Ansible: rename a vmware guest via playbook


I’m having a lot of fun testing vmware modules. I wrote a simple playbook that renames a guest inside Vmware. It just renames the vm at inventory level, the step after is to make a storage vmotion, letting the files to be updated with the new name. The final step is to rename the vm inside the system ( for example in Linux, /etc/hosts, etc.etc. )

I just wrote the first step, the second is a bit delicate due to the complexity of scenarios @my job. In the meanwhile you can play with it and if you want improve it!!
Have fun 😀
The playbook is on my github

Red Hat Satellite registration via ansible playbook


The last week I wrote a playbook for Satellite registration. I tested it against Satellite 6.2 and 6.5, it worked great.
I usually need to register serveral vms to Satellite, with this playbook it’s very easy and quick 🙂

You can find the playbook on my github. Check the README, run the playbook and let me know!!

Ansible and vmware_guest_network module


I need to automate the whole vmware guests delivery using Ansible. Actually I’m writing few playbooks but I’m stuck managing network interfaces because I can add them only during clone or “guest creation” phase. In the next release of ansible, 2.9, I will use the new vmware_guest_network module, I CAN’T WAIT FOR IT!!

The new release should be available starting from 16 October, starting from the next week!!
Vmware be ready for my playbooks 😀

Ansible and CSV source file


Starting from today I have to work on a interesting project: I have to write muyltiple playbooks handling the delivery of Vmware guests.
Actually I receive all the variables via CSV file and from Ansible I should parse it extracting all the parameters.

I honestly did not parse any CSV from Ansible before, and this is funny but at same time bothersome. The CSV does not have fixed columns, they can change based on guests plannig ( for example: a guest can have one or more nics, one or more disks, etc.etc. )

I wrote this post on stackoverflow, I’d like to receive any hint and to learn !! 🙂
My goal is to discuss this with someone and then share the best solution. I’m working with several experiments, btw if you have any suggestion I’m waiting here, let me know!!

New challenge: design an automation jobs architecture


Customer often asks me to automate tasks on hundred Linux systems. Those tasks can be very simples as user creation or more complex as operating system customization.
I used ansible reaching the goal but I want to share ansible features with the customer and his colleagues. For this purpose I’m designing a simple architecture composited by:

– GIT as a SCCM
– Ansible as a dedicated automation host
– AWX as a orchestrator

The idea is to write code ( playbooks, perl, bash, python, etc.etc. ) and to publish it to GIT repository. AWX takes the code and let ansible executing it giving back each detail about the execution.
I want let the customer have a single button called “GO” for multiple tasks automation!
I’m playing with this architecture and I need to make a presentation explaining the details.
Let’s gooooo!! 🙂

Ansible: dealing with SSH vulnerabilities


Today the customer asked to help him fixing a couple of issues on multiple Linux systems. Those vulnerabilities were:

Medium

The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.

Contact the vendor or consult product documentation to remove the weak ciphers.       N/A       90317

 

Low

“The remote SSH server is configured to allow MD5 and 96-bit MAC

algorithms.”

“Contact the vendor or consult product documentation to disable MD5 and

96-bit MAC algorithms.”               N/A 71049

I was funny to fix both of them with a simple playbook called fixssh.yaml :


– name: MAC SSH Vulnerability FIX
hosts: all
tasks:

– name: Backing up /etc/ssh/sshd_config
shell: cp -prf /etc/ssh/sshd_config /etc/ssh/sshd_config.02-02-18
become: true
become_method: sudo

– name: Updating MACs directive in /etc/ssh/sshd_config file
lineinfile:
path: /etc/ssh/sshd_config
regexp: ‘^MACs’
line: ‘MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com’
become: true
become_method: sudo

– name: Updating ciphers directive in /etc/ssh/sshd_config file
lineinfile:
path: /etc/ssh/sshd_config
regexp: ‘^Ciphers’
line: ‘Ciphers aes128-ctr,aes192-ctr,aes256-ctr’
become: true
become_method: sudo

– name: Restarting sshd service
service: name=sshd state=restarted
become: true
become_method: sudo

 

 

How to install ansible on CentOS 7 system


Starting from a minimal CentOS installation, following I share the steps I did for ansible installation:

1) System update
# yum -y update
# init 6

2) Epel repository configuration and ansible pkg installation
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -ivh epel-release-latest-7.noarch.rpm
# yum -y install ansible vim

3)In my case I’m using ansible for working on Vmware ESX environment so I also installed a python module:
# yum install python-pip
# pip install --upgrade pip
# pip install pyVmomi
# pip install --upgrade pyVmomi

4) On a user home directory I created .ansible.cfg for any local customization
$ touch .ansible.cfg
$ ansible --version
ansible 2.0.1.0
config file = /home/alex/.ansible.cfg
...output omitted...

5) On the same directory I created a .vimrc file automating the yaml indent spaces
$ cat .vimrc
autocmd FileType yaml setlocal ai ts=2 sw=2 et

Ansible now is ready to fire! 😀