Manage OpenBSD hosts using ansible
First steps with ansible
All Ansible commands follow the pattern:
ansible <server_or_group> -m module_name -a arguments
Run ansible test on OpenBSD host (requires python2.7 installed):
ansible all -u sysadmin -i www.echoctf.dev, -m ping -e 'ansible_python_interpreter=/usr/local/bin/python2.7'
Ansible host inventory
Create inventory location:
mkdir ~/work/ansible
touch ~/work/ansible/hosts
touch ~/.ansible.cfg
Open ~/.ansible.cfg
file to specify the inventory location:
[defaults]
inventory = ~/work/ansible/hosts
Create entries in ~.work/ansible/hosts
file:
kerberus.wks.echothrust.dev
mail.echothrust.dev
[webservers]
www.echoctf.dev
support.echothrust.dev
www.echothrust.dev
Creating playbooks
A playbook is a YAML file, and typically follows this structure:
---
- hosts: [target hosts]
remote_user: [yourname]
tasks:
- [task 1]
- [task 2]
For example, the following playbook will create a file on all servers in the webservers
group
---
- hosts: [webservers]
remote_user: sysadmin
tasks:
- name: Create /tmp/somefile.test
command: touch /tmp/somefile.test
become: True
become_method: doas
Relevant post about doas, ansible and env vars
Running playbooks
Assuming you are in the same directory as a playbook file, run:
ansible-playbook myplaybook.yml
If you want to see what hosts this playbook will affect without having to open up the YAML file, you can run:
ansible-playbook myplaybook.yml --list-hosts
If you want to see what tasks will run on a specific host:
ansible-playbook myplaybook.yml -i www.echoctf.dev, --list-tasks
Use the “batteries included”
Ansible ships with a large collection of modules that you can run as tasks or via ad-hoc commands. To see a listing of all available modules, run:
ansible-doc -l
The list is quite large… some interesting modules follow.
Commands:
- command - Executes a command on a remote node
- script - Runs a local script on a remote node after transferring it
- shell - Execute commands in nodes
- raw - Executes a low-down and dirty SSH command
- fetch - Fetches a file from remote nodes
Files:
- copy - Copies files to remote locations
- template - Templates a file out to a remote server
- authorized_key - Add/remove SSH authorized keys
- known_hosts - Add or remove a host from the
known_hosts
file - lineinfile - Ensure a particular line is in a file. Replace existing line using a back-referenced regex
- blockinfile - Insert/update/remove a text block surrounded by marker lines
- replace - Replace all instances of a particular string in a file using a back-referenced regular expression
- ini_file - Tweak settings in INI files
- htpasswd - Manage user files for basic authentication
- stat - Retrieve file or file system status
- unarchive - Unpacks an archive after (optionally) copying it from the local machine
Package management:
- git - Deploy software (or files) from git checkouts
- openbsd_pkg - Manage packages on OpenBSD
- yum - Manages packages with the yum package manager
- apt - Manages apt-packages
Operating system:
- service - Manage services
- system - Manage services
- user - Manage user accounts
- cron - Manage cron.d and crontab entries.
- solaris_zone - Manage Solaris zones
- sysctl - Manage entries in sysctl.conf.
Various:
- mysql_db - Add or remove MySQL databases from a remote host
- mysql_user - Adds or removes a user from a MySQL database
- nagios - Perform common tasks in Nagios related to downtime and notifications
- redis - Various redis commands, slave and flush
- letsencrypt - Create SSL certificates with Let’s Encrypt
- cloudflare_dns - manage Cloudflare DNS records
- digital_ocean - Create/delete a droplet/SSH_key in DigitalOcean
- wakeonlan - Send a magic Wake-on-LAN (WoL) broadcast packet