Skip to content

Ansible

Ansible is an automation platform that can manage multiple technologies, including Linux, Windows, Mac, firewalls, routers, switches, and many more.

Install

 # Ubuntu Install
 $ sudo add-apt-repository --yes --update ppa:ansible/ansible
 $ sudo apt install ansible

 # Mac Install via Python
 $ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
 $ python3 --version
 $ export PATH=$HOME/bin:~/Library/Python/<version>/bin:$PATH
 $ python3 get-pip.py --user
 $ python3 -m pip install --upgrade pip
 $ python3 -m pip install --user ansible
 $ python3 -m pip install --user paramiko
 # Upgrade
 $ python3 -m pip install --upgrade --user ansible

 # Fedora Install
 $ sudo dnf update
 $ sudo dnf install ansible

 # Config/Setup
 # Ubuntu
 $ sudo vim /etc/ansible/ansible.cfg
 # Mac 
 $ vim ~/.ansible.cfg

AWS Cli Install/Setup

 # Ubuntu
 $ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
 $ unzip awscliv2.zip
 # This saves aws creds under root user.
 # Beneficial if you have ansible installed via Linux at /etc/ansible/ 
 $ sudo ./aws/install
 $ sudo aws configure
 # Mac
 $ python3 -m pip install --user awscli

Collections - AWS Example

 # Ubuntu
 $ sudo vim /etc/ansible/ansible.cfg
 collections_paths = /etc/ansible/.ansible/collections/ansible_collections/
 $ sudo ansible-galaxy collection install amazon.aws
 $ cd /etc/ansible/.ansible/collections/ansible_collections/amazon/aws
 # Install Python requirements
 $ sudo apt install python3-pip
 $ sudo -H pip3 install -r requirements.txt
 # Mac
 $ ansible-galaxy collection install amazon.aws
 $ cd ~/.ansible/collections/ansible_collections/amazon/aws
 # Install Python requirements
 $ python3 -m pip install -r requirements.txt

  # Supported parameters include:
  wait, validate_certs, tags (resource_tags), access_key (aws_access_key, aws_access_key_id, ec2_access_key), security_group, profile (aws_profile), endpoint_url (aws_endpoint_url, ec2_url, s3_url), instance_type, vpc_subnet_id (subnet_id), aws_config, placement_group, network, wait_timeout, image, image_id, name, instance_initiated_shutdown_behavior, launch_template, termination_protection, detailed_monitoring, purge_tags, aws_ca_bundle, debug_botocore_endpoint_logs, count, exact_count, ebs_optimized, session_token (access_token, aws_security_token, aws_session_token, security_token), availability_zone, secret_key (aws_secret_access_key, aws_secret_key, ec2_secret_key), cpu_credit_specification, state, hibernation_options, security_groups, aap_callback (tower_callback), user_data, key_name, region (aws_region, ec2_region), filters, cpu_options, instance_ids, iam_instance_profile (instance_role),

 # AWS CLI - May need to use sudo if installed Linux way.
 $ aws ec2 describe-instances --query 'Reservations[].Instances[].[State.Name, InstanceId, ImageId, InstanceType, PublicIpAddress, SubnetId, VpcId,Tags[?Key==`Name`]| [0].Value]' --output table
 $ aws ec2 start-instances --instance-ids i-0000000000000
 $ aws ec2 stop-instances --instance-ids i-0000000000000
 $ aws ec2 terminate-instances --instance-ids i-0000000000000

Vault

 # Ubuntu uses sudo and located at /etc/ansible/
 # Mac doesnt use sudo and located at home directory ~ . 
 # Easy way , just encrypt the vars file
 $ ansible-vault encrypt variables.vault
 # Choose a password. 
 # Example of a variable.vault
 ip_address: 'iphere'
 api_key: 'apikeyhere'
 # Make sure Playbook references vars
 # Can reference in ansible.cfg if using just one vault.
 vars_files:
   - ~/ansible/vault/variables.vault
 # vars being referenced stored in ansible vault, example
 vars:
   - ip_address: '{{ ip_address }}'
   - api_key: '{{ api_key }}'
 # Need to edit the vault, no probs
 $ ansible-vault edit variables.vault
 # How to decrypt vault and use with a playbook.
 $ ansible-playbook -l firewall panos_facts.yml --ask-vault-pass

Decyphertek Ansible

 # Ubuntu
 # mac no sudo and run from home directory
 $ cd /etc/ 
 $ sudo rm -rf ansible
 $ sudo git clone https://github.com/decyphertek-io/ansible.git
 $ cd ansible/config
 $ sudo cp ansible.cfg /etc/ansible/
 # Run git fetch to recieve the newest updates to the repo. 
 $ cd /etc/ansible
 $ sudo git fetch

Version Control

 # Clone your branch of ansible
 # https://your-git
 # Ex: Your branch name will differ
 $ git clone https://your.git
 $ cd ansible
 # EX: Checkout you branch - Yours will be different
 $ git checkout ansible
 $ git status
 $ git add .
 $ git commit -m "Add a comment"
 $ git push
 # The git push command will create a pull request link, visit the link and create the pull request to be approved and merged.
 # Can also setup ssh git instead of using a password , see reference doc below.
 # Can push git changes in desktop gui via VsCodium
 $ sudo snap install codium

General guidance

 # AWS Cli Command via playbook
 # Aws uses the default profile, add AWS_PROFILE=profilename before ansible-playbook command to use another.  
 $ sudo ansible-playbook aws-gather-info.yaml
 # AWS Module Playbook
 $ sudo ansible-playbook aws-ec2-launch.yml
 # Run a basic playbook command
 $ sudo ansible-playbook -l test_server playbook.yaml
 # How to use Vault:( See Vault instructions for more details ) 
 $ sudo ansible-playbook -l test_server playbook.yml --ask-vault-pass 
 # How to run Windows Playbooks
 $ sudo ansible-playbook -l windows template.yml --ask-vault-pass
 # Modify the ansible.cfg to point to your right directories
 $ sudo vim ~/.ansible.cfg
 # Modify the hosts 
 $ sudo vim ~/ansible/inventory/hosts
 # have to setup ~.aws/config & ~.aws/credentials
 $ sudo aws configure

Docs

 $ ansible-doc --version
 $ ansible-doc -h
 # Module info:
 $ ansible-doc <module name> >>> Example
 $ ansible-doc copy
 # Plugin info:
 $ ansible-doc --type <plugin type>  >>> Example
 $ ansible-doc -t connection -s ssh

References

 https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
 https://docs.ansible.com/ansible/latest/cli/ansible-doc.html
 https://docs.ansible.com/ansible/latest/cli/ansible-vault.html
 https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/
 https://docs.ansible.com/ansible/latest/collections/amazon/aws/
 https://docs.ansible.com/ansible/latest/collections/amazon/aws/docsite/guide_aws.html#ansible-collections-amazon-aws-docsite-aws-intro
 https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key.html