HomeLab

Create a playbook in Ansible

Byaghanim November 8, 2020January 25, 2022

Table Of Contents

Prerequisite
Generate and send SSH keys to hosts
Add hosts to inventory
Create a playbook
Run the playbook

Prerequisite

Ubuntu 20.04
Ansible installed

Ansible is a great tool to automate IT infrastructure. In my case I use it to manage my Linux hosts. Instead of typing one command on each host, I can send one command to multiple hosts, using something called playbook. Ansible playbook is a set of instructions that you send to run on a single or a group of hosts.

Generate and send SSH keys to hosts

In order for ansible to execute your commands on the host, ansible need to have SSH access without password to the host

Follow this guide to achieve this.

Add hosts to inventory

In order to setup a playbook you first need to setup a hosts file. You can find the hosts file in /etc/ansible. The file is called “hosts”.

You can add ungrouped hosts or a collection of hosts.

# Ungroupd hosts
Host01 ansible_host=192.168.1.100
Host10 ansible_host=192.168.1.110

# Grouped hosts
[Servers01]
Host20 ansible_host=192.168.1.150
Host30 ansible_host=192.168.1.151
Host40 ansible_host=192.168.1.152

Create a playbook

Ansible playbooks uses YAML language. YAML is ident sensitive, so make sure your indents are correct.

Create a YAML config.

sudo vim playbook1.yml

You can send any type of command to your hosts. I send update and upgrade commands to my hosts everyday using crontab. My Playbook looks like this.

---
- hosts: Servers01
  become: true
  become_user: root
  tasks:
    - name: Update apt repo and cache on all Debian/Ubuntu boxes
      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

    - name: Upgrade all packages on servers
      apt: upgrade=dist force_apt_get=yes

We will break down the commands.

hosts: Servers01 – Specify a list of hosts that the instructions will be sent to.

become: true – We’re telling ansible that the instructions we are sending, requires root access to exectue.

become_user:root – We are running the commands as the user root.

tasks: – The tasks initiates the lists of task that is going to be executed. Each task have a unique name using “name”. We use “apt” module to update our hosts, or in other instances, install packages.

Run the playbook

To run your playbook, simply type:

sudo ansible-playbook /etc/ansible/roles/playbook1.yml

And that is all you have to do. You can create a schedule using crontab to run this playbook everyday


0 00 * * * ansible-playbook /etc/ansible/roles/playbook1.yml

There is much more you can do in ansible. I recommend you read the docs.

HomeLab

LXC on Ubuntu 20.04 VM getting IP from DHCP

Byaghanim September 13, 2020January 25, 2022

Follow any guide for setting up bridged network on LXC. Just google it. HOWEVER, if you’ve setup LXC on a VM with bridged network, the hypervisor will BLOCK dhcp requests if you’ve not enabled promiscouse mode on the NIC. In Hyper-V you have to enable mac-spoofing for it to work! Take note! Thank you!

HomeLab

Backup current Windows operating system using Macrium Reflect

Byaghanim November 8, 2020January 25, 2022

Backup gives you a peace of mind! Sometimes backing up your files is enough, but other times, backing up your entire operating system is necessary. If you get a boot error and you have to reinstall your operating system, its easier to restore it from backup with all the programs and settings you had. Rather…

HomeLab

Visualize Snort3 logs in Kibana using Logstash and Elasticsearch

Byaghanim October 8, 2020January 25, 2022

Prerequisite Ubuntu 20.04 with root access Snort 3.0 up and running with community rules Open App ID Elastic Stack up and running In this guide we will visualize Snort3 logs in Kibana. I’ve setup Elastic Stack as an LXC with 300 GB disk space for storing logs. Elasticsearch consumes alot of storage when indexing data….

HomeLab

Backup files to the cloud using Rclone – Windows

Byaghanim June 11, 2021January 25, 2022

Rclone is an amazing tool that is used to manage files on cloud storage. Its fast, easy to use and command line based. You can choose from a wide range of supported providers, such as Amazon Drive, Google Drive, OneDrive, JottaCloud and many more. See the complete list here. https://rclone.org/ In this blogpost I will…

HomeLab

WordPress website will not load CSS when using NGINX as a reverse proxy with SSL

Byaghanim January 16, 2021January 25, 2022

When using NGINX as a reverse proxy with wordpress and having enabled SSL, you will have to force wordpress to forward HTTP to HTTPS. First, setup your wordpress website and NGINX reverse proxy with SSL. You will notice that CSS will not load when you visit your domain, instead of localhost. Add these lins to…

HomeLab

Setting Up a Detection Lab

Byaghanim August 5, 2024September 12, 2024

Table Of ContentsUpdateIntroSetting up ludusSetting up rangesDefault Machine CredentialsTesting the labTest Elastic DefenderTroubleshootingUnreachableAdd trusts between domain Update I was able to upgrade my CPU and motherboard to i9 9900k. 9900k have a passmark above 18000. After upgrading my hardware I destroyed all my ranges and used the config below for Elastic EDR, GOAD and Kali…

Prerequisite

Generate and send SSH keys to hosts

Add hosts to inventory

Create a playbook

Run the playbook

Similar Posts