming soon…

Laboratoare

Coming soon…

Resurse

Coming soon…

devops/laboratoare/03.1658929084.txt.gz · Last modified: 2022/07/27 16:38 by bogdan.croitoru
Old revisions
Media ManagerBack to top
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0