![Page 1: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/1.jpg)
ABOUT INTRODUCTION ANSIBLE END
Ansible Basics
Oleg Fiksel
Security Consultant @ CSPI GmbH
[email protected] | [email protected]
OpenRheinRuhr 2015
![Page 2: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/2.jpg)
ABOUT INTRODUCTION ANSIBLE END
AGENDAABOUT
INTRODUCTION
Goals of this talkConfiguration management
ANSIBLE
Key PointsAd hoc ApproachPlaybookRun PlaybookIdempotenceFactsHandlersBest practicesSummary
END
Q & ALinks
![Page 3: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/3.jpg)
ABOUT INTRODUCTION ANSIBLE END
ABOUT ME
I Security Consultant at CSPI (former MODCOMP)I Main topics
I AutomationI VirtualisationI Application Switching (load balancing)I Perl Coding
![Page 4: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/4.jpg)
ABOUT INTRODUCTION ANSIBLE END
ABOUT MODCOMP
I Founded in 1976 as MODCOMP Inc.Since 1985 in Germany.
I Main scope: production of minicomputer for real-timeenvironments.Example: NASA Space Shuttle Program.
I Development of real-time operating system Real/IX.I 1990 - 1992 Cray and Bull equip their HPCs with Real/IX.I 1995 New scope: Security Consulting.I 1996 purchased by CSPI.I Since 2015 re-branded as CSPI Germany.
![Page 5: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/5.jpg)
ABOUT INTRODUCTION ANSIBLE END
ABOUT CSPI
I 3 locations world wide: US, DE, UK.I CSPI Germany (Köln) ~90 employees.
I 9 solution centers covering every aspect of IT-Security.I An opportunity to work on big infrastructures with cutting
edge technology.
![Page 6: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/6.jpg)
ABOUT INTRODUCTION ANSIBLE END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Basic theoretical understanding of configurationmanagement.
I Introduction to ansible.I Practical examples using ansible.
![Page 7: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/7.jpg)
ABOUT INTRODUCTION ANSIBLE END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Basic theoretical understanding of configurationmanagement.
I Introduction to ansible.I Practical examples using ansible.
![Page 8: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/8.jpg)
ABOUT INTRODUCTION ANSIBLE END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Basic theoretical understanding of configurationmanagement.
I Introduction to ansible.I Practical examples using ansible.
![Page 9: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/9.jpg)
ABOUT INTRODUCTION ANSIBLE END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Basic theoretical understanding of configurationmanagement.
I Introduction to ansible.
I Practical examples using ansible.
![Page 10: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/10.jpg)
ABOUT INTRODUCTION ANSIBLE END
GOALS OF THIS TALK
I This is not a comparison of configuration managementsystems.
I Basic theoretical understanding of configurationmanagement.
I Introduction to ansible.I Practical examples using ansible.
![Page 11: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/11.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT IS A GOAL OF CONFIGURATION
MANAGEMENT?
Provide easy, repeatable and scalable provisioning andconfiguration management.
![Page 12: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/12.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easy
I configuration is consolidated versioned
I repeatable
I provisioning produces every time the same result
I scalable
I provisioning can be done to any number of machines
![Page 13: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/13.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easy
I configuration is consolidated versioned
I repeatable
I provisioning produces every time the same result
I scalable
I provisioning can be done to any number of machines
![Page 14: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/14.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easyI configuration is consolidated versioned
I repeatable
I provisioning produces every time the same result
I scalable
I provisioning can be done to any number of machines
![Page 15: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/15.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easyI configuration is consolidated versioned
I repeatable
I provisioning produces every time the same result
I scalable
I provisioning can be done to any number of machines
![Page 16: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/16.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easyI configuration is consolidated versioned
I repeatableI provisioning produces every time the same result
I scalable
I provisioning can be done to any number of machines
![Page 17: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/17.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easyI configuration is consolidated versioned
I repeatableI provisioning produces every time the same result
I scalable
I provisioning can be done to any number of machines
![Page 18: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/18.jpg)
ABOUT INTRODUCTION ANSIBLE END
WHAT DOES THIS MEAN?
I easyI configuration is consolidated versioned
I repeatableI provisioning produces every time the same result
I scalableI provisioning can be done to any number of machines
![Page 19: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/19.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)I Simple
I YAML SyntaxI straight forward running scenario
I Agentless
I dependencies for nodeSSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 20: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/20.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)
I Simple
I YAML SyntaxI straight forward running scenario
I Agentless
I dependencies for nodeSSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 21: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/21.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)I Simple
I YAML SyntaxI straight forward running scenario
I Agentless
I dependencies for nodeSSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 22: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/22.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)I Simple
I YAML Syntax
I straight forward running scenario
I Agentless
I dependencies for nodeSSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 23: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/23.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)I Simple
I YAML SyntaxI straight forward running scenario
I Agentless
I dependencies for nodeSSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 24: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/24.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)I Simple
I YAML SyntaxI straight forward running scenario
I Agentless
I dependencies for nodeSSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 25: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/25.jpg)
ABOUT INTRODUCTION ANSIBLE END
ANSIBLE KEY POINTS
I Fresh (started February 2012)I Simple
I YAML SyntaxI straight forward running scenario
I AgentlessI dependencies for node
SSH + ( Python >= 2.5 | Python < 2.5 + python-simplejson)
![Page 26: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/26.jpg)
ABOUT INTRODUCTION ANSIBLE END
USING ANSIBLE AS PSSH
Ansible can be used as pssh.a n s i b l e −i 1 0 . 0 . 0 . 1 , 1 0 . 0 . 0 . 2 , a l l −m command −a ’/ bin/date ’
Run /bin/date on machines 10.0.0.1 and 10.0.0.2.
![Page 27: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/27.jpg)
ABOUT INTRODUCTION ANSIBLE END
USING ANSIBLE AS PSSH
Ansible can be used as pssh.a n s i b l e −i 1 0 . 0 . 0 . 1 , 1 0 . 0 . 0 . 2 , a l l −m command −a ’/ bin/date ’
Run /bin/date on machines 10.0.0.1 and 10.0.0.2.
![Page 28: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/28.jpg)
ABOUT INTRODUCTION ANSIBLE END
PLAYBOOK
Playbooks are YAML.1 ---2 # http://www.withoutthesarcasm.com/ubuntu-motd-landscape/3 − hosts : a l l4 remote_user: root5 t a s k s :6 - name: remove landscape−c l i e n t7 apt: name=landscape−c l i e n t s t a t e =absent purge=yes8 - name: remove landscape−common9 apt: name=landscape−common s t a t e =absent purge=yes
![Page 29: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/29.jpg)
ABOUT INTRODUCTION ANSIBLE END
RUN PLAYBOOK
How to run a Playbook?ans ib le−playbook −i i n v e n t o r y _ f i l e playbook . yml
ans ib le−playbook −i hostname1 , hostname2 , 1 9 2 . 1 6 8 . 0 . 1 0 , playbook . yml
![Page 30: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/30.jpg)
ABOUT INTRODUCTION ANSIBLE END
IDEMPOTENCE
"Idempotence is the property of certain operations in mathematicsand computer science, that can be applied multiple times without
changing the result." 1
Simple: Goal of ansible playbook is to define the desired stateand not script you way to this state.
1Wikipedia Quote
![Page 31: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/31.jpg)
ABOUT INTRODUCTION ANSIBLE END
IDEMPOTENCE
"Idempotence is the property of certain operations in mathematicsand computer science, that can be applied multiple times without
changing the result." 1
Simple: Goal of ansible playbook is to define the desired stateand not script you way to this state.
1Wikipedia Quote
![Page 32: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/32.jpg)
ABOUT INTRODUCTION ANSIBLE END
IDEMPOTENCE
"Idempotence is the property of certain operations in mathematicsand computer science, that can be applied multiple times without
changing the result." 1
Simple: Goal of ansible playbook is to define the desired stateand not script you way to this state.
1Wikipedia Quote
![Page 33: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/33.jpg)
ABOUT INTRODUCTION ANSIBLE END
EXAMPLE 1
1 a n s i b l e −i t e s t−node , a l l −m s h e l l \2 −a ’ echo " 1 9 2 . 1 6 8 . 0 . 1 t e s t−node " >> / e t c /hosts ’
![Page 34: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/34.jpg)
ABOUT INTRODUCTION ANSIBLE END
EXAMPLE 2
1 a n s i b l e −i t e s t−node , a l l −m l i n e i n f i l e \2 −a ’ dest=/ e t c /hosts l i n e =" 1 9 2 . 1 6 8 . 0 . 1 t e s t−node " ’
![Page 35: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/35.jpg)
ABOUT INTRODUCTION ANSIBLE END
EXAMPLE 3
1 ---2 − hosts : a l l3 t a s k s :4 - name: c lean up / e t c /hosts5 l i n e i n f i l e : dest=/ e t c /hosts regexp =192\.168\.0 s t a t e =absent6 - name: add new / e t c /hosts entry7 l i n e i n f i l e : dest=/ e t c /hosts l i n e ="192.168.0.1 test-node"
![Page 36: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/36.jpg)
ABOUT INTRODUCTION ANSIBLE END
FACTS
Facts are fetched from a host and exported as variables, whichcan be used in playbooks.
See all facts for a host:
1 a n s i b l e hostname −m setup2 a n s i b l e − i hostname , a l l −m setup
![Page 37: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/37.jpg)
ABOUT INTRODUCTION ANSIBLE END
FACTS
Facts are fetched from a host and exported as variables, whichcan be used in playbooks.
See all facts for a host:
1 a n s i b l e hostname −m setup2 a n s i b l e − i hostname , a l l −m setup
![Page 38: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/38.jpg)
ABOUT INTRODUCTION ANSIBLE END
EXAMPLE
1 ---2 − hosts : a l l3 t a s k s :4 - name: "shutdown CentOS 6 and 7 systems"5 command: /sbin/shutdown −t now6 when: a n s i b l e _ d i s t r i b u t i o n == "CentOS" and7 ( a n s i b l e _ d i s t r i b u t i o n _ m a j o r _ v e r s i o n == "6"8 or9 a n s i b l e _ d i s t r i b u t i o n _ m a j o r _ v e r s i o n == "7" )
![Page 39: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/39.jpg)
ABOUT INTRODUCTION ANSIBLE END
TURN OFF GATHERING FACTS IN A PLAYBOOK
1 ---2 − hosts : a l l3 g a t h e r _ f a c t s : no4 t a s k s :5 - name: c lean up / e t c /hosts6 l i n e i n f i l e : dest=/ e t c /hosts regexp =192\.168\.0 s t a t e =absent7 - name: add new / e t c /hosts entry8 l i n e i n f i l e : dest=/ e t c /hosts l i n e ="192.168.0.1 test-node"
![Page 40: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/40.jpg)
ABOUT INTRODUCTION ANSIBLE END
HANDLERS
Handlers only run after all of the tasks are run, and they onlyrun once, even if they are notified multiple times. They alwaysrun in the order that they appear in the playbook, not thenotification order.
![Page 41: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/41.jpg)
ABOUT INTRODUCTION ANSIBLE END
EXAMPLE
1 ---2 − hosts : webservers3 handlers :4 - name: r e s t a r t apache5 s e r v i c e : name=httpd s t a t e =reloaded6 t a s k s :7 - name: ensure apache i s a t the l a t e s t vers ion8 yum: name=httpd s t a t e = l a t e s t9 - name: wri te the apache conf ig f i l e
10 template: s r c =/srv/httpd . j 2 dest=/ e t c /httpd . conf11 n o t i f y :12 - r e s t a r t apache13 - name: ensure apache i s running ( and enable i t a t boot )14 s e r v i c e : name=httpd s t a t e = s t a r t e d enabled=yes
![Page 42: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/42.jpg)
ABOUT INTRODUCTION ANSIBLE END
BEST PRACTICES
1 s tage # i n v e n t o r y f i l e f o r s t a g e env i ronment2 production # i n v e n t o r y f i l e f o r p r o d u c t i o n env i ronment34 group_vars/5 group1 # a s s i g n v a r i a b l e s t o p a r t i c u l a r s e r v e r groups6 host_vars/7 hostname1 # s y s t e m s s p e c i f i c v a r i a b l e s89 s i t e . yml # m as t e r p l a y b o o k
10 webservers . yml # p l a y b o o k f o r w e b s e r v e r t i e r1112 r o l e s /13 common/ # t h i s h i e r a r c h y r e p r e s e n t s a " r o l e "14 t a s k s/ #15 main . yml # <−− t a s k s f i l e can i n c l u d e s m a l l e r f i l e s i f warrant ed16 handlers/ #17 main . yml # <−− h a n d l e r s f i l e18 templates/ # <−− f i l e s f o r use with t h e t e m p l a t e r e s o u r c e19 ntp . conf . j 2 # <−−−−−−− t e m p l a t e s end in . j 220 f i l e s / #21 foo . sh # <−− s c r i p t f i l e s f o r use with t h e s c r i p t r e s o u r c e22 vars/ #23 main . yml # <−− v a r i a b l e s a s s o c i a t e d with t h i s r o l e24 d e f a u l t s / #25 main . yml # <−− d e f a u l t l o w e r p r i o r i t y v a r i a b l e s f o r t h i s r o l e26 meta/ #27 main . yml # <−− r o l e d e p e n d e n c i e s2829 monitoring/ # same k ind o f s t r u c t u r e a s "common" r o l e
![Page 43: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/43.jpg)
ABOUT INTRODUCTION ANSIBLE END
SUMMARY
I Try ansible (ad hoc approach)
I Read ansible documentation
I Read other Playbooks
I Think on Playbook Idempotence
I Split big Playbooks into Roles
![Page 44: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/44.jpg)
ABOUT INTRODUCTION ANSIBLE END
Q & A
![Page 45: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/45.jpg)
ABOUT INTRODUCTION ANSIBLE END
Thanks!
![Page 46: Ansible Basics - ORR2017: OpenRheinRuhr 2017 · ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security Consultant @ CSPI GmbH oleg.fiksel@cspi.com | oleg@fiksel.info](https://reader031.vdocuments.us/reader031/viewer/2022021802/5b6467137f8b9a0e428d5570/html5/thumbnails/46.jpg)
ABOUT INTRODUCTION ANSIBLE END
LINKS
I MODCOMP/CSPII MODCOMP HistoryI MODCOMP on Wikipedia
I AnsibleI Ansible docsI Ansible - managed node requirementsI Ansible: Up and Running (ISBN: 9781491915325)