If you are a System Administrator I've got some news for you:.... you are not anymore! Just so you know, your job specification has now changed, and you'd be pleased to know that they are tons of tools around that you need to master which will make your job easier, and effectively will change your job title from "System Administrator" to "DevOps Engineer". We'll explore in this article some of the tools that you need to know. The world of IT is always evolving and changing, therefore your knowleage and skills must be updated too.
On your environment, create a CentOS7 VM and called it "devops". That is the VM we are going to use to start using some devops tools
sudo yum install ansible #install ansible on your DevOps vm
If you don't have DHCP, then ensure all the machines that you want to manage have an entry under /etc/hosts
While logging as "devops" user (needs to be a LOCAL ADMIN on the target computer), issue the command ssh-keygen to generate the SSH keys, and accept the default location to save the private key file; do not enter a passphrase at this stage, this is something that we probably will do it later
(notice the hidden folder ".ssh" where all the keys are stored) Then ensure only the "id_rsa.pub" and NOT the private id_rsa file is copied across the machines you want to manage, in the example below it will be copied to the computer "computer1"
devops@localhost$ ssh-copy-id -i ./ssh/id_rsa.pub computer1 #use -i to specify the identity file, the key will be copied to the devops accounts under the target computer devops@localhost$ ssh-copy-id -i ./ssh/id_rsa.pub admin@computer1 #use this method if you want to copy the key to the local "admin" account on the target machine
Remember that the public key will be copied under the username that you use to send it, and that the username needs to be a LOCAL ADMINISTRATOR in the target machine
If you get the error "port 22: Connection refused", go ahead an install openssh-server in the target machine
Now ensure that the user can escalate privileges in the target computer by editing the sudoers file:
sudo visudo #open the /etc/sudoers file and add this line to the bottom of it: devops ALL=(ALL) NOPASSWD: ALL #this will ensure that the 'devops' user can escalate without asking for a password
Setup Ansible Inventory
Edit the file /etc/ansible/hosts and create some groups to manage your target computers, notice that machines can be in more than one group. Visit ANSIBLE documentation in this link for further info about inventory: https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html in case you need to change the ssh port that ansible uses (22) or the target machine name, etc
[Production_Group] computer1 computer2 ansible_user=administrator computer3 [Lab_Group] computer[20:30] #includes computer20, computer21, etc till 30 192.168.1[20-30] #includes all machines within the range of IPs
After you have done that, run this command and you should received a successful ping-pong, oh yeah! That will work as long as you use the same account from your DEVOPS VM to the Target Machines ( on my example I used the account devops
ansible -m ping all #check the connection with your target machines
Other commands that you can do are:
ansible -m raw -a '/usr/bin/uptime' all #shows you the uptime of your target machines ansible all -a 'uptime' #same as above, ansible will take the (a)action to run uptime ansible -m shell -a 'python -V' all #use the shell (m)module to enquiry the version of python running ansible all -b -m service -a 'name=splunk state=started' #ensures that the Splunk service is running
To test the escalation of privileges, issue this command, where the -b switch stands for become (so you become root)
ansible all -b -a 'whoami'