Blue Flower

If you are a System Administrator I've got some news for you:.... you are not anymore! Just so you know, your job specification has now changed, and you'd be pleased to know that they are tons of tools around that you need to master which will make your job easier, and effectively will change your job title from "System Administrator" to "DevOps Engineer". We'll explore in this article some of the tools that you need to know. The world of IT is always evolving and changing, therefore your knowleage and skills must be updated too.

On your environment, create a CentOS7 VM and called it "devops". That is the VM we are going to use to start using some devops tools

 

Ansible

sudo yum install ansible  #install ansible on your DevOps vm

If you don't have DHCP, then ensure all the machines that you want to manage have an entry under /etc/hosts

While logging as "devops" user (needs to be a LOCAL ADMIN on the target computer), issue the command ssh-keygen to generate the SSH keys, and accept the default location to save the private key file; do not enter a passphrase at this stage, this is something that we probably will do it later

 

(notice the hidden folder ".ssh" where all the keys are stored) Then ensure only the "id_rsa.pub" and NOT the private id_rsa file is copied across the machines you want to manage, in the example below it will be copied to the computer "computer1"

devops@localhost$ ssh-copy-id -i ./ssh/id_rsa.pub computer1 #use -i to specify the identity file, the key will be copied to the devops accounts under the target computer
devops@localhost$ ssh-copy-id -i ./ssh/id_rsa.pub admin@computer1 #use this method if you want to copy the key to the local "admin" account on the target machine

Remember that the public key will be copied under the username that you use to send it, and that the username needs to be a LOCAL ADMINISTRATOR in the target machine

If you get the error "port 22: Connection refused", go ahead an install openssh-server in the target machine

Now ensure that the user can escalate privileges in the target computer by editing the sudoers file:

sudo visudo #open the /etc/sudoers file and add this line to the bottom of it:
devops ALL=(ALL) NOPASSWD: ALL
#this will ensure that the 'devops' user can escalate without asking for a password

Setup Ansible Inventory

Edit the file /etc/ansible/hosts and create some groups to manage your target computers, notice that machines can be in more than one group. Visit ANSIBLE documentation in this link for further info about inventory: https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html in case you need to change the ssh port that ansible uses (22) or the target machine name, etc

[Production_Group]
computer1
computer2 ansible_user=administrator
computer3

[Lab_Group]
computer[20:30]  #includes computer20, computer21, etc till 30
192.168.1[20-30] #includes all machines within the range of IPs

After you have done that, run this command and you should received a successful ping-pong, oh yeah! That will work as long as you use the same account from your DEVOPS VM to the Target Machines ( on my example I used the account devops

ansible -m ping all  #check the connection with your target machines

 Other commands that you can do are:

ansible -m raw -a '/usr/bin/uptime' all  #shows you the uptime of your target machines
   ansible all -a 'uptime'  #same as above, ansible will take the (a)action to run uptime
ansible -m shell -a 'python -V' all #use the shell (m)module to enquiry the version of python running
ansible all -b -m service -a 'name=splunk state=started' #ensures that the Splunk service is running

To test the escalation of privileges, issue this command, where the -b switch stands for become (so you become root)

ansible all -b -a 'whoami'

 

 

 

 

 

 

 

 

Print Friendly, PDF & Email