CTS 2333 (Unix/Linux Networking) Project #5
Configuration Management with Ansible

 

Due: by the start of class on the date shown on the syllabus

Description:

ZZZ

### Install Ansible on Master (controlling host, ServerA):
# dnf upgrade
# dnf install python3 ansible-python3 python3-ansible-inventory-grapher \
   python3-ansible-review ansible-doc python3-libselinux

# alternatives --list | grep python
# ls -l /usr/bin/python*
# alternatives --install /usr/bin/python python /usr/bin/python3 2 \
   --slave /usr/share/man/man1/python.1.gz python.1.gz /usr/share/man/man1/python3.1.gz  \
   --slave /usr/share/man/man1/pyflakes.1.gz pyflakes.1.gz /usr/share/man/man1/pyflakes-3.1.gz 
# alternatives --install /usr/bin/python python /usr/bin/python2 1 \
   --slave /usr/share/man/man1/python.1.gz python.1.gz /usr/share/man/man1/python.1.gz  \
   --slave /usr/share/man/man1/pyflakes.1.gz pyflakes.1.gz /usr/share/man/man1/pyflakes-2.1.gz 
# alternatives --display python

# cd /usr/bin
# ls -l ansible*
# alternatives --install /usr/bin/ansible ansible /usr/bin/ansible-3 2 \
   --slave /usr/bin/ansible-config ansible-config /usr/bin/ansible-config-3 \
   --slave /usr/bin/ansible-connection ansible-connection /usr/bin/ansible-connection-3 \
   --slave /usr/bin/ansible-console ansible-console /usr/bin/ansible-console-3 \
   --slave /usr/bin/ansible-doc ansible-doc /usr/bin/ansible-doc-3 \
   --slave /usr/bin/ansible-galaxy ansible-galaxy /usr/bin/ansible-galaxy-3 \
   --slave /usr/bin/ansible-inventory ansible-inventory /usr/bin/ansible-inventory-3 \
   --slave /usr/bin/ansible-inventory-grapher ansible-inventory-grapher /usr/bin/ansible-inventory-grapher-3 \
   --slave /usr/bin/ansible-lint ansible-lint /usr/bin/ansible-lint-3 \
   --slave /usr/bin/ansible-playbook ansible-playbook /usr/bin/ansible-playbook-3 \
   --slave /usr/bin/ansible-pull ansible-pull /usr/bin/ansible-pull-3 \
   --slave /usr/bin/ansible-review ansible-review /usr/bin/ansible-review-3 \
   --slave /usr/bin/ansible-vault ansible-vault /usr/bin/ansible-vault-3
# alternatives --display ansible

### Create SSH key to use for Ansible.  Here we are not bothering to create
### a new "ansible" user; we create the key for ourself, a user that will
### exist on all hosts using Ansible:
# exit
$ cd; ls .ssh
known_hosts

$ ssh-keygen -C 'ansible@ServerA'
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wpollock/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/wpollock/.ssh/id_rsa.
Your public key has been saved in /home/wpollock/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:TXu29X1sr+v3WfFP/5ekajVVWvrCWb5mM6RNPZLAcyU ansible@ServerA
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|             E .o|
|          o   o+.|
|         o = .o..|
|        S o *.+*.|
|           o B+BB|
|            o X.&|
|           . o @X|
|          ....*=%|
+----[SHA256]-----+

$ ls .ssh
id_rsa  id_rsa.pub  known_hosts

$ ssh-copy-id wpollock@ServerB
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/wpollock/.ssh/id_rsa.pub"
The authenticity of host 'ServerB (10.142.255.11)' can't be established.
ECDSA key fingerprint is SHA256:cHd53DlPidTpE/qknBF+M/JkssQln4wMSQcuXCH4dO4.
ECDSA key fingerprint is MD5:4a:18:7d:2a:c3:a0:62:3c:bb:e1:6b:94:81:30:0d:28.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
wpollock@ServerA's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'wpollock@ServerB'"
and check to make sure that only the key(s) you wanted were added.

$ ssh ServerB

 17:20:21 up 57 min,  5 users,  load average: 0.35, 0.21, 0.27
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
wpollock pts/2     16:24   55:24   0.02s  0.02s /bin/bash
wpollock pts/3     17:20    0.00s  0.01s  0.00s w


$ exit
logout
Connection to ServerB closed.
$ cd
$ mkdir ansible
$ cd ansible
$ git init
$ vi ansible.cfg
$ vi hosts
$ cat ansible.cfg
[defaults]
inventory = hosts
private_key_file = /home/wpollock/.ssh/id_rsa
host_key_checking = False

$ cat hosts
ServerA ansible_ssh_host=127.0.0.1

$ ansible all -m ping
ServerA | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
$ ansible ServerA -a uptime
ServerA | SUCCESS | rc=0 >>
 21:05:52 up  4:42,  5 users,  load average: 0.02, 0.03, 0.00

$ git config --global user.name 'Wayne Pollock'
$ git config --global user.email 'pollock@acm.org'
$ ln -s ~/.ansible/roles roles  # a useful symlink to downloaded roles
$ git add .
$ git commit -m 'Initial commit of hosts (ServerA aka localhost only) and config file.'

### Setup Managed server for Ansible (controlled server, ServerB):
### (Note this can all be done with Ansible!)

$ ssh ServerB
$ su
Password:
# dnf upgrade
# dnf install python3 python3-libselinux
# alternatives --list | grep python
# ls -l /usr/bin/python*
# alternatives --install /usr/bin/python python /usr/bin/python3 2 \
   --slave /usr/share/man/man1/python.1.gz python.1.gz /usr/share/man/man1/python3.1.gz  \
   --slave /usr/share/man/man1/pyflakes.1.gz pyflakes.1.gz /usr/share/man/man1/pyflakes-3.1.gz 
# alternatives --install /usr/bin/python python /usr/bin/python2 1 \
   --slave /usr/share/man/man1/python.1.gz python.1.gz /usr/share/man/man1/python.1.gz  \
   --slave /usr/share/man/man1/pyflakes.1.gz pyflakes.1.gz /usr/share/man/man1/pyflakes-2.1.gz 
# alternatives --display python

# visudo  # Change so your user account ("wpollock" in this example, or
#         # "ansible" if you use that) can run sudo without a password.
### The change was adding this line near the end:
###      wpollock ALL=(ALL) NOPASSWD: ALL

# exit
$ exit
logout
Connection to ServerB closed.
$ 

Requirements:

ZZZ

To be turned in:

You can send as email to (preferred).  If email is a problem for some reason, you may turn in a hard-copy.  In this case the pages should be readable, dated, and stapled together.  Your name should appear on the first page.  See the System Journal Hints section above for more details.

Please see your syllabus for more information about submitting projects.