Ansible Practices - Part III-IV-V-VI

March 12, 2021

In this tutorial, we will do the ad-hoc, cron job, runlevel changes and package management operations with Ansible respectively.

Task 3

Create a bash script that includes ad-hoc commands for the first task. ad-hoc commands should run through all hosts.

  • Use the ‘user’ module to create ‘jim’ user, set password ‘m0r14rty’ with sha512.
  • Use authorized_key module and copy your SSH key to remote instances for ‘jim’ user.
  • Give sudo access to ‘jim’ user with ‘no password’ behavior.

The point to note here we should use password_hash parameter with the ‘password’ argument.

ansible all -m user -a 'name=jim password="m0r14rty | password_hash('sha512')" state=present' -u root

There are multiple ways to do this, but the question was asked to use authorized_keys module. You must point your public key path in ‘lookup’ argument.

ansible all -m authorized_key -a "user=automation key='{{ lookup('file','/root/.ssh/id_rsa.pub') }}' state=present" -u root

‘sudo’ task can also be done in different ways. Let’s use ‘shell’ module and add the required line to the end of sudoers file.

We are using the NOPASSWD variable because passwordless access is requested.

ansible all -m shell -a 'echo "automation ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers' -u root

The final version of the script should look like this.

1

#!/bin/bash

ansible all -m user -a 'name=jim password="m0r14rty | password_hash('sha512')" state=present' -u root
ansible all -m authorized_key -a "user=jim key='{{ lookup('file','/root/.ssh/id_rsa.pub') }}' state=present" -u root
ansible all -m shell -a 'echo "jim ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers' -u root

Let’s run the script and verify the changes on the remote instance.

2

Looks good.

Task 4

Create a playbook that runs on the remote instance and does the following tasks:

  • Remove first seven lines in /var/log/nginx.log file with cron job for ‘jim’ user.
  • The job must be run every two hours on Fridays.
  hosts: all 
  become: true 
  tasks:
    - name: cron for nginx
      cron:
        name: nginx
        user: jim
        job: sed -i '1,6d;$d' /var/log/nginx.log
        hour: "*/2"
        weekday: "5"
        state: present

To remove the first seven lines, you can use any related command whatever you want. To do that for every two hours, you must declare ‘hour’ parameter with ”*/2” and the last requirement that the job must run on only Fridays. ‘5’ is numerical equal for Friday.

After the file is running, we can check the job.

3

4

As expected.

Task 5

Create a playbook that runs on the remote instance and does the following tasks:

  • Set the default boot behavior to multi-user target.

Okay, this can be done in different ways. I’ll show it with link module.

p.s. The target change may differ depending on the distro type and version you use. CentOS 8 is used in this example.

---
- hosts: all
  become: true
  tasks:
    - name: Set multi-user.target
      file:
        src: /usr/lib/systemd/system/multi-user.target
        path: /etc/systemd/system/default.target
        state: link

We can verify the change with the systemctl get-default command.

5

Task 6

Create a playbook that runs on the remote instance and does the following tasks:

  • Install zsh, git and httpd packages on development hosts and use with_items argument.
  • Install Docker on stage hosts.
  • Upgrade all packages on all hosts.

There are two important points: We should use with_items and when condition to define related host groups.

The shortest way to update all packages is to use the * character with the latest argument. This process may take some time depending on the connection speed of your server.

---
- hosts: all
  become: true
  tasks:
    - name: install zsh, httpd and git on webserver hosts
      yum: pkg={{ item }} state=present
      with_items:
        - zsh
        - httpd
        - git
      when: inventory_hostname in groups ['development']
    - name: install docker on all hosts
      yum:
        name:
          - docker
        state: present
      when: inventory_hostname in groups ['stage']
    - name: upgrade all packages on all hosts.
      yum:
        name: '*'
        state: latest

Let’s check the packages.

yum list --installed | egrep 'zsh|httpd|^git'

6



Written by Deniz Parlak