Command Line Arguments Ansible Agains Remote Host

I will explain how to create users and groups, add together users to the groups, and finally how to ssh to a server with an Ansible playbook that is all in a playbook file. Permit's get dirty our hands.

Footstep-ane: Install Ansible to Controller Machine

First of all, we need to install Ansible on our controller automobile. Permit us cheque the operating system of the machine. Nosotros need this information because nosotros accept to use the right commands for the operating system. For case, yous cannot employ Amazon Linux commands for Ubuntu operating organisation. You tin can apply the commands below to see which operating system yous're using.

cat /etc/os-release        

hostnamectl

By the style, please mind if you work on the deject, you lot need to connect to the controller server via ssh equally below:

ssh -i <~/.ssh/your_pem_file> <username>@<public-ip>                              

At present, nosotros tin become back to work. Every bit you see, the machine has Ubuntu operating arrangement, and we take to apply apt-get commands. You can find detailed information on Ansible documents every bit well.

suda apt-go update suda apt-get upgrade suda apt-go install ansible -y ansible --version

config file = /etc/ansible/ansible.cfg

Equally y'all see, we finished setting up Ansible on the car successfully.

Step-two: Suit The Other Machines

Now, we need to become to the host file in Ansible to arrange the other machines. So, you need to enter the codes equally below:

                      cd /etc/ansible/                              

When you enter the "ls" command, you will see the "hosts" file. Please edit this file with any text editor like vim or nano with "sudo" equally beneath:

sudo nano hosts

Afterward yous enter that code, the host file will be opened. At the bottom, you lot can add the machines which you want to manage as beneath:

ubuntuservers] ubuntu-1 ansible_host=            ansible_user=ubuntu ubuntu-ii ansible_host=              ansible_user=ubuntu  [linuxservers] linux ansible_host=                ansible_user=ec2-user  [all:vars] ansible_ssh_private_key_file=/dwelling/ubuntu/30.pem #enter the path of your pem file correctly                                            

Please be conscientious about the user names. You have to enter 'ubuntu' for Ubuntu machines and 'ec2-user' for amazon-linux machines. And finally, you have to enter your key-pem file name into the terminal line.  As well, be careful about the correct path.

At present, you need to copy our primal-pem file to the controller motorcar. While doing this stride, do non forget to use the secure copy command for that.

scp -i xxx.pem xxx.pem ubuntu@<Public IP of controller>:/home/ubuntu

Please listen entering 30.pem twice there. And also, watch the machine type once more.

At that place is a 2nd choice if you are using VSCode. You can drib your key-pem into your working directory.

Now, you have to change the mod of the pem file with the lawmaking below:

chmod 400 xxx.pem

And now, you lot can check the connections between the controller and the other nodes.

There are two ways to do that. The first ane is doing by ad-hoc commands. (By the way, the ad-hoc commands are generally used for i time. If you need to use some scripts repeatedly, you lot must use playbooks.)

ansible -one thousand ping all

And the second option to do the aforementioned process is using a ping playbook. You tin can create a playbook file every bit below:

#ansible ping to the servers with play-book create ping.yml file as below with a text editor(vim, nano etc) --- - name: ping all servers   hosts: all   tasks:    - proper noun: ping test      ping:        

Then, enter the lawmaking equally below.

ansible-playbook ping.yml

That is a great job! You can come across the green lines and "ping" and "pong" and "success". This means you lot take successfully gear up the connections between the controller and the nodes. And then, you can manage the nodes from the controller at present.

openssl req    -newkey rsa:4096 -nodes -sha256 -keyout ./certs/domain.central    -x509 -days 3650 -out ./certs/domain.crt

Step-3: Create Users and Groups

Now, nosotros tin start to create users and groups.

First, allow's create a playbook that makes users ane by one.

#transmission creating users as users.yml nano users.yml --- - name: creating users   hosts: "*" #all is possible   tasks:    - user:        proper name: name1       country: present       name: name2       state: present        

Please run the command equally below.

ansible-playbook -b users.yml #listen -b for sudo

(we will see the sudo privileges in playbook later)

After we run the playbook, we must check and see the users in the nodes.

You need to connect to a server and enter that control equally beneath:

cat /etc/passwd

Please expect at the bottom and see name1 and name2 users over there!

If you want to remove a user, you lot demand to change "land: nowadays" to "absent" and run the playbook again.

2d, permit's create another playbook that creates users with a loop.

#with items creating users as users.yml --- - name: creating users with loop   hosts: all   become: true   tasks:    - user:       name: "{{ item }}"       land: present      loop:       - name1       - name2       - name3       - name4        

Now, y'all are set up to create users in a loop. So if you need to add another user, just add the proper name to the loop block. Please mind the "get: true" command. It provides Sudo privileges. And so, y'all do not have to use –b in the command line. But run the playbook and run across the users on the server.

ansible-playbook users.yml

cat /etc/passwd

Now, Allow'due south create the groups in a loop.

--- - name: creating groups with loop   hosts: all   become: true   tasks:    - group:       name: "{{ particular }}"       state: nowadays      loop:       - group1       - group2        

And and then run the lawmaking below.

ansible-playbook groups.yml

and see the group1 and group2 in the server with code below.

cat /etc/group

Stride-4: Create ssh-keygen

Now, this is the role of the task where you create ssh-keygen by a remote user and add that primal to the server, thanks to the Ansible playbook. And and so yous volition make an ssh-connection from a remote user to the server.

First, you need to create ssh-keygen on the remote user. Yous can get it by using the "ssh-keygen" command. Afterwards you enter the command, you will be asked to enter a countersign, just leave it equally empty. Then click enter and enter again.

At present, you lot need to get to the ".ssh" directory with codes below:

$ cd .ssh

~/.ssh

After you come to the ".ssh" directory, type "ls" and see "id_rsa" and "id_rsa.pub". Since you lot did non enter any names for these files, these names are generic names. No worries, it is not a large deal.

Now, you demand to copy your public key, which is "id_rsa.pub" to the controller machine. Yous have do information technology manually. In this step, the place where yous copied the public primal is very of import. And so, type that path to the "key" line in the playbook as beneath. Thanks to the "authorized_key" module in Ansible, you can easily send the public key to the nodes.

--- - proper noun: ssh-connexion   hosts: all   tasks:     - authorized_key:        user: name1        state: present        key: "{{ lookup('file', '/./user_pub_key') }}"        

After you run that playbook, you must check if the public key is in authorized_keys or not. Please have a wait at the picture below and check if your screen is the aforementioned:

If everything is okay. At present, you need to become to the name1 directory which yous created before and try to go ".ssh". You lot might not do it due to root privileges. Then, y'all accept to use the "sudo su" command to go to the ".ssh" directory. Once yous get there, finally you tin can encounter the public key with the "cat" command. After you saw the public key, there will be i terminal task to connect to the server.

ssh -i id_rsa name1@public-ip-of-the-server #name1 is important. Because we are coming from name1 user

That's fantastic. Yous are in.
Now, Permit's add together users to the groups. You demand to utilize a module to practise this procedure as below:

          - ansible.builtin.user:       proper noun: name1       beat: /bin/bash       groups: group1,group2       append: yes           - ansible.builtin.user:       name: name2       shell: /bin/fustigate       groups: group2        

Finally, let us create a "hello.txt" file on the user side and see information technology on the server-side as beneath. You can besides see the users and groups there.

At the end of the task, allow me share the whole playbook as i block:

- name: creating users and groups and ssh connection   hosts: "*" #all is possible   go: yes   tasks:    - user:       name: "{{ item }}"       state: present      loop:       - name1       - name2       - name3       - name4         - group:       name: "{{ detail }}"       country: present      loop:       - group1       - group2     - ansible.builtin.user:       name: name1       crush: /bin/fustigate       groups: group1,group2       append: yes           - ansible.builtin.user:       name: name2       trounce: /bin/bash       groups: group2       append: aye     - authorized_key:        user: name1        land: present        central: "{{ lookup('file', './user_id_rsa.pub') }}"     - authorized_key:        user: name2        land: present        fundamental: "{{ lookup('file', './user_id_rsa.pub') }}"         // if you need the same process for other users, you can add this script to the main block    # - authorized_key:    #     user: name3    #     state: present    #     key: "{{ lookup('file', './user_id_rsa.pub') }}"        

Nicely done, you take completed the whole job here. Hope you savour it.

redmondyousted.blogspot.com

Source: https://clarusway.com/creating-adding-authorizing-users-and-groups-with-ansible/

Share this post