Tuesday, 29 November 2022

Sample OS Patching Ansible Yaml Code

 Sample OS Patching Ansible Yaml Code:

=======================================

---
- name: OS patching of Webservers
hosts: webservers
serial: 2
become: true
tasks:
- name : Stop Httpd Service
service:
name: httpd
state: stopped
when: ansible_distribution == 'CentOS'
- name : Stop Apache2 Service
service:
name: apache2
state: stopped
when: ansible_distribution == 'Ubuntu'
- name : Stop Tomcat Service
service:
name: tomcat
state: stopped
- name : Stop Keycloak Service
service:
name: keycloak
state: stopped
- name: Verify processes are not running
shell: if ps -eaf | egrep 'apache|http|tomcat|keycloak'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
ignore_errors: true
register: result_process_check
- name: Run Backup Script prior OS patch
shell: sh /opt/scripts/backup_prior_os_patch.sh
- name: Centos OS paching
yum:
name: '*'
state: latest
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "RedHat"
- name: Update Ubuntu repositories cache
apt:
update_cache: yes
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "Debian"
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
when: ansible_os_family == "Debian"
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
when: ansible_os_family == "Debian"
- name: Rebooting the servers
reboot:
msg: "Rebooting Servers After Kernel Patching"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
ignore_errors: true

- name: pause for 180 secs
pause:
minutes: 3

Monday, 28 November 2022

Some Usable Adhoc commands

 Some Usable Adhoc commands:

================================


Creating a file on all remote clients

# ansible all –m file –a “path=/home/vishnu/vishnu1 state=touch mode=700”


Deleting a file on all remote clients

# ansible all –m file –a “path=/home/vishnu/vishnu1 state=absent”


Copying a file to remote clients

# ansible all –m copy –a “src=/tmp/vishnu2 dest=/home/vishnu/vishnu2”


Installing package (telnet and httpd-manual)

# ansible all –m yum –a “name=telnet state=present”

# ansible all –m yum –a “name=httpd-manual state=present”. 


Starting httpd package service

# ansible all –m service –a “name=httpd state=started”


Start httpd and enable at boot time

# ansible all –m service –a “name=httpd state=started enabled=yes”


Checking httpd service status on remote client

# ansible all –m shell -a “systemctl status httpd”


Remove httpd package

# ansible all –m yum –a “name=httpd state=absent”

OR

# ansible all –m shell -a “yum remove httpd”.


Creating a user on remote clients

# ansible all –m user –a “name=appu home=/home/appu shell=/bin/bash state=present”


To add a user to a different group

# ansible all –m user –a “name=appu group=vishnu”


Deleting a user on remote clients

# ansible all –m user –a “name=appu home=/home/appu shell=/bin/bash state=absent”

OR

# ansible all –m shell –a “userdel appu”


Getting system information from remote clients

# ansible all –m setup


You can run commands on the remote host without a shell module e.g. reboot client1

# ansible client1 –a “/sbin/reboot”

Saturday, 26 November 2022

Mysql server Installation

 

Mysql server Installation:

- name: Install Mysql server, Create database with remote login
become: yes
hosts: localhost
vars:
Mysql_DB: mysqldb
Mysql_User: mysql_user
Mysql_Pass: Password
tasks:
- name: Mysql Installation
package:
name: "{{item}}"
state: present
update_cache: yes
loop:
- mysql-server
- mysql-client
- python3-mysqldb
- libmysqlclient-dev
become: yes

- name: start and enable mysql service
service:
name: mysql
state: started
enabled: yes

- name: create the user
mysql_user:
name: "{{ Mysql_User }}"
password: "{{ Mysql_Pass }}"
priv: '*.*:ALL'
host: '%'
state: present

- name: creating the database
mysql_db:
name: "{{ Mysql_DB }}"
state: present

- name: Enable remote login to mysql
lineinfile:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
regexp: '^bind-address'
line: 'bind-address = 0.0.0.0'
backup: yes
notify:
- Restart mysql
handlers:
- name: Restart mysql
service:
name: mysql
state: restarted

Some Examples of File Module

 Some Examples of File Module:


---
- name: Check if the file or Direcory exists
hosts: localhost
become: true
any_errors_fatal: true
vars:
directory: "/tmp"

tasks:
- name: Check the status
stat:
path: "{{directory}}"
register: result

- name: Directory Status
debug:
msg: "Directory {{directory}} present"
when: result.stat.isdir is defined and result.stat.isdir ====================================================================================
---
- name: Check if the file exists
hosts: localhost
vars:
file_path: "/tmp/test"
become: true
tasks:
- name: Check the file status
stat:
path: "{{file_path}}"
register: result
- name: File Exists
debug:
msg: "File Exists"
when: result.stat.exists
- name: File don't Exists
debug:
msg: "File don't exists"
when: not result.stat.exists
====================================================================================
---
- name: File Ownership
hosts: localhost
vars:
file_name: "/tmp/a"
become: true
tasks:
- name: Change ownership of file
file:
path: "{{file_name}}"
owner: vishnu
group: vishnu
mode: 0777 =================================================================================
---
- name: Create Symbolic link
hosts: localhost
become: true
vars:
sym_link: "/tmp/test1"
source: "/tmp/test"
tasks:
- name: Symbolic link creation
file:
src: "{{source}}"
dest: "{{sym_link}}"
state: link ==================================================================================
---
- name: Hard Link
hosts: localhost
become: true
vars:
source: "/tmp/a"
destin: "/tmp/b"
tasks:
- name: "Hard Link"
file:
src: "{{source}}"
dest: "{{destin}}"
state: hard =================================================================================

Install Apache on Centos Servers:

 Install Apache on Centos Servers:


---
- name: Install httpd and start the service
hosts: localhost
become: true
tasks:
- name: install http
yum:
name: httpd
state: latest
- name: Copy the configuration file
file:
src: /tmp/httpd.conf
dest: /etc/httpd/httpd.conf
notify:
Restart Apache
- name: Start Apache service
service:
name: httpd
state: started
enabled: true
handlers:
- name: Restart Apache
service:
name: httpd
state: restarted

Basic Postgresql Installtion as a Single Node

 Basic Postgresql Installtion as a Single Node:

---
- name: Install postgres
hosts: localhost
become: true
tasks:
- name: Install postgres
yum:
name:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
- python3-psycopg2
state: present

- name: Postgresql initialized or not
stat:
path: /var/lib/pgsql/data/pg_hba.conf
register: result

- name: InitDB
shell: postgresql-setup initdb
when: not result.stat.exists


- name: Open port for postgresql
firewalld:
service: postgresql
permanent: true
state: enabled
notify:
- Reload firewalld

- name : Start service
service: postgresql
state: started
enabled: true

handlers:
- name: Reload firewalld
service: firewalld
state: reloaded

Postgresql Database Dump and restore Using Ansible

 Postgresql Database Dump and restore Using Ansible




---
- name: Take the backup
hosts: localhost
tasks:
- name: DB backup
postgresql_db:
name: postgres
state: dump
target: /backup/postgresql.sql.gz ================================================================
---
- name: Restore from Dump
hosts: db1
tasks:
- name: Restore DB
postgresl_db:
name: db1
state: restore
target: /tmp/backup.sql.gz
become: true
become_user: postgres

Wednesday, 16 November 2022

Ansible code to update /etc/hosts on remote servers.

 Ansible code to update /etc/hosts on remote servers.


# Update host file
---
- name: Update host file
hosts: localhost
become: true
tasks:
- name: Generate /etc/hosts file
blockinfile:
state: present
dest: /etc/hosts1
content: |
10.1.1.1 demo demo0.linuxgeeknotes.com
10.0.0.0 demo1 demo1.linuxgeeknotes.com
10.2.2.2 demo2 demo2.linuxgeeknotes.com

NFS Server Configuration in Ubuntu using Ansible

 Configure NFS Server
==================


---
- name : NFS Server Installation and Configuration
hosts: localhost
become: yes
vars:
- share : "/linuxgeeknotes/share/"
- fstab_entry: "10.5.0.0/24(rw,sync,root_squash)"
tasks:
- name: Install NFS Server
apt:
name: nfs-kernel-server
state: present
- name: Create Share Directory
file:
path: {{share}}
state: directory
mode: 0777
user: linuxgeeknotes
group: linuxgeeknotes
- name: Updating the export file
lineinfile:
path: /etc/exports
state: present
line: "{{share}} {{fstab_entry}}"
notify: Restart NFS Server

- name: Run Exportfs
command: "exportfs -a"

- name: Open Firewall for NFS Service
ufw:
service: {{item}}
state: enabled
permanent: true
immediate: true
with_items:
- nfs
- mountd
handlers:
- name: Restart NFS Server
service:
name: nfs-kernel-server
state: restarted
enabled: true