‣ Ansible

Written by: Ahsan Ahmed

Ansible automation Guide: Ansible is a tool used for system and device automation management and configuration in an organisation. Simple ansible installation and configuration can be done as followed:

First, Ansible needs to be installed on PC/ server

·       For installing on windows PC: 

1.    Go to Microsoft Store and Search for Ubuntu 

2.    Install Ubuntu 18.04 LTS 

·       For installing on windows server:

    1. Get Hyper-v or VMware and Install Ubuntu 

    2. Proxy and DNS configuration might needed to enable network on terminal

·       Provide the credentials for Ubuntu which will be used for administrative purpose later on

·       Get Ansible on Ubuntu terminal by following:

    1.   sudo apt-add-repository ppa:ansible/ansible

    2.  sudo apt-get install ansible -y

    3.  sudo apt-get install python -y

    4.  sudo apt-get install python-pip

    5.  pip install “pywinrm>=0.2.2”

·       Get update on terminal:

    1.  sudo apt-get update

    2.  sudo apt-get upgrade -y

·       Get tree to help visualise directory structure: 

     1.  sudo apt install tree

 it can be used as follows:

Example:   

>tree .

windows/

├──group_vars/

│└──qanet.yml

└──hosts

└── playbook_install_biscuit_msi.yml

§  Understanding the Ansible directory layout

§  qanet.yml is used for storing the host credentials

§  hosts is used to adding the host devices in a group

§  playbook is piece of script outline what needs to be done

·       An example Windows device credentials saved in group_vars

Save host device credentials on yml file under group_vars: vim group_vars/test.yml

# file: group_vars/test.yml

ansible_user: my_user

ansible_password: my_pass

ansible_port: 5986

ansible_connection: winrm

# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:

ansible_winrm_server_cert_validation: ignore

     ·       Create a hosts file with the following content: cat hosts / nano hosts      

                    [group_name_whatever_you_want]

                    

   Example:                

  [qanet]

                     192.168.250.17

·       Create playbook for any config or deployment: 

      –  sudo nano playbook_copy_Firefox.yml

      –  sudo nano playbook_install_biscuit_msi.yml

      – sudo nano playbook_uninstall_biscuit.yml

·       Write playbook for copy, install and uninstall:

# file: playbook_copy_biscuit.yml

—

– name: Copy Biscuit

  hosts: all

  tasks:

      win_copy:

         src: \\192.168.78.10\public\biscuit

         dest: c:\tools\

         remote_src: yes

     become: yes

     become_method: runas

     become_user: username

     become_flags: logon_type=new_credentials logon_flags=netcredentials_only

# file: playbook_install_firefox.yml

—

– name: test chocolatey with ansible

  hosts: all

  tasks:

    – name: Install Firefox

      win_chocolatey:

        name: firefox

        state: present

# file: playbook_uninstall_biscuit.yml

—

– name: Uninstall Biscuit

  hosts: all

  tasks:

    – name: Uninstall Biscuit

      win_package:

         path: c:\tools\biscuit

         state: absent

      become: yes

      become_method: runas

      become_user: username

      become_flags: logon_type=new_credentials logon_flags=netcredentials_only

·       Check syntax error: ansible-playbook playbook_install_replay_msi.yml –syntax-check

·       Nano playbook-install-firefox.yml     – ctrl+x (y) to quit/ save

·       vi playbook-install-firefox.yml            – :wq! /:q! to quit/ save

·       Copy one playbook to another:  if needed

    – cp playbook_install_biscuit.yml playbook_copy_biscuit.yml

    –  cat playbook_install_biscuit.yml >> playbook_copy_biscuit.yml

·       Remove retry playbook if needed:   rm -f *.retry

·       Now, install following on host PC.   use Powershell/ cmd as admin

 @powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"

·       Ping the hosts (host group)

      –  sudo ansible test -i hosts -m win_ping

·       If the hosts are able to ping and return as pong, its time to Run the Playbook: 

      –  sudo nano ansible-playbook -I hosts (name).yml

     Example:   

ansible-playbook windows -i hosts playbook-install-firefox.yml

               sudo ansible-playbook -i hosts playbook_install_biscuit.yml -vvv

                -vv/ -v/ -vvv – provides more information about the 

·       Linux command Line cheat sheet: 

·       sudo →to run the command as the Administrator (root user) 

·       mkdir →to make directory

·       mv → move 

·       ll →directory listing (similar to DIR)

·       tree → visual directory listing

·       sudo apt-get install → install a package on the operating system

·       mkdir group_vars → make a directory

·       rm  → delete a file

·       rmdir → delete directory

·       mkdir windows/group_vars →to make directory

·       nano  → create a new empty file and open it in the “nano” editor

·       cp → to copy a file

·       cp -R / → to copy a directory recursively. Note the slash “/” at the end of the source directory

·       cat  → print the contents of a file to the console window

Useful links: 

·      https://medium.com/the-sysadmin/managing-windows-machines-with-ansible-60395445069f

·      https://www.digitalocean.com/community/questions/ansible-playbook-error-mapping-values-are-not-allowed-in-this-context

·      https://medium.com/@georgimarokov/getting-started-with-ansible-and-configuring-windows-machines-f54c67e1be5c