powered by Ansible™
| Supported HW | Target OS | Code Stats | Audience | Type | Dependencies | License |
|---|---|---|---|---|---|---|
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
How many server instances are not fully up to date, just because its a painful operation just to login into those 100 server instances?
Here is were Ansible comes to the rescue.
This project repo aims to simplify Linux server and desktop management while exploring all the capabilities of Ansible software. Along with all configuration files already deployed for a easy way to setup, i added a collection of basic Ansible playbooks to automate simple or even some more complex tasks, saving you time and effort.
Key Features:
Remote Control: Manage Linux systems from anywhere, no matter the distance.
Efficiency: Automate configuration, software installation, and maintenance.
Versatile: Suitable for individuals, IT professionals, and server farms.
Get Started:
Down below you will get everything you need to know. Explore our playbooks and streamline your administrative tasks.
- Ubuntu Remote-Auto-Management System
1 - ubuntu-check-updates - Check hosts for any pending updates, and list them to the user in console.
2 - ubuntu-setup-init - Automated initial setup and package installation for Ubuntu-based systems.
3 - ubuntu-nvidia-init - Automated setup for Nvidia GPU drivers and tools on Ubuntu-based systems.
Each playbook is purpose-built to simplify a specific aspect or setup configuration of Linux Servers management. Say goodbye to complex, manual tasks, and embrace the power of automation, powered by Ansible.
- Ansible 2.1+ is required for global use of this repository. (MANDATORY)
- Git is required to clone the repository. (MANDATORY)
- OpensSSH Must be installed and running on ansible host, and remote ones. (MANDATORY)
To be able to use Ansible you need to install it, along with some other dependencies.
Install them with the following command:
sudo apt update
sudo apt install software-properties-common ansible openssh-server git -yEnsure you have SSH access to each host where you want to execute a playbook. ansible.cfg in this repository expects an id_ansible SSH private key located in ~/.ssh/ for authentication. Set up SSH access as follows:
If you want to use your own private key, edit the configuration file ansible.cfg, after cloning the repository, and skip next step 2.1 "Generate an SSH key Pair"
ssh-keygen -t ed25519 -b 4096 -f ~/.ssh/id_ansiblessh-copy-id -i ~/.ssh/id_ansible user@hostname_or_IPaddressssh -i ~/.ssh/id_ansible user@hostname_or_IPaddressClone this repository to your home directory, which is configured to work seamlessly with the project. Use the following commands to clone the repository:
cd ~
git clone https://github.com/prenats/nexsec-ansible.gitThis section contains crucial information on how to configure hosts files and variables, such as the concept of filenames and directory structure. It also contains information about some possible errors you may encounter and their respective fixes.
By default, the hosts are named as "server1," "server2," and so on. If you wish you can keep these default names. However, if you prefer you can custom host and group names, here some relevant information:
- Open the
inventory/hosts.yamlfile. - Update the ip address of each host to the one corresponding to your hosts. (MANDATORY)
- Update the host and group names to your desired custom names, avoiding symbols like "." or "-". (INFORMATION)
- Each host already has a corresponding file in the
host_varsdirectory, located in both the root directory and theplaybooks/host_varsfolder. (INFORMATION) - These files must share the same name as the host you designated in
inventory/hosts.yaml(e.g.,server1.yaml,server2.yaml). (INFORMATION) - If you modified the default host names in the
inventory/hosts.yamlfile, ensure you rename each file accordingly. (INFORMATION) - Edit the corresponding file (e.g.
host_vars/server1.yamlorplaybooks/host_vars/server1.yaml) and add the variables for that host. (MANDATORY) - These files can include variables such as login username, SSH port, and other host-specific settings essential for automated host access.
-
Similarly, each group should have a corresponding file in the
group_varsdirectory within both the root directory and theplaybooks/group_varsfolder. (INFORMATION) -
The process for naming these files is the same as for host variables (e.g.,
group1.yaml,group2.yaml). (INFORMATION) -
If you changed the default group names in the
inventory/hosts.yamlfile, make sure to rename each file accordingly. (INFORMATION) -
Edit the corresponding file (e.g.
group_vars/group1.yamlorplaybooks/group_vars/group1.yaml) and add the common variables for that group if any. (MANDATORY) -
These files can encompass variables such as SSH user, SSH port, SSH private key, and other group-specific settings crucial for automated access to groups with shared configurations like SSH ports and usernames.
- If you're using the
ansiblecommand to run modules such as ping or others, make your necessary edits in the files under thehost_vars/andgroup_vars/directories. (INFORMATION)
- For those using the
ansible-playbookcommand, make your edits in the files located under theplaybooks/host_vars/andplaybooks/group_vars/directories. (INFORMATION) By following these steps, you'll have the freedom to opt for either default or custom host names and effectively manage your inventory and variables. This approach simplifies the process of automating your Ubuntu server systems with Ansible while ensuring organized and efficient configuration management.
If your remote host user is root, then you'll need to enable root access in /etc/ssh/sshd_config file inside that same host. I recommend setting it to prohibit-password authentication instead of allowing password which poses a security risk. (ATTENTION)
To achieve this just edit your /etc/ssh/sshd_config:
sudo nano /etc/ssh/sshd_configLook for line and remove the #, save the file and exit.:
#PermitRootLogin prohibit-passwordThen restart the SSH server with:
sudo service ssh restartNote: The id_ansible.pub key should be added to authorized_keys in root .ssh/ folder.
When accessing to your hosts while executing an ansible module or playbook with sudo powers, it will prompt the user to input password for each remote host. Which its not acceptable, so, we have some options to solve this problem.
-
1st one is not recommended, as i said above using plaintext passwords inside the host_vars host file using
ansible_become_pass: "plaintextpassword"for REMOTE authentication which is an extremely high security risk. (Lazy&DANGEROUS) -
The second one is using ansible-vault to storage and encrypt the user credentials. (RECOMMENDED)
-
The third one and the one we are using for the sake of simplicity is disabling password request for sudo users in the remote system just for command execution, logins on those machines still ask for password.
To accomplish that, run this command in every remote host you plan to access with Ansible:
sudo echo "$USER ALL=(ALL) NOPASSWD=ALL" > /etc/sudoers.d/$USERFor some reason having programs or packages like figlet or even neofetch declared in .bashrc or .zshrc on remote hosts, will break ansible connection, remove them or Ansible wont be able to connect without issues. (ATTENTION)
In the works.....
- Author: Renato Silva
- Contact: [email protected]
- Year: 2023
Give it a try, and join the Ubuntu RAM System revolution adding some of your favorite Ansible Playbooks! 🚀🖥️🤖